Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Moved the chdir() call within enter_chroot_jail() down below the new repo name canonicalization code to allow use of relative path names. Before, you had to give an absolute path to the repo, since we'd cd'd away from that directory before we started to validate the path. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
e94621186f71c5f6aac52ca50b59d5c1 |
| User & Date: | wyoung 2022-08-13 22:15:42 |
Context
|
2022-08-13
| ||
| 23:39 | Using the preceding --chroot fixes to make the Docker container serve the repo from /jail/museum/repo.fossil rather than from the chroot dir, /jail. This then allows us to mount a Docker volume at /jail/museum, which has an independent persistence from the container proper, so we can now rebuild the container without destroying the presumably precious repo. Updated build.wiki to track this change and document the lessons gleaned from doing all of this. ... (check-in: f76e762f user: wyoung tags: trunk) | |
| 22:15 | Moved the chdir() call within enter_chroot_jail() down below the new repo name canonicalization code to allow use of relative path names. Before, you had to give an absolute path to the repo, since we'd cd'd away from that directory before we started to validate the path. ... (check-in: e9462118 user: wyoung tags: trunk) | |
| 22:14 | Moved the setting of g.fJail flag into the repo = "/" case since it exists only to communicate the chroot status to --repolist mode. (This confirms the speculation in the prior commit's comment: the prior behavior existed to serve repolist mode only.) ... (check-in: 324d232c user: wyoung tags: trunk) | |
Changes
Changes to src/main.c.
| ︙ | ︙ | |||
1497 1498 1499 1500 1501 1502 1503 |
db_close(1);
}
file_canonical_name(zRepo, &dir, 0);
zDir = blob_str(&dir);
if( !noJail ){
if( file_isdir(zDir, ExtFILE)==1 ){
| < < < > > > | 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 |
db_close(1);
}
file_canonical_name(zRepo, &dir, 0);
zDir = blob_str(&dir);
if( !noJail ){
if( file_isdir(zDir, ExtFILE)==1 ){
if( g.zRepositoryName ){
size_t n = strlen(zDir);
Blob repo;
file_canonical_name(g.zRepositoryName, &repo, 0);
zRepo = blob_str(&repo);
if( strncmp(zRepo, zDir, n)!=0 ){
fossil_fatal("repo %s not under chroot dir %s", zRepo, zDir);
}
zRepo += n;
if( *zRepo == '\0' ) zRepo = "/";
}else {
zRepo = "/";
g.fJail = 1;
}
if( file_chdir(zDir, 1) ){
fossil_panic("unable to chroot into %s", zDir);
}
}else{
for(i=strlen(zDir)-1; i>0 && zDir[i]!='/'; i--){}
if( zDir[i]!='/' ) fossil_fatal("bad repository name: %s", zRepo);
if( i>0 ){
zDir[i] = 0;
if( file_chdir(zDir, 1) ){
fossil_fatal("unable to chroot into %s", zDir);
|
| ︙ | ︙ |