aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar Aleksey Manevich <manevich.aleksey@gmail.com>2016-08-23 10:00:31 +0300
committerLibravatar Aleksey Manevich <manevich.aleksey@gmail.com>2016-08-23 13:01:18 +0300
commitb1de742a08cccb5f3ae7e2a8fa851aa0059c92f4 (patch)
tree8f9d42a1499cb8e39f9ae50d5d04ada6f9896d86
parentx11 command in profile files (diff)
downloadfirejail-b1de742a08cccb5f3ae7e2a8fa851aa0059c92f4.tar.gz
firejail-b1de742a08cccb5f3ae7e2a8fa851aa0059c92f4.tar.zst
firejail-b1de742a08cccb5f3ae7e2a8fa851aa0059c92f4.zip
remove unneeded chown
Diffstat
-rw-r--r--src/firejail/appimage.c23
1 files changed, 13 insertions, 10 deletions
diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c
index db9382dc3..37e3de5d8 100644
--- a/src/firejail/appimage.c
+++ b/src/firejail/appimage.c
@@ -39,15 +39,20 @@ void appimage_set(const char *appimage_path) {
39 assert(appimage_path); 39 assert(appimage_path);
40 assert(devloop == NULL); // don't call this twice! 40 assert(devloop == NULL); // don't call this twice!
41 EUID_ASSERT(); 41 EUID_ASSERT();
42 42
43 // check appimage_path 43 // check appimage_path
44 if (access(appimage_path, R_OK) == -1) { 44 if (access(appimage_path, R_OK) == -1) {
45 fprintf(stderr, "Error: cannot access AppImage file\n"); 45 fprintf(stderr, "Error: cannot access AppImage file\n");
46 exit(1); 46 exit(1);
47 } 47 }
48 48
49 // open as user to prevent race condition
50 int ffd = open(appimage_path, O_RDONLY|O_CLOEXEC);
51 if (ffd == -1)
52 errExit("open");
53
49 EUID_ROOT(); 54 EUID_ROOT();
50 55
51 // find or allocate a free loop device to use 56 // find or allocate a free loop device to use
52 int cfd = open("/dev/loop-control", O_RDWR); 57 int cfd = open("/dev/loop-control", O_RDWR);
53 int devnr = ioctl(cfd, LOOP_CTL_GET_FREE); 58 int devnr = ioctl(cfd, LOOP_CTL_GET_FREE);
@@ -59,7 +64,6 @@ void appimage_set(const char *appimage_path) {
59 if (asprintf(&devloop, "/dev/loop%d", devnr) == -1) 64 if (asprintf(&devloop, "/dev/loop%d", devnr) == -1)
60 errExit("asprintf"); 65 errExit("asprintf");
61 66
62 int ffd = open(appimage_path, O_RDONLY|O_CLOEXEC);
63 int lfd = open(devloop, O_RDONLY); 67 int lfd = open(devloop, O_RDONLY);
64 if (ioctl(lfd, LOOP_SET_FD, ffd) == -1) { 68 if (ioctl(lfd, LOOP_SET_FD, ffd) == -1) {
65 fprintf(stderr, "Error: cannot configure the loopback device\n"); 69 fprintf(stderr, "Error: cannot configure the loopback device\n");
@@ -68,22 +72,21 @@ void appimage_set(const char *appimage_path) {
68 close(lfd); 72 close(lfd);
69 close(ffd); 73 close(ffd);
70 74
75 EUID_USER();
76
77 // creates directory with perms 0700
71 char dirname[] = "/tmp/firejail-mnt-XXXXXX"; 78 char dirname[] = "/tmp/firejail-mnt-XXXXXX";
72 mntdir = strdup(mkdtemp(dirname)); 79 mntdir = strdup(mkdtemp(dirname));
73 if (mntdir == NULL) { 80 if (mntdir == NULL) {
74 fprintf(stderr, "Error: cannot create temporary directory\n"); 81 fprintf(stderr, "Error: cannot create temporary directory\n");
75 exit(1); 82 exit(1);
76 } 83 }
77 mkdir(mntdir, 755);
78 if (chown(mntdir, getuid(), getgid()) == -1)
79 errExit("chown");
80 if (chmod(mntdir, 755) == -1)
81 errExit("chmod");
82 84
83 char *mode; 85 char *mode;
84 if (asprintf(&mode, "mode=755,uid=%d,gid=%d", getuid(), getgid()) == -1) 86 if (asprintf(&mode, "mode=700,uid=%d,gid=%d", getuid(), getgid()) == -1)
85 errExit("asprintf"); 87 errExit("asprintf");
86 88
89 EUID_ROOT();
87 if (mount(devloop, mntdir, "iso9660",MS_MGC_VAL|MS_RDONLY, mode) < 0) 90 if (mount(devloop, mntdir, "iso9660",MS_MGC_VAL|MS_RDONLY, mode) < 0)
88 errExit("mounting appimage"); 91 errExit("mounting appimage");
89 92
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-21 01:33:47 +0000