Add the --chdir option

Author: otargowski

doc/sio2jail.1.scd

@@ -31,6 +31,9 @@ of the hardware sio2jail runs on.
 	Write the execution report to file descriptor _fd_,
 	instead of stderr.
 
+*-c* _dir_, *--chdir* _dir_
+	Change the working directory to _dir_ before running the program.
+
 *-s, --stderr*
 	Pass stderr from the sandboxed program,
 	instead of redirecting it to stderr.

src/executor/Executor.cc

@@ -39,9 +39,11 @@ namespace executor {
 Executor::Executor(
         std::string childProgramName,
         std::vector<std::string> childProgramArgv,
+        std::string childProgramWorkingDir,
         bool supportThreads)
         : childProgramName_(std::move(childProgramName))
         , childProgramArgv_(std::move(childProgramArgv))
+        , childProgramWorkingDir_(std::move(childProgramWorkingDir))
         , childPid_(0)
         , supportThreads_{supportThreads} {}
 
@@ -68,6 +70,14 @@ void Executor::executeChild() {
         listener->onPostForkChild();
     }
 
+    // "" is the default value
+    if (!childProgramWorkingDir_.empty()) {
+        withErrnoCheck(
+                "chdir to " + childProgramWorkingDir_,
+                chdir,
+                childProgramWorkingDir_.c_str());
+    }
+
     // Create plain C arrays with program arguments
     char* programName = stringToCStr(childProgramName_);
     char** programArgv = new char*[childProgramArgv_.size() + 2];

src/executor/Executor.h

@@ -20,6 +20,7 @@ class Executor
     Executor(
             std::string childProgramName,
             std::vector<std::string> childProgramArgv,
+            std::string childProgramWorkingDir,
             bool supportThreads = false);
 
     template<typename ProgramNameType>
@@ -45,6 +46,7 @@ class Executor
 
     std::string childProgramName_;
     std::vector<std::string> childProgramArgv_;
+    std::string childProgramWorkingDir_;
 
     pid_t childPid_;
     const bool supportThreads_;

src/s2japp/Application.cc

@@ -70,6 +70,7 @@ Application::ExitCode Application::handleRun() {
     auto executor = std::make_shared<s2j::executor::Executor>(
             settings_.programName,
             settings_.programArgv,
+            settings_.programWorkingDir,
             settings_.threadsLimit >= 0);
 
     auto traceExecutor = createListener<tracer::TraceExecutor>();

src/s2japp/ApplicationSettings.cc

@@ -302,6 +302,15 @@ ApplicationSettings::ApplicationSettings(int argc, const char* argv[])
                 cmd,
                 false);
 
+        TCLAP::ValueArg<std::string> argProgramWorkingDir(
+                "c",
+                "chdir",
+                "Where to chdir to before running the program",
+                false,
+                "",
+                "dir",
+                cmd);
+
         TCLAP::ValueArg<std::string> argLoggerPath(
                 "l",
                 "log",
@@ -365,6 +374,7 @@ ApplicationSettings::ApplicationSettings(int argc, const char* argv[])
 
         programName = argProgramName.getValue();
         programArgv = argProgramArgv.getValue();
+        programWorkingDir = argProgramWorkingDir.getValue();
 
         outputBuilderFactory = argOutputFormat.getValue().getFactory();
         syscallPolicyFactory = argSyscallPolicy.getValue().getFactory();

src/s2japp/ApplicationSettings.h

@@ -54,6 +54,7 @@ struct ApplicationSettings : public ns::MountNamespaceListener::Settings {
 
     std::string programName;
     std::vector<std::string> programArgv;
+    std::string programWorkingDir;
 
     Factory<s2j::printer::OutputBuilder> outputBuilderFactory;
     Factory<s2j::seccomp::policy::BaseSyscallPolicy> syscallPolicyFactory;