2 * Copyright (C) 2015 John Crispin <blogic@openwrt.org>
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU Lesser General Public License version 2.1
6 * as published by the Free Software Foundation
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
15 #include <sys/mount.h>
16 #include <sys/prctl.h>
18 #include <sys/types.h>
30 #include <linux/limits.h>
33 #include "capabilities.h"
39 #include <libubox/uloop.h>
42 #define STACK_SIZE (1024 * 1024)
43 #define OPT_ARGS "S:C:n:h:r:w:d:psulocU:G:NR:fFO:T:Ey"
69 extern int pivot_root(const char *new_root, const char *put_old);
73 static char child_stack[STACK_SIZE];
77 static int mkdir_p(char *dir, mode_t mask)
79 char *l = strrchr(dir, '/');
87 if (mkdir_p(dir, mask))
92 ret = mkdir(dir, mask);
93 if (ret && errno == EEXIST)
97 ERROR("mkdir(%s, %d) failed: %m\n", dir, mask);
102 static int _mount_bind(const char *root, const char *path, const char *target, int readonly, int strict, int error)
107 int remount_flags = MS_BIND | MS_REMOUNT;
109 if (stat(path, &s)) {
110 ERROR("stat(%s) failed: %m\n", path);
114 snprintf(new, sizeof(new), "%s%s", root, target?target:path);
116 if (S_ISDIR(s.st_mode)) {
119 mkdir_p(dirname(new), 0755);
120 snprintf(new, sizeof(new), "%s%s", root, target?target:path);
121 fd = creat(new, 0644);
123 ERROR("creat(%s) failed: %m\n", new);
129 if (mount(path, new, NULL, MS_BIND, NULL)) {
130 ERROR("failed to mount -B %s %s: %m\n", path, new);
135 remount_flags |= MS_RDONLY;
138 remount_flags |= MS_NOEXEC | MS_NOSUID | MS_NODEV;
140 if ((strict || readonly) && mount(NULL, new, NULL, remount_flags, NULL)) {
141 ERROR("failed to remount (%s%s%s) %s: %m\n", readonly?"ro":"rw",
142 (readonly && strict)?", ":"", strict?"strict":"", new);
146 DEBUG("mount -B %s %s (%s%s%s)\n", path, new,
147 readonly?"ro":"rw", (readonly && strict)?", ":"", strict?"strict":"");
152 int mount_bind(const char *root, const char *path, int readonly, int error) {
153 return _mount_bind(root, path, NULL, readonly, 0, error);
156 static int mount_overlay(char *jail_root, char *overlaydir) {
157 char *upperdir, *workdir, *optsstr;
158 const char mountoptsformat[] = "lowerdir=%s,upperdir=%s,workdir=%s";
161 if (asprintf(&upperdir, "%s%s", overlaydir, "/upper") < 0)
164 if (asprintf(&workdir, "%s%s", overlaydir, "/work") < 0)
167 if (asprintf(&optsstr, mountoptsformat, jail_root, upperdir, workdir) < 0)
170 if (mkdir_p(upperdir, 0755) || mkdir_p(workdir, 0755))
173 DEBUG("mount -t overlay %s %s (%s)\n", jail_root, jail_root, optsstr);
175 if (mount(jail_root, jail_root, "overlay", MS_NOATIME, optsstr))
190 static void pass_console(int console_fd)
192 struct ubus_context *ctx = ubus_connect(NULL);
193 static struct blob_buf req;
199 blob_buf_init(&req, 0);
200 blobmsg_add_string(&req, "name", opts.name);
202 if (ubus_lookup_id(ctx, "service", &id) ||
203 ubus_invoke_fd(ctx, id, "console_set", req.head, NULL, NULL, 3000, console_fd))
204 INFO("ubus request failed\n");
212 static int create_dev_console(const char *jail_root)
215 char dev_console_path[PATH_MAX];
216 int slave_console_fd;
218 /* Open UNIX/98 virtual console */
219 console_fd = posix_openpt(O_RDWR | O_NOCTTY);
220 if (console_fd == -1)
223 console_fname = ptsname(console_fd);
224 DEBUG("got console fd %d and PTS client name %s\n", console_fd, console_fname);
229 unlockpt(console_fd);
231 /* pass PTY master to procd */
232 pass_console(console_fd);
234 /* mount-bind PTY slave to /dev/console in jail */
235 snprintf(dev_console_path, sizeof(dev_console_path), "%s/dev/console", jail_root);
236 close(creat(dev_console_path, 0620));
238 if (mount(console_fname, dev_console_path, NULL, MS_BIND, NULL))
241 /* use PTY slave for stdio */
242 slave_console_fd = open(console_fname, O_RDWR); /* | O_NOCTTY */
243 dup2(slave_console_fd, 0);
244 dup2(slave_console_fd, 1);
245 dup2(slave_console_fd, 2);
246 close(slave_console_fd);
248 INFO("using guest console %s\n", console_fname);
257 static int build_jail_fs(void)
259 char jail_root[] = "/tmp/ujail-XXXXXX";
260 char tmpovdir[] = "/tmp/ujail-overlay-XXXXXX";
261 char tmpdevdir[] = "/tmp/ujail-XXXXXX/dev";
262 char tmpdevptsdir[] = "/tmp/ujail-XXXXXX/dev/pts";
263 char *overlaydir = NULL;
265 if (mkdtemp(jail_root) == NULL) {
266 ERROR("mkdtemp(%s) failed: %m\n", jail_root);
270 /* oldroot can't be MS_SHARED else pivot_root() fails */
271 if (mount("none", "/", NULL, MS_REC|MS_PRIVATE, NULL)) {
272 ERROR("private mount failed %m\n");
277 if (mount(opts.extroot, jail_root, NULL, MS_BIND, NULL)) {
278 ERROR("extroot mount failed %m\n");
282 if (mount("tmpfs", jail_root, "tmpfs", MS_NOATIME, "mode=0755")) {
283 ERROR("tmpfs mount failed %m\n");
288 if (opts.tmpoverlaysize) {
289 char mountoptsstr[] = "mode=0755,size=XXXXXXXX";
291 snprintf(mountoptsstr, sizeof(mountoptsstr),
292 "mode=0755,size=%s", opts.tmpoverlaysize);
293 if (mkdtemp(tmpovdir) == NULL) {
294 ERROR("mkdtemp(%s) failed: %m\n", jail_root);
297 if (mount("tmpfs", tmpovdir, "tmpfs", MS_NOATIME,
299 ERROR("failed to mount tmpfs for overlay (size=%s)\n", opts.tmpoverlaysize);
302 overlaydir = tmpovdir;
306 overlaydir = opts.overlaydir;
309 mount_overlay(jail_root, overlaydir);
311 if (chdir(jail_root)) {
312 ERROR("chdir(%s) (jail_root) failed: %m\n", jail_root);
316 snprintf(tmpdevdir, sizeof(tmpdevdir), "%s/dev", jail_root);
317 mkdir_p(tmpdevdir, 0755);
318 if (mount(NULL, tmpdevdir, "tmpfs", MS_NOATIME | MS_NOEXEC | MS_NOSUID, "size=1M"))
321 snprintf(tmpdevptsdir, sizeof(tmpdevptsdir), "%s/dev/pts", jail_root);
322 mkdir_p(tmpdevptsdir, 0755);
323 if (mount(NULL, tmpdevptsdir, "devpts", MS_NOATIME | MS_NOEXEC | MS_NOSUID, NULL))
327 create_dev_console(jail_root);
329 if (mount_all(jail_root)) {
330 ERROR("mount_all() failed\n");
334 if (opts.namespace & CLONE_NEWNET) {
335 char hostdir[PATH_MAX], jailetc[PATH_MAX], jaillink[PATH_MAX];
337 snprintf(hostdir, PATH_MAX, "/tmp/resolv.conf-%s.d", opts.name);
338 mkdir_p(hostdir, 0755);
339 _mount_bind(jail_root, hostdir, "/tmp/resolv.conf.d", 1, 1, -1);
340 snprintf(jailetc, PATH_MAX, "%s/etc", jail_root);
341 mkdir_p(jailetc, 0755);
342 snprintf(jaillink, PATH_MAX, "%s/etc/resolv.conf", jail_root);
345 symlink("../tmp/resolv.conf.d/resolv.conf.auto", jaillink);
348 char dirbuf[sizeof(jail_root) + 4];
349 snprintf(dirbuf, sizeof(dirbuf), "%s/old", jail_root);
352 if (pivot_root(jail_root, dirbuf) == -1) {
353 ERROR("pivot_root(%s, %s) failed: %m\n", jail_root, dirbuf);
357 ERROR("chdir(/) (after pivot_root) failed: %m\n");
361 snprintf(dirbuf, sizeof(dirbuf), "/old%s", jail_root);
362 umount2(dirbuf, MNT_DETACH);
364 if (opts.tmpoverlaysize) {
365 char tmpdirbuf[sizeof(tmpovdir) + 4];
366 snprintf(tmpdirbuf, sizeof(tmpdirbuf), "/old%s", tmpovdir);
367 umount2(tmpdirbuf, MNT_DETACH);
371 umount2("/old", MNT_DETACH);
375 mkdir("/proc", 0755);
376 mount("proc", "/proc", "proc", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID, 0);
378 * make /proc/sys read-only while keeping read-write to
379 * /proc/sys/net if CLONE_NEWNET is set.
381 if (opts.namespace & CLONE_NEWNET)
382 mount("/proc/sys/net", "/proc/self/net", NULL, MS_BIND, 0);
384 mount("/proc/sys", "/proc/sys", NULL, MS_BIND, 0);
385 mount(NULL, "/proc/sys", NULL, MS_REMOUNT | MS_RDONLY, 0);
386 mount(NULL, "/proc", NULL, MS_REMOUNT, 0);
388 if (opts.namespace & CLONE_NEWNET)
389 mount("/proc/self/net", "/proc/sys/net", NULL, MS_MOVE, 0);
393 mount("sysfs", "/sys", "sysfs", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID | MS_RDONLY, 0);
396 mount(NULL, "/", NULL, MS_RDONLY | MS_REMOUNT, 0);
401 static int write_uid_gid_map(pid_t child_pid, bool gidmap, int id)
405 const char *map_format = "%d %d %d\n";
406 if (snprintf(map_path, sizeof(map_path), "/proc/%d/%s",
407 child_pid, gidmap?"gid_map":"uid_map") < 0)
410 if ((map_file = open(map_path, O_WRONLY)) == -1)
413 if (dprintf(map_file, map_format, 0, id, 1) == -1) {
422 static int write_setgroups(pid_t child_pid, bool allow)
425 char setgroups_path[64];
427 if (snprintf(setgroups_path, sizeof(setgroups_path), "/proc/%d/setgroups",
432 if ((setgroups_file = open(setgroups_path, O_WRONLY)) == -1) {
436 if (dprintf(setgroups_file, allow?"allow":"deny") == -1) {
437 close(setgroups_file);
441 close(setgroups_file);
445 static void get_jail_user(int *user, int *user_gid, int *gr_gid)
447 struct passwd *p = NULL;
448 struct group *g = NULL;
451 p = getpwnam(opts.user);
453 ERROR("failed to get uid/gid for user %s: %d (%s)\n",
454 opts.user, errno, strerror(errno));
458 *user_gid = p->pw_gid;
465 g = getgrnam(opts.group);
467 ERROR("failed to get gid for group %s: %m\n", opts.group);
476 static void set_jail_user(int pw_uid, int user_gid, int gr_gid)
478 if ((user_gid != -1) && initgroups(opts.user, user_gid)) {
479 ERROR("failed to initgroups() for user %s: %m\n", opts.user);
483 if ((gr_gid != -1) && setregid(gr_gid, gr_gid)) {
484 ERROR("failed to set group id %d: %m\n", gr_gid);
488 if ((pw_uid != -1) && setreuid(pw_uid, pw_uid)) {
489 ERROR("failed to set user id %d: %m\n", pw_uid);
495 static char** build_envp(const char *seccomp)
497 static char *envp[MAX_ENVP];
498 static char preload_var[PATH_MAX];
499 static char seccomp_var[PATH_MAX];
500 static char debug_var[] = "LD_DEBUG=all";
501 static char container_var[] = "container=ujail";
502 const char *preload_lib = find_lib("libpreload-seccomp.so");
505 if (seccomp && !preload_lib) {
506 ERROR("failed to add preload-lib to env\n");
510 snprintf(seccomp_var, sizeof(seccomp_var), "SECCOMP_FILE=%s", seccomp);
511 envp[count++] = seccomp_var;
512 snprintf(preload_var, sizeof(preload_var), "LD_PRELOAD=%s", preload_lib);
513 envp[count++] = preload_var;
516 envp[count++] = container_var;
519 envp[count++] = debug_var;
524 static void usage(void)
526 fprintf(stderr, "ujail <options> -- <binary> <params ...>\n");
527 fprintf(stderr, " -d <num>\tshow debug log (increase num to increase verbosity)\n");
528 fprintf(stderr, " -S <file>\tseccomp filter config\n");
529 fprintf(stderr, " -C <file>\tcapabilities drop config\n");
530 fprintf(stderr, " -c\t\tset PR_SET_NO_NEW_PRIVS\n");
531 fprintf(stderr, " -n <name>\tthe name of the jail\n");
532 fprintf(stderr, "namespace jail options:\n");
533 fprintf(stderr, " -h <hostname>\tchange the hostname of the jail\n");
534 fprintf(stderr, " -N\t\tjail has network namespace\n");
535 fprintf(stderr, " -f\t\tjail has user namespace\n");
536 fprintf(stderr, " -F\t\tjail has cgroups namespace\n");
537 fprintf(stderr, " -r <file>\treadonly files that should be staged\n");
538 fprintf(stderr, " -w <file>\twriteable files that should be staged\n");
539 fprintf(stderr, " -p\t\tjail has /proc\n");
540 fprintf(stderr, " -s\t\tjail has /sys\n");
541 fprintf(stderr, " -l\t\tjail has /dev/log\n");
542 fprintf(stderr, " -u\t\tjail has a ubus socket\n");
543 fprintf(stderr, " -U <name>\tuser to run jailed process\n");
544 fprintf(stderr, " -G <name>\tgroup to run jailed process\n");
545 fprintf(stderr, " -o\t\tremont jail root (/) read only\n");
546 fprintf(stderr, " -R <dir>\texternal jail rootfs (system container)\n");
547 fprintf(stderr, " -O <dir>\tdirectory for r/w overlayfs\n");
548 fprintf(stderr, " -T <size>\tuse tmpfs r/w overlayfs with <size>\n");
549 fprintf(stderr, " -E\t\tfail if jail cannot be setup\n");
550 fprintf(stderr, " -y\t\tprovide jail console\n");
551 fprintf(stderr, "\nWarning: by default root inside the jail is the same\n\
552 and he has the same powers as root outside the jail,\n\
553 thus he can escape the jail and/or break stuff.\n\
554 Please use seccomp/capabilities (-S/-C) to restrict his powers\n\n\
555 If you use none of the namespace jail options,\n\
556 ujail will not use namespace/build a jail,\n\
557 and will only drop capabilities/apply seccomp filter.\n\n");
560 static int exec_jail(void *pipes_ptr)
562 int *pipes = (int*)pipes_ptr;
564 int pw_uid, pw_gid, gr_gid;
570 if (write(pipes[1], buf, 1) < 1) {
571 ERROR("can't write to parent\n");
574 if (read(pipes[2], buf, 1) < 1) {
575 ERROR("can't read from parent\n");
579 ERROR("parent had an error, child exiting\n");
586 if (opts.namespace & CLONE_NEWUSER) {
595 // if (setgroups(0, NULL) < 0) {
596 // ERROR("setgroups\n");
597 // exit(EXIT_FAILURE);
601 if (opts.namespace && opts.hostname && strlen(opts.hostname) > 0
602 && sethostname(opts.hostname, strlen(opts.hostname))) {
603 ERROR("sethostname(%s) failed: %m\n", opts.hostname);
607 if ((opts.namespace & CLONE_NEWNS) && build_jail_fs()) {
608 ERROR("failed to build jail fs\n");
612 if (opts.capabilities && drop_capabilities(opts.capabilities))
615 if (opts.no_new_privs && prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
616 ERROR("prctl(PR_SET_NO_NEW_PRIVS) failed: %m\n");
620 if (!(opts.namespace & CLONE_NEWUSER)) {
621 get_jail_user(&pw_uid, &pw_gid, &gr_gid);
622 set_jail_user(pw_uid, pw_gid, gr_gid);
625 char **envp = build_envp(opts.seccomp);
629 INFO("exec-ing %s\n", *opts.jail_argv);
630 execve(*opts.jail_argv, opts.jail_argv, envp);
631 /* we get there only if execve fails */
632 ERROR("failed to execve %s: %m\n", *opts.jail_argv);
636 static int jail_running = 1;
637 static int jail_return_code = 0;
639 static void jail_process_timeout_cb(struct uloop_timeout *t);
640 static struct uloop_timeout jail_process_timeout = {
641 .cb = jail_process_timeout_cb,
644 static void jail_process_handler(struct uloop_process *c, int ret)
646 uloop_timeout_cancel(&jail_process_timeout);
647 if (WIFEXITED(ret)) {
648 jail_return_code = WEXITSTATUS(ret);
649 INFO("jail (%d) exited with exit: %d\n", c->pid, jail_return_code);
651 jail_return_code = WTERMSIG(ret);
652 INFO("jail (%d) exited with signal: %d\n", c->pid, jail_return_code);
658 static struct uloop_process jail_process = {
659 .cb = jail_process_handler,
662 static void jail_process_timeout_cb(struct uloop_timeout *t)
664 DEBUG("jail process failed to stop, sending SIGKILL\n");
665 kill(jail_process.pid, SIGKILL);
668 static void jail_handle_signal(int signo)
670 DEBUG("forwarding signal %d to the jailed process\n", signo);
671 kill(jail_process.pid, signo);
674 static int netns_open_pid(const pid_t target_ns)
676 char pid_net_path[PATH_MAX];
678 snprintf(pid_net_path, sizeof(pid_net_path), "/proc/%u/ns/net", target_ns);
680 return open(pid_net_path, O_RDONLY);
683 static void netns_updown(pid_t pid, bool start)
685 struct ubus_context *ctx = ubus_connect(NULL);
686 static struct blob_buf req;
692 blob_buf_init(&req, 0);
693 blobmsg_add_string(&req, "jail", opts.name);
694 blobmsg_add_u32(&req, "pid", pid);
695 blobmsg_add_u8(&req, "start", start);
697 if (ubus_lookup_id(ctx, "network", &id) ||
698 ubus_invoke(ctx, id, "netns_updown", req.head, NULL, NULL, 3000))
699 INFO("ubus request failed\n");
705 int main(int argc, char **argv)
708 uid_t uid = getuid();
709 char log[] = "/dev/log";
710 char ubus[] = "/var/run/ubus.sock";
717 ERROR("not root, aborting: %m\n");
723 init_library_search();
725 while ((ch = getopt(argc, argv, OPT_ARGS)) != -1) {
728 debug = atoi(optarg);
731 opts.namespace |= CLONE_NEWNS;
735 opts.namespace |= CLONE_NEWNS;
739 opts.namespace |= CLONE_NEWUSER;
742 opts.namespace |= CLONE_NEWCGROUP;
745 opts.extroot = optarg;
748 opts.namespace |= CLONE_NEWNS;
752 opts.seccomp = optarg;
753 add_mount(optarg, 1, -1);
756 opts.capabilities = optarg;
759 opts.no_new_privs = 1;
765 opts.namespace |= CLONE_NEWNET;
768 opts.namespace |= CLONE_NEWUTS;
769 opts.hostname = optarg;
772 opts.namespace |= CLONE_NEWNS;
773 add_path_and_deps(optarg, 1, 0, 0);
776 opts.namespace |= CLONE_NEWNS;
777 add_path_and_deps(optarg, 0, 0, 0);
780 opts.namespace |= CLONE_NEWNS;
781 add_mount(ubus, 0, -1);
784 opts.namespace |= CLONE_NEWNS;
785 add_mount(log, 0, -1);
794 opts.overlaydir = optarg;
797 opts.tmpoverlaysize = optarg;
800 opts.require_jail = 1;
809 opts.namespace |= CLONE_NEWIPC | CLONE_NEWPID;
811 if (opts.tmpoverlaysize && strlen(opts.tmpoverlaysize) > 8) {
812 ERROR("size parameter too long: \"%s\"\n", opts.tmpoverlaysize);
816 /* no <binary> param found */
817 if (argc - optind < 1) {
821 if (!(opts.namespace||opts.capabilities||opts.seccomp)) {
822 ERROR("Not using namespaces, capabilities or seccomp !!!\n\n");
826 DEBUG("Using namespaces(0x%08x), capabilities(%d), seccomp(%d)\n",
828 opts.capabilities != 0,
831 opts.jail_argv = &argv[optind];
833 get_jail_user(&opts.pw_uid, &opts.pw_gid, &opts.gr_gid);
836 if (opts.namespace && add_path_and_deps(*opts.jail_argv, 1, -1, 0)) {
837 ERROR("failed to load dependencies\n");
842 if (opts.namespace && opts.seccomp && add_path_and_deps("libpreload-seccomp.so", 1, -1, 1)) {
843 ERROR("failed to load libpreload-seccomp.so\n");
845 if (opts.require_jail)
850 prctl(PR_SET_NAME, opts.name, NULL, NULL, NULL);
854 sigfillset(&sigmask);
855 for (i = 0; i < _NSIG; i++) {
856 struct sigaction s = { 0 };
858 if (!sigismember(&sigmask, i))
860 if ((i == SIGCHLD) || (i == SIGPIPE) || (i == SIGSEGV))
863 s.sa_handler = jail_handle_signal;
864 sigaction(i, &s, NULL);
867 if (opts.namespace) {
868 if (opts.namespace & CLONE_NEWNS) {
869 add_mount("/dev/full", 0, -1);
870 add_mount("/dev/null", 0, -1);
871 add_mount("/dev/random", 0, -1);
872 add_mount("/dev/urandom", 0, -1);
873 add_mount("/dev/zero", 0, -1);
874 add_mount("/dev/ptmx", 0, -1);
875 add_mount("/dev/tty", 0, -1);
877 if (!opts.extroot && (opts.user || opts.group)) {
878 add_mount("/etc/passwd", 0, -1);
879 add_mount("/etc/group", 0, -1);
882 #if defined(__GLIBC__)
884 add_mount("/etc/nsswitch.conf", 0, -1);
887 if (!(opts.namespace & CLONE_NEWNET)) {
888 add_mount("/etc/resolv.conf", 0, -1);
892 if (pipe(&pipes[0]) < 0 || pipe(&pipes[2]) < 0)
895 jail_process.pid = clone(exec_jail, child_stack + STACK_SIZE, SIGCHLD | opts.namespace, &pipes);
897 jail_process.pid = fork();
900 if (jail_process.pid > 0) {
905 if (read(pipes[0], sig_buf, 1) < 1) {
906 ERROR("can't read from child\n");
910 if (opts.namespace & CLONE_NEWUSER) {
911 bool has_gr = (opts.gr_gid != -1);
912 if (write_setgroups(jail_process.pid, false)) {
913 ERROR("can't write setgroups\n");
916 if (opts.pw_uid != -1) {
917 write_uid_gid_map(jail_process.pid, 0, opts.pw_uid);
918 write_uid_gid_map(jail_process.pid, 1, has_gr?opts.gr_gid:opts.pw_gid);
920 write_uid_gid_map(jail_process.pid, 0, 65534);
921 write_uid_gid_map(jail_process.pid, 1, has_gr?opts.gr_gid:65534);
925 if (opts.namespace & CLONE_NEWNET) {
927 ERROR("netns needs a named jail\n");
930 netns_fd = netns_open_pid(jail_process.pid);
931 netns_updown(jail_process.pid, true);
935 if (write(pipes[3], sig_buf, 1) < 0) {
936 ERROR("can't write to child\n");
940 uloop_process_add(&jail_process);
943 DEBUG("uloop interrupted, killing jail process\n");
944 kill(jail_process.pid, SIGTERM);
945 uloop_timeout_set(&jail_process_timeout, 1000);
949 if (opts.namespace & CLONE_NEWNET) {
950 setns(netns_fd, CLONE_NEWNET);
951 netns_updown(getpid(), false);
954 return jail_return_code;
955 } else if (jail_process.pid == 0) {
956 /* fork child process */
957 return exec_jail(NULL);
959 ERROR("failed to clone/fork: %m\n");