Index: src/trusted/service_runtime/sel_main.c |
diff --git a/src/trusted/service_runtime/sel_main.c b/src/trusted/service_runtime/sel_main.c |
index 77e95a2eaa3eaa2abe18a857a819f3681c5e2c32..5b7bc4d263895f50e5727329959a6cd7660e518a 100644 |
--- a/src/trusted/service_runtime/sel_main.c |
+++ b/src/trusted/service_runtime/sel_main.c |
@@ -744,8 +744,9 @@ int NaClSelLdrMain(int argc, char **argv) { |
NaClAppStartModule(nap, NULL, NULL); |
/* |
- * For restricted file access, change directory to the root |
- * of the restricted directory. |
+ * For restricted file access, change directory to the root of the restricted |
+ * directory. This is required for safety, because we allow relative |
+ * pathnames. |
*/ |
if (NaClRootDir != NULL && NaClHostDescChdir(NaClRootDir)) { |
NaClLog(LOG_FATAL, "Could not change directory to root dir\n"); |