cleanup

author: netblue30 <netblue30@yahoo.com> 2016-10-09 11:20:41 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-10-09 11:20:41 -0400
commit: e0f28ab1a1551f78154670283e1dbb2af99853b5 (patch)
tree: ff35af518f96241f77dc51c3c42d7300f5c1ec54
parent: moving appimage mount point from /tmp to /run - fixing --private-tmp (diff)
download: firejail-e0f28ab1a1551f78154670283e1dbb2af99853b5.tar.gz
firejail-e0f28ab1a1551f78154670283e1dbb2af99853b5.tar.zst
firejail-e0f28ab1a1551f78154670283e1dbb2af99853b5.zip
7 files changed, 16 insertions, 15 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index d63ed104f..a5f12c7df 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -77,14 +77,15 @@ void fs_build_firejail_dir(void) {
        if (stat(RUN_FIREJAIL_BASEDIR, &s)) {
                create_dir_as_root(RUN_FIREJAIL_BASEDIR, 0755);
        }
-        else { // check /tmp/firejail directory belongs to root end exit if doesn't!
+        // check /run/firejail directory belongs to root end exit if doesn't!
+        if (stat(RUN_FIREJAIL_DIR, &s) == 0) {
                if (s.st_uid != 0 || s.st_gid != 0) {
                        fprintf(stderr, "Error: non-root %s directory, exiting...\n", RUN_FIREJAIL_DIR);
                        exit(1);
                }
        }
+        else {
-        if (stat(RUN_FIREJAIL_DIR, &s)) {
                create_dir_as_root(RUN_FIREJAIL_DIR, 0755);
        }
        
@@ -113,7 +114,7 @@ void fs_build_firejail_dir(void) {
 }
-// build /tmp/firejail/mnt directory
+// build /run/firejail/mnt directory
 static int tmpfs_mounted = 0;
 #ifdef HAVE_CHROOT              
 static void fs_build_remount_mnt_dir(void) {
@@ -137,7 +138,7 @@ void fs_build_mnt_dir(void) {
                if (arg_debug)
                        printf("Mounting tmpfs on %s directory\n", RUN_MNT_DIR);
                if (mount("tmpfs", RUN_MNT_DIR, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=755,gid=0") < 0)
-                        errExit("mounting /tmp/firejail/mnt");
+                        errExit("mounting /run/firejail/mnt");
                tmpfs_mounted = 1;
                fs_logger2("tmpfs", RUN_MNT_DIR);
        }
@@ -1254,7 +1255,7 @@ void fs_private_tmp(void) {
        if (arg_debug)
                printf("Mounting tmpfs on /tmp directory\n");
        if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=1777,gid=0") < 0)
-                errExit("mounting /tmp/firejail/mnt");
+                errExit("mounting tmpfs on /tmp directory");
        fs_logger2("tmpfs", "/tmp");
 }
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c
index 40539305f..e65474f44 100644
--- a/src/firejail/fs_bin.c
+++ b/src/firejail/fs_bin.c
@@ -208,7 +208,7 @@ void fs_private_bin_list(void) {
        char *private_list = cfg.bin_private_keep;
        assert(private_list);
        
-        // create /tmp/firejail/mnt/bin directory
+        // create /run/firejail/mnt/bin directory
        fs_build_mnt_dir();
        if (mkdir(RUN_BIN_DIR, 0755) == -1)
                errExit("mkdir");
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c
index e860bc173..fc9e40ca0 100644
--- a/src/firejail/fs_etc.c
+++ b/src/firejail/fs_etc.c
@@ -128,7 +128,7 @@ void fs_private_etc_list(void) {
                exit(1);
        }
-        // create /tmp/firejail/mnt/etc directory
+        // create /run/firejail/mnt/etc directory
        fs_build_mnt_dir();
        if (mkdir(RUN_ETC_DIR, 0755) == -1)
                errExit("mkdir");
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index 63d5a1c5e..bd3c404e9 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -591,7 +591,7 @@ void fs_private_home_list(void) {
                exit(1);
        }
-        // create /tmp/firejail/mnt/home directory
+        // create /run/firejail/mnt/home directory
        fs_build_mnt_dir();
        int rv = mkdir(RUN_HOME_DIR, 0755);
        if (rv == -1)
diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c
index 78fc8a647..37e899f12 100644
--- a/src/firejail/fs_trace.c
+++ b/src/firejail/fs_trace.c
@@ -44,7 +44,7 @@ void fs_trace_preload(void) {
 }
 void fs_trace(void) {
-        // create /tmp/firejail/mnt directory
+        // create /run/firejail/mnt directory
        fs_build_mnt_dir();
        
        // create the new ld.so.preload file and mount-bind it
diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c
index a578d04e6..4468efb10 100644
--- a/src/firejail/fs_var.c
+++ b/src/firejail/fs_var.c
@@ -317,7 +317,7 @@ void fs_var_utmp(void) {
                return;
        }
-        // create /tmp/firejail/mnt directory
+        // create /run/firejail/mnt directory
        fs_build_mnt_dir();
        
        // create a new utmp file
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c
index c2da1168a..549359d94 100644
--- a/src/firejail/seccomp.c
+++ b/src/firejail/seccomp.c
@@ -708,7 +708,7 @@ int seccomp_filter_drop(int enforce_seccomp) {
        if (arg_debug)
                filter_debug();
-        // save seccomp filter in  /tmp/firejail/mnt/seccomp
+        // save seccomp filter in  /run/firejail/mnt/seccomp
        // in order to use it in --join operations
        write_seccomp_file();
@@ -754,7 +754,7 @@ int seccomp_filter_keep(void) {
        if (arg_debug)
                filter_debug();
-        // save seccomp filter in  /tmp/firejail/mnt/seccomp
+        // save seccomp filter in  /run/firejail/mnt/seccomp
        // in order to use it in --join operations
        write_seccomp_file();
@@ -796,7 +796,7 @@ int seccomp_filter_errno(void) {
        if (arg_debug)
                filter_debug();
-        // save seccomp filter in  /tmp/firejail/mnt/seccomp
+        // save seccomp filter in  /run/firejail/mnt/seccomp
        // in order to use it in --join operations
        write_seccomp_file();
@@ -819,7 +819,7 @@ int seccomp_filter_errno(void) {
 void seccomp_set(void) {
-        // read seccomp filter from  /tmp/firejail/mnt/seccomp
+        // read seccomp filter from  /runp/firejail/mnt/seccomp
        read_seccomp_file(RUN_SECCOMP_CFG);
        
        // apply filter
author	netblue30 <netblue30@yahoo.com>	2016-10-09 11:20:41 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-10-09 11:20:41 -0400
commit	e0f28ab1a1551f78154670283e1dbb2af99853b5 (patch)
tree	ff35af518f96241f77dc51c3c42d7300f5c1ec54
parent	moving appimage mount point from /tmp to /run - fixing --private-tmp (diff)
download	firejail-e0f28ab1a1551f78154670283e1dbb2af99853b5.tar.gz firejail-e0f28ab1a1551f78154670283e1dbb2af99853b5.tar.zst firejail-e0f28ab1a1551f78154670283e1dbb2af99853b5.zip

diff --git a/src/firejail/fs.c b/src/firejail/fs.c index d63ed104f..a5f12c7df 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c
@@ -77,14 +77,15 @@ void fs_build_firejail_dir(void) {
77	if (stat(RUN_FIREJAIL_BASEDIR, &s)) {	77	if (stat(RUN_FIREJAIL_BASEDIR, &s)) {
78	create_dir_as_root(RUN_FIREJAIL_BASEDIR, 0755);	78	create_dir_as_root(RUN_FIREJAIL_BASEDIR, 0755);
79	}	79	}
80	else { // check /tmp/firejail directory belongs to root end exit if doesn't!	80
		81	// check /run/firejail directory belongs to root end exit if doesn't!
		82	if (stat(RUN_FIREJAIL_DIR, &s) == 0) {
81	if (s.st_uid != 0 \|\| s.st_gid != 0) {	83	if (s.st_uid != 0 \|\| s.st_gid != 0) {
82	fprintf(stderr, "Error: non-root %s directory, exiting...\n", RUN_FIREJAIL_DIR);	84	fprintf(stderr, "Error: non-root %s directory, exiting...\n", RUN_FIREJAIL_DIR);
83	exit(1);	85	exit(1);
84	}	86	}
85	}	87	}
86		88	else {
87	if (stat(RUN_FIREJAIL_DIR, &s)) {
88	create_dir_as_root(RUN_FIREJAIL_DIR, 0755);	89	create_dir_as_root(RUN_FIREJAIL_DIR, 0755);
89	}	90	}
90		91
@@ -113,7 +114,7 @@ void fs_build_firejail_dir(void) {
113	}	114	}
114		115
115		116
116	// build /tmp/firejail/mnt directory	117	// build /run/firejail/mnt directory
117	static int tmpfs_mounted = 0;	118	static int tmpfs_mounted = 0;
118	#ifdef HAVE_CHROOT	119	#ifdef HAVE_CHROOT
119	static void fs_build_remount_mnt_dir(void) {	120	static void fs_build_remount_mnt_dir(void) {
@@ -137,7 +138,7 @@ void fs_build_mnt_dir(void) {
137	if (arg_debug)	138	if (arg_debug)
138	printf("Mounting tmpfs on %s directory\n", RUN_MNT_DIR);	139	printf("Mounting tmpfs on %s directory\n", RUN_MNT_DIR);
139	if (mount("tmpfs", RUN_MNT_DIR, "tmpfs", MS_NOSUID \| MS_STRICTATIME \| MS_REC, "mode=755,gid=0") < 0)	140	if (mount("tmpfs", RUN_MNT_DIR, "tmpfs", MS_NOSUID \| MS_STRICTATIME \| MS_REC, "mode=755,gid=0") < 0)
140	errExit("mounting /tmp/firejail/mnt");	141	errExit("mounting /run/firejail/mnt");
141	tmpfs_mounted = 1;	142	tmpfs_mounted = 1;
142	fs_logger2("tmpfs", RUN_MNT_DIR);	143	fs_logger2("tmpfs", RUN_MNT_DIR);
143	}	144	}
@@ -1254,7 +1255,7 @@ void fs_private_tmp(void) {
1254	if (arg_debug)	1255	if (arg_debug)
1255	printf("Mounting tmpfs on /tmp directory\n");	1256	printf("Mounting tmpfs on /tmp directory\n");
1256	if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID \| MS_STRICTATIME \| MS_REC, "mode=1777,gid=0") < 0)	1257	if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID \| MS_STRICTATIME \| MS_REC, "mode=1777,gid=0") < 0)
1257	errExit("mounting /tmp/firejail/mnt");	1258	errExit("mounting tmpfs on /tmp directory");
1258	fs_logger2("tmpfs", "/tmp");	1259	fs_logger2("tmpfs", "/tmp");
1259	}	1260	}
1260		1261


diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c index 40539305f..e65474f44 100644 --- a/src/firejail/fs_bin.c +++ b/src/firejail/fs_bin.c
@@ -208,7 +208,7 @@ void fs_private_bin_list(void) {
208	char *private_list = cfg.bin_private_keep;	208	char *private_list = cfg.bin_private_keep;
209	assert(private_list);	209	assert(private_list);
210		210
211	// create /tmp/firejail/mnt/bin directory	211	// create /run/firejail/mnt/bin directory
212	fs_build_mnt_dir();	212	fs_build_mnt_dir();
213	if (mkdir(RUN_BIN_DIR, 0755) == -1)	213	if (mkdir(RUN_BIN_DIR, 0755) == -1)
214	errExit("mkdir");	214	errExit("mkdir");


diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index e860bc173..fc9e40ca0 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c
@@ -128,7 +128,7 @@ void fs_private_etc_list(void) {
128	exit(1);	128	exit(1);
129	}	129	}
130		130
131	// create /tmp/firejail/mnt/etc directory	131	// create /run/firejail/mnt/etc directory
132	fs_build_mnt_dir();	132	fs_build_mnt_dir();
133	if (mkdir(RUN_ETC_DIR, 0755) == -1)	133	if (mkdir(RUN_ETC_DIR, 0755) == -1)
134	errExit("mkdir");	134	errExit("mkdir");


diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 63d5a1c5e..bd3c404e9 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c
@@ -591,7 +591,7 @@ void fs_private_home_list(void) {
591	exit(1);	591	exit(1);
592	}	592	}
593		593
594	// create /tmp/firejail/mnt/home directory	594	// create /run/firejail/mnt/home directory
595	fs_build_mnt_dir();	595	fs_build_mnt_dir();
596	int rv = mkdir(RUN_HOME_DIR, 0755);	596	int rv = mkdir(RUN_HOME_DIR, 0755);
597	if (rv == -1)	597	if (rv == -1)


diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c index 78fc8a647..37e899f12 100644 --- a/src/firejail/fs_trace.c +++ b/src/firejail/fs_trace.c
@@ -44,7 +44,7 @@ void fs_trace_preload(void) {
44	}	44	}
45		45
46	void fs_trace(void) {	46	void fs_trace(void) {
47	// create /tmp/firejail/mnt directory	47	// create /run/firejail/mnt directory
48	fs_build_mnt_dir();	48	fs_build_mnt_dir();
49		49
50	// create the new ld.so.preload file and mount-bind it	50	// create the new ld.so.preload file and mount-bind it


diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c index a578d04e6..4468efb10 100644 --- a/src/firejail/fs_var.c +++ b/src/firejail/fs_var.c
@@ -317,7 +317,7 @@ void fs_var_utmp(void) {
317	return;	317	return;
318	}	318	}
319		319
320	// create /tmp/firejail/mnt directory	320	// create /run/firejail/mnt directory
321	fs_build_mnt_dir();	321	fs_build_mnt_dir();
322		322
323	// create a new utmp file	323	// create a new utmp file


diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c index c2da1168a..549359d94 100644 --- a/src/firejail/seccomp.c +++ b/src/firejail/seccomp.c
@@ -708,7 +708,7 @@ int seccomp_filter_drop(int enforce_seccomp) {
708	if (arg_debug)	708	if (arg_debug)
709	filter_debug();	709	filter_debug();
710		710
711	// save seccomp filter in /tmp/firejail/mnt/seccomp	711	// save seccomp filter in /run/firejail/mnt/seccomp
712	// in order to use it in --join operations	712	// in order to use it in --join operations
713	write_seccomp_file();	713	write_seccomp_file();
714		714
@@ -754,7 +754,7 @@ int seccomp_filter_keep(void) {
754	if (arg_debug)	754	if (arg_debug)
755	filter_debug();	755	filter_debug();
756		756
757	// save seccomp filter in /tmp/firejail/mnt/seccomp	757	// save seccomp filter in /run/firejail/mnt/seccomp
758	// in order to use it in --join operations	758	// in order to use it in --join operations
759	write_seccomp_file();	759	write_seccomp_file();
760		760
@@ -796,7 +796,7 @@ int seccomp_filter_errno(void) {
796	if (arg_debug)	796	if (arg_debug)
797	filter_debug();	797	filter_debug();
798		798
799	// save seccomp filter in /tmp/firejail/mnt/seccomp	799	// save seccomp filter in /run/firejail/mnt/seccomp
800	// in order to use it in --join operations	800	// in order to use it in --join operations
801	write_seccomp_file();	801	write_seccomp_file();
802		802
@@ -819,7 +819,7 @@ int seccomp_filter_errno(void) {
819		819
820		820
821	void seccomp_set(void) {	821	void seccomp_set(void) {
822	// read seccomp filter from /tmp/firejail/mnt/seccomp	822	// read seccomp filter from /runp/firejail/mnt/seccomp
823	read_seccomp_file(RUN_SECCOMP_CFG);	823	read_seccomp_file(RUN_SECCOMP_CFG);
824		824
825	// apply filter	825	// apply filter