diff options
author | smitsohu <smitsohu@gmail.com> | 2019-02-22 18:41:38 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2019-02-22 18:45:07 +0100 |
commit | 5cabd894a9d700bd4457d6e6dbd9472629a6dbfe (patch) | |
tree | 5deb5581385d0cc33898462c35257be3b2503b07 | |
parent | Harden gnome-recipes.profile (#2444) (diff) | |
download | firejail-5cabd894a9d700bd4457d6e6dbd9472629a6dbfe.tar.gz firejail-5cabd894a9d700bd4457d6e6dbd9472629a6dbfe.tar.zst firejail-5cabd894a9d700bd4457d6e6dbd9472629a6dbfe.zip |
misc cleanup
removing the branches checking for "." has no effect,
as calling openat on this just reopens the previous path element.
-rw-r--r-- | src/firejail/fs_whitelist.c | 6 | ||||
-rw-r--r-- | src/firejail/profile.c | 4 | ||||
-rw-r--r-- | src/firejail/util.c | 7 |
3 files changed, 2 insertions, 15 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 6cd445433..913fc71ba 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -33,7 +33,6 @@ | |||
33 | //#define TEST_MOUNTINFO | 33 | //#define TEST_MOUNTINFO |
34 | 34 | ||
35 | #define EMPTY_STRING ("") | 35 | #define EMPTY_STRING ("") |
36 | #define MAXBUF 4098 | ||
37 | static size_t homedir_len; // cache length of homedir string | 36 | static size_t homedir_len; // cache length of homedir string |
38 | 37 | ||
39 | 38 | ||
@@ -68,11 +67,6 @@ static int mkpath(const char* path, mode_t mode) { | |||
68 | char *tok = strtok(dup, "/"); | 67 | char *tok = strtok(dup, "/"); |
69 | assert(tok); // path is no top level directory | 68 | assert(tok); // path is no top level directory |
70 | while (tok) { | 69 | while (tok) { |
71 | // skip all instances of "/./" | ||
72 | if (strcmp(tok, ".") == 0) { | ||
73 | tok = strtok(NULL, "/"); | ||
74 | continue; | ||
75 | } | ||
76 | // create the directory if necessary | 70 | // create the directory if necessary |
77 | if (mkdirat(parentfd, tok, mode) == -1) { | 71 | if (mkdirat(parentfd, tok, mode) == -1) { |
78 | if (errno != EEXIST) { | 72 | if (errno != EEXIST) { |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index c163133c3..53947d889 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -241,9 +241,6 @@ error: | |||
241 | // return 1 if the command is to be added to the linked list of profile commands | 241 | // return 1 if the command is to be added to the linked list of profile commands |
242 | // return 0 if the command was already executed inside the function | 242 | // return 0 if the command was already executed inside the function |
243 | int profile_check_line(char *ptr, int lineno, const char *fname) { | 243 | int profile_check_line(char *ptr, int lineno, const char *fname) { |
244 | #ifdef HAVE_WHITELIST | ||
245 | static int whitelist_warning_printed = 0; | ||
246 | #endif | ||
247 | EUID_ASSERT(); | 244 | EUID_ASSERT(); |
248 | 245 | ||
249 | // check and process conditional profile lines | 246 | // check and process conditional profile lines |
@@ -1314,6 +1311,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
1314 | ptr += 10; | 1311 | ptr += 10; |
1315 | } | 1312 | } |
1316 | else { | 1313 | else { |
1314 | static int whitelist_warning_printed = 0; | ||
1317 | if (!whitelist_warning_printed) { | 1315 | if (!whitelist_warning_printed) { |
1318 | warning_feature_disabled("whitelist"); | 1316 | warning_feature_disabled("whitelist"); |
1319 | whitelist_warning_printed = 1; | 1317 | whitelist_warning_printed = 1; |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 0e869ef7a..dd298a31a 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -1163,11 +1163,6 @@ int safe_fd(const char *path, int flags) { | |||
1163 | char *tok = strtok(dup, "/"); | 1163 | char *tok = strtok(dup, "/"); |
1164 | assert(tok); | 1164 | assert(tok); |
1165 | while (tok) { | 1165 | while (tok) { |
1166 | // skip all "/./" | ||
1167 | if (strcmp(tok, ".") == 0) { | ||
1168 | tok = strtok(NULL, "/"); | ||
1169 | continue; | ||
1170 | } | ||
1171 | // open the element, assuming it is a directory; this fails with ENOTDIR if it is a symbolic link | 1166 | // open the element, assuming it is a directory; this fails with ENOTDIR if it is a symbolic link |
1172 | fd = openat(parentfd, tok, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC); | 1167 | fd = openat(parentfd, tok, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC); |
1173 | if (fd == -1) { | 1168 | if (fd == -1) { |
@@ -1267,7 +1262,7 @@ int invalid_sandbox(const pid_t pid) { | |||
1267 | } | 1262 | } |
1268 | 1263 | ||
1269 | int has_handler(pid_t pid, int signal) { | 1264 | int has_handler(pid_t pid, int signal) { |
1270 | if (signal > 0) { | 1265 | if (signal > 0 && signal <= SIGRTMAX) { |
1271 | char *fname; | 1266 | char *fname; |
1272 | if (asprintf(&fname, "/proc/%d/status", pid) == -1) | 1267 | if (asprintf(&fname, "/proc/%d/status", pid) == -1) |
1273 | errExit("asprintf"); | 1268 | errExit("asprintf"); |