diff options
author | smitsohu <smitsohu@gmail.com> | 2021-02-25 00:49:13 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2021-02-25 00:49:13 +0100 |
commit | 04cdc12104d093e7f23b92525ff6a8dd768ae0d1 (patch) | |
tree | dc819f69a6f8ec94cc4c7b211ce8305a7ef832f1 | |
parent | musl fix (#3998) (diff) | |
download | firejail-04cdc12104d093e7f23b92525ff6a8dd768ae0d1.tar.gz firejail-04cdc12104d093e7f23b92525ff6a8dd768ae0d1.tar.zst firejail-04cdc12104d093e7f23b92525ff6a8dd768ae0d1.zip |
private-lib: minor simplification
-rw-r--r-- | src/firejail/fs_lib.c | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c index 9bf17b981..7e9666fc0 100644 --- a/src/firejail/fs_lib.c +++ b/src/firejail/fs_lib.c | |||
@@ -138,20 +138,10 @@ void fslib_duplicate(const char *full_path) { | |||
138 | lib_cnt++; | 138 | lib_cnt++; |
139 | } | 139 | } |
140 | 140 | ||
141 | |||
142 | // requires full path for lib | 141 | // requires full path for lib |
143 | // it could be a library or an executable | 142 | // it could be a library or an executable |
144 | // lib is not copied, only libraries used by it | 143 | // lib is not copied, only libraries used by it |
145 | static void fslib_copy_libs(const char *full_path, unsigned mask) { | 144 | static void fslib_copy_libs(const char *full_path, unsigned mask) { |
146 | // if library/executable does not exist or the user does not have read access to it | ||
147 | // print a warning and exit the function. | ||
148 | if (((mask & SBOX_USER) && access(full_path, R_OK)) || | ||
149 | ((mask & SBOX_ROOT) && access(full_path, F_OK))) { | ||
150 | if (arg_debug || arg_debug_private_lib) | ||
151 | printf("cannot find %s for private-lib, skipping...\n", full_path); | ||
152 | return; | ||
153 | } | ||
154 | |||
155 | // create an empty RUN_LIB_FILE and allow the user to write to it | 145 | // create an empty RUN_LIB_FILE and allow the user to write to it |
156 | unlink(RUN_LIB_FILE); // in case is there | 146 | unlink(RUN_LIB_FILE); // in case is there |
157 | create_empty_file_as_root(RUN_LIB_FILE, 0644); | 147 | create_empty_file_as_root(RUN_LIB_FILE, 0644); |
@@ -186,13 +176,28 @@ void fslib_copy_libs_parse_as_root(const char *full_path) { | |||
186 | assert(full_path); | 176 | assert(full_path); |
187 | if (arg_debug || arg_debug_private_lib) | 177 | if (arg_debug || arg_debug_private_lib) |
188 | printf(" fslib_copy_libs_parse_as_root %s\n", full_path); | 178 | printf(" fslib_copy_libs_parse_as_root %s\n", full_path); |
179 | |||
180 | struct stat s; | ||
181 | if (stat(full_path, &s)) { | ||
182 | if (arg_debug || arg_debug_private_lib) | ||
183 | printf("cannot find %s for private-lib, skipping...\n", full_path); | ||
184 | return; | ||
185 | } | ||
189 | fslib_copy_libs(full_path, SBOX_ROOT); | 186 | fslib_copy_libs(full_path, SBOX_ROOT); |
190 | } | 187 | } |
191 | 188 | ||
189 | // if library/executable does not exist or the user does not have read access to it | ||
190 | // print a warning and exit the function. | ||
192 | void fslib_copy_libs_parse_as_user(const char *full_path) { | 191 | void fslib_copy_libs_parse_as_user(const char *full_path) { |
193 | assert(full_path); | 192 | assert(full_path); |
194 | if (arg_debug || arg_debug_private_lib) | 193 | if (arg_debug || arg_debug_private_lib) |
195 | printf(" fslib_copy_libs_parse_as_user %s\n", full_path); | 194 | printf(" fslib_copy_libs_parse_as_user %s\n", full_path); |
195 | |||
196 | if (access(full_path, R_OK)) { | ||
197 | if (arg_debug || arg_debug_private_lib) | ||
198 | printf("cannot find %s for private-lib, skipping...\n", full_path); | ||
199 | return; | ||
200 | } | ||
196 | fslib_copy_libs(full_path, SBOX_USER); | 201 | fslib_copy_libs(full_path, SBOX_USER); |
197 | } | 202 | } |
198 | 203 | ||