little tweaks

author: smitsohu <smitsohu@gmail.com> 2019-10-08 13:37:46 +0000
committer: GitHub <noreply@github.com> 2019-10-08 13:37:46 +0000
commit: 9d40367291a2ed3fc83f61163b9358a263bbd719 (patch)
tree: d7fd303c7bbab840ab7251cd765245f08d080269
parent: Fix wusc for geary (diff)
download: firejail-9d40367291a2ed3fc83f61163b9358a263bbd719.tar.gz
firejail-9d40367291a2ed3fc83f61163b9358a263bbd719.tar.zst
firejail-9d40367291a2ed3fc83f61163b9358a263bbd719.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/firejail/chroot.c b/src/firejail/chroot.c
index f5bb11a76..eac784e53 100644
--- a/src/firejail/chroot.c
+++ b/src/firejail/chroot.c
@@ -35,8 +35,8 @@ void fs_check_chroot_dir(void) {
        EUID_ASSERT();
        assert(cfg.chrootdir);
        if (strstr(cfg.chrootdir, "..") ||
-        is_link(cfg.chrootdir) ||
+            is_link(cfg.chrootdir) ||
-        !is_dir(cfg.chrootdir))
+            !is_dir(cfg.chrootdir))
                goto errout;
        // check chroot dirname exists, chrooting into the root directory is not allowed
@@ -82,7 +82,7 @@ static void copy_resolvconf(int parentfd) {
        if (arg_debug)
                printf("Updating /etc/resolv.conf in chroot\n");
        unlinkat(parentfd, "etc/resolv.conf", 0);
-        int out = openat(parentfd, "etc/resolv.conf", O_CREAT|O_WRONLY|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH);
+        int out = openat(parentfd, "etc/resolv.conf", O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH);
        if (out == -1)
                errExit("open");
        if (sendfile(out, in, NULL, src.st_size) == -1)
author	smitsohu <smitsohu@gmail.com>	2019-10-08 13:37:46 +0000
committer	GitHub <noreply@github.com>	2019-10-08 13:37:46 +0000
commit	9d40367291a2ed3fc83f61163b9358a263bbd719 (patch)
tree	d7fd303c7bbab840ab7251cd765245f08d080269
parent	Fix wusc for geary (diff)
download	firejail-9d40367291a2ed3fc83f61163b9358a263bbd719.tar.gz firejail-9d40367291a2ed3fc83f61163b9358a263bbd719.tar.zst firejail-9d40367291a2ed3fc83f61163b9358a263bbd719.zip

diff --git a/src/firejail/chroot.c b/src/firejail/chroot.c index f5bb11a76..eac784e53 100644 --- a/src/firejail/chroot.c +++ b/src/firejail/chroot.c
@@ -35,8 +35,8 @@ void fs_check_chroot_dir(void) {
35	EUID_ASSERT();	35	EUID_ASSERT();
36	assert(cfg.chrootdir);	36	assert(cfg.chrootdir);
37	if (strstr(cfg.chrootdir, "..") \|\|	37	if (strstr(cfg.chrootdir, "..") \|\|
38	is_link(cfg.chrootdir) \|\|	38	is_link(cfg.chrootdir) \|\|
39	!is_dir(cfg.chrootdir))	39	!is_dir(cfg.chrootdir))
40	goto errout;	40	goto errout;
41		41
42	// check chroot dirname exists, chrooting into the root directory is not allowed	42	// check chroot dirname exists, chrooting into the root directory is not allowed
@@ -82,7 +82,7 @@ static void copy_resolvconf(int parentfd) {
82	if (arg_debug)	82	if (arg_debug)
83	printf("Updating /etc/resolv.conf in chroot\n");	83	printf("Updating /etc/resolv.conf in chroot\n");
84	unlinkat(parentfd, "etc/resolv.conf", 0);	84	unlinkat(parentfd, "etc/resolv.conf", 0);
85	int out = openat(parentfd, "etc/resolv.conf", O_CREAT\|O_WRONLY\|O_CLOEXEC, S_IRUSR \| S_IWRITE \| S_IRGRP \| S_IROTH);	85	int out = openat(parentfd, "etc/resolv.conf", O_WRONLY\|O_CREAT\|O_EXCL\|O_CLOEXEC, S_IRUSR \| S_IWRITE \| S_IRGRP \| S_IROTH);
86	if (out == -1)	86	if (out == -1)
87	errExit("open");	87	errExit("open");
88	if (sendfile(out, in, NULL, src.st_size) == -1)	88	if (sendfile(out, in, NULL, src.st_size) == -1)