daemon: fix directory outside current root when executing commands

When executing a command, we temporarily chroot, fork and exec the
command, then chroot back. We intentionally don't chdir in the parent
process so that we can 'jailbreak' the chroot later. However, this has
the effect that commands are executed with a current working directory
which is outside the current root.  This unusual state can cause
errors in executed commands which don't anticipate it.

This change does a chdir("/") before executing and command. This
happens inside the fork, so the jailbreak isn't affected in the
parent.

.gitignore

@@ -404,6 +404,7 @@ Makefile.in
 /tests/c-api/test-last-errno
 /tests/c-api/test.log
 /tests/c-api/test-private-data
+/tests/c-api/test-pwd
 /tests/c-api/tests
 /tests/c-api/tests.c
 /tests/c-api/test*.tmp

daemon/guestfsd.c

@@ -851,6 +851,8 @@ commandrvf (char **stdoutput, char **stderror, int flags,
     close (so_fd[1]);
     close (se_fd[1]);
 
+    ignore_value (chdir ("/"));
+
     execvp (argv[0], (void *) argv);
     perror (argv[0]);
     _exit (EXIT_FAILURE);

generator/actions.ml

@@ -3687,7 +3687,12 @@ C<guestfs_is_file>, C<guestfs_is_blockdev> (etc), C<guestfs_is_zero>." };
         [["mkdir"; "/command12"];
          ["upload"; "test-command"; "/command12/test-command"];
          ["chmod"; "0o755"; "/command12/test-command"];
-         ["command"; "/command12/test-command"]])
+         ["command"; "/command12/test-command"]]);
+      InitScratchFS, Always, TestOutput (
+        [["mkdir"; "/pwd"];
+         ["upload"; "test-pwd"; "/pwd/test-pwd"];
+         ["chmod"; "0o755"; "/pwd/test-pwd"];
+         ["command"; "/pwd/test-pwd"]], "/");
     ];
     shortdesc = "run a command from the guest filesystem";
     longdesc = "\

tests/c-api/Makefile.am

@@ -34,7 +34,8 @@ check_PROGRAMS = \
 	test-private-data \
 	test-user-cancel \
 	test-debug-to-file \
-	test-environment
+	test-environment \
+	test-pwd
 
 TESTS = \
 	tests \
@@ -63,6 +64,7 @@ EXTRA_DIST += test-add-libvirt-dom.c
 TESTS_ENVIRONMENT = \
 	SKIP_TEST_COMMAND=$(shell ldd test-command | grep -sq 'not a dynamic executable' || echo 1) \
 	SKIP_TEST_COMMAND_LINES=$(shell ldd test-command | grep -sq 'not a dynamic executable' || echo 1) \
+	SKIP_TEST_COMMAND=$(shell ldd test-pwd | grep -sq 'not a dynamic executable' || echo 1) \
 	$(top_builddir)/run --test $(VG)
 
 #SKIP_TEST_CHECKSUM_8=$(shell if test `find ../initramfs -name squashfs.ko | wc -l` -eq 0; then echo 1; fi)
@@ -80,6 +82,9 @@ tests_LDADD = $(top_builddir)/src/libguestfs.la
 test_command_SOURCES = test-command.c
 test_command_LDFLAGS = -all-static
 
+test_pwd_SOURCES = test-pwd.c
+test_pwd_LDFLAGS = -all-static
+
 # Hand-written C API tests.
 
 test_just_header_SOURCES = test-just-header.c

tests/c-api/test-pwd.c

@@ -0,0 +1,35 @@
+/* libguestfs
+ * Copyright (C) 2012 Red Hat Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+/* This program, which must be statically linked, is used to test the
+ * guestfs_command and guestfs_command_lines functions.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+int
+main (int argc, char *argv[])
+{
+  char *cwd = get_current_dir_name();
+  printf("%s", cwd);
+
+  exit (EXIT_SUCCESS);
+}