open the log files inside the chroot

2023-07-24 09:05:33 +00:00 · 2023-07-24 09:05:33 +00:00 · 4acf495f41
parent 3bda540e34
commit 4acf495f41
2 changed files with 13 additions and 1 deletions
--- a/gmid.c
+++ b/gmid.c
@ -322,16 +322,26 @@ static int
 main_send_logfd(struct conf *conf)
 {
 	struct privsep	*ps = conf->ps;
-	int		 fd = -1;
+	char		 path[PATH_MAX];
+	int		 r, fd = -1;

 	if (debug)
 		return 0;

 	if (conf->log_access) {
+		r = snprintf(path, sizeof(path), "%s%s%s", conf->chroot,
+		    *conf->chroot == '\0' ? "" : "/", conf->log_access);
+		if (r < 0 || (size_t)r >= sizeof(path)) {
+			log_warnx("path too long: %s", conf->log_access);
+			goto done;
+		}
+
 		fd = open(conf->log_access, O_WRONLY|O_CREAT|O_APPEND, 0600);
 		if (fd == -1)
 			log_warn("can't open %s", conf->log_access);
 	}
+
+ done:
 	if (proc_compose_imsg(ps, PROC_LOGGER, -1, IMSG_LOG_TYPE, -1, fd,
 	    NULL, 0) == -1)
 		return -1;
--- a/gmid.conf.5
+++ b/gmid.conf.5
@ -140,6 +140,8 @@ This is the default behaviour.
 .It Ic access Ar file
 Log the requests to
 .Ar file .
+The path is relative to the
+.Ic chroot .
 .El
 .It Ic prefork Ar number
 Run the specified number of server processes.