From 4acf495f41d2c26136e99072293ca8b9bff91dc0 Mon Sep 17 00:00:00 2001
From: Omar Polo <op@omarpolo.com>
Date: Mon, 24 Jul 2023 09:05:33 +0000
Subject: [PATCH] open the log files inside the chroot

---
 gmid.c      | 12 +++++++++++-
 gmid.conf.5 |  2 ++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/gmid.c b/gmid.c
index d8f4e76..cc186d5 100644
--- a/gmid.c
+++ b/gmid.c
@@ -322,16 +322,26 @@ static int
 main_send_logfd(struct conf *conf)
 {
 	struct privsep	*ps = conf->ps;
-	int		 fd = -1;
+	char		 path[PATH_MAX];
+	int		 r, fd = -1;
 
 	if (debug)
 		return 0;
 
 	if (conf->log_access) {
+		r = snprintf(path, sizeof(path), "%s%s%s", conf->chroot,
+		    *conf->chroot == '\0' ? "" : "/", conf->log_access);
+		if (r < 0 || (size_t)r >= sizeof(path)) {
+			log_warnx("path too long: %s", conf->log_access);
+			goto done;
+		}
+
 		fd = open(conf->log_access, O_WRONLY|O_CREAT|O_APPEND, 0600);
 		if (fd == -1)
 			log_warn("can't open %s", conf->log_access);
 	}
+
+ done:
 	if (proc_compose_imsg(ps, PROC_LOGGER, -1, IMSG_LOG_TYPE, -1, fd,
 	    NULL, 0) == -1)
 		return -1;
diff --git a/gmid.conf.5 b/gmid.conf.5
index dda781c..2dd80b3 100644
--- a/gmid.conf.5
+++ b/gmid.conf.5
@@ -140,6 +140,8 @@ This is the default behaviour.
 .It Ic access Ar file
 Log the requests to
 .Ar file .
+The path is relative to the
+.Ic chroot .
 .El
 .It Ic prefork Ar number
 Run the specified number of server processes.