diff options
author | netblue30 <netblue30@yahoo.com> | 2015-08-16 15:27:31 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-08-16 15:27:31 -0400 |
commit | 04b8a2a23b077398f6c51784fe412c91878c1a82 (patch) | |
tree | bcfb81ed866807a42141d156aabfa8a546ec5b4a | |
parent | --overlay rework, adding a persistent directory; implemented --overlay-tmpfs ... (diff) | |
parent | Replace get_link with realpath (diff) | |
download | firejail-04b8a2a23b077398f6c51784fe412c91878c1a82.tar.gz firejail-04b8a2a23b077398f6c51784fe412c91878c1a82.tar.zst firejail-04b8a2a23b077398f6c51784fe412c91878c1a82.zip |
Merge pull request #29 from pmillerchip/symlink-fixes
Replace get_link with realpath
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/fs_dev.c | 24 | ||||
-rw-r--r-- | src/firejail/fs_var.c | 26 | ||||
-rw-r--r-- | src/firejail/util.c | 24 |
4 files changed, 15 insertions, 60 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 7eb4786e6..3acaeb6fb 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -253,7 +253,6 @@ void logmsg(const char *msg); | |||
253 | void logargs(int argc, char **argv) ; | 253 | void logargs(int argc, char **argv) ; |
254 | void logerr(const char *msg); | 254 | void logerr(const char *msg); |
255 | int copy_file(const char *srcname, const char *destname); | 255 | int copy_file(const char *srcname, const char *destname); |
256 | char *get_link(const char *fname); | ||
257 | int is_dir(const char *fname); | 256 | int is_dir(const char *fname); |
258 | int is_link(const char *fname); | 257 | int is_link(const char *fname); |
259 | char *line_remove_spaces(const char *buf); | 258 | char *line_remove_spaces(const char *buf); |
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c index 80bd11582..212b3211c 100644 --- a/src/firejail/fs_dev.c +++ b/src/firejail/fs_dev.c | |||
@@ -127,30 +127,20 @@ void fs_dev_shm(void) { | |||
127 | errExit("mounting /dev/shm"); | 127 | errExit("mounting /dev/shm"); |
128 | } | 128 | } |
129 | else { | 129 | else { |
130 | char *lnk = get_link("/dev/shm"); | 130 | char *lnk = realpath("/dev/shm", NULL); |
131 | if (lnk) { | 131 | if (lnk) { |
132 | // convert a link such as "../shm" into "/shm" | 132 | if (!is_dir(lnk)) { |
133 | char *lnk2 = lnk; | ||
134 | int cnt = 0; | ||
135 | while (strncmp(lnk2, "../", 3) == 0) { | ||
136 | cnt++; | ||
137 | lnk2 = lnk2 + 3; | ||
138 | } | ||
139 | if (cnt != 0) | ||
140 | lnk2 = lnk + (cnt - 1) * 3 + 2; | ||
141 | |||
142 | if (!is_dir(lnk2)) { | ||
143 | // create directory | 133 | // create directory |
144 | if (mkdir(lnk2, S_IRWXU|S_IRWXG|S_IRWXO)) | 134 | if (mkdir(lnk, S_IRWXU|S_IRWXG|S_IRWXO)) |
145 | errExit("mkdir"); | 135 | errExit("mkdir"); |
146 | if (chown(lnk2, 0, 0)) | 136 | if (chown(lnk, 0, 0)) |
147 | errExit("chown"); | 137 | errExit("chown"); |
148 | if (chmod(lnk2, S_IRWXU|S_IRWXG|S_IRWXO)) | 138 | if (chmod(lnk, S_IRWXU|S_IRWXG|S_IRWXO)) |
149 | errExit("chmod"); | 139 | errExit("chmod"); |
150 | } | 140 | } |
151 | if (arg_debug) | 141 | if (arg_debug) |
152 | printf("Mounting tmpfs on %s on behalf of /dev/shm\n", lnk2); | 142 | printf("Mounting tmpfs on %s on behalf of /dev/shm\n", lnk); |
153 | if (mount("tmpfs", lnk2, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) | 143 | if (mount("tmpfs", lnk, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) |
154 | errExit("mounting /var/tmp"); | 144 | errExit("mounting /var/tmp"); |
155 | free(lnk); | 145 | free(lnk); |
156 | } | 146 | } |
diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c index 588090c00..9f554f662 100644 --- a/src/firejail/fs_var.c +++ b/src/firejail/fs_var.c | |||
@@ -240,7 +240,7 @@ void dbg_test_dir(const char *dir) { | |||
240 | if (is_dir(dir)) | 240 | if (is_dir(dir)) |
241 | printf("%s is a directory\n", dir); | 241 | printf("%s is a directory\n", dir); |
242 | if (is_link(dir)) { | 242 | if (is_link(dir)) { |
243 | char *lnk = get_link(dir); | 243 | char *lnk = realpath(dir, NULL); |
244 | if (lnk) { | 244 | if (lnk) { |
245 | printf("%s is a symbolic link to %s\n", dir, lnk); | 245 | printf("%s is a symbolic link to %s\n", dir, lnk); |
246 | free(lnk); | 246 | free(lnk); |
@@ -259,30 +259,20 @@ void fs_var_lock(void) { | |||
259 | errExit("mounting /lock"); | 259 | errExit("mounting /lock"); |
260 | } | 260 | } |
261 | else { | 261 | else { |
262 | char *lnk = get_link("/var/lock"); | 262 | char *lnk = realpath("/var/lock", NULL); |
263 | if (lnk) { | 263 | if (lnk) { |
264 | // convert a link such as "../shm" into "/shm" | 264 | if (!is_dir(lnk)) { |
265 | char *lnk2 = lnk; | ||
266 | int cnt = 0; | ||
267 | while (strncmp(lnk2, "../", 3) == 0) { | ||
268 | cnt++; | ||
269 | lnk2 = lnk2 + 3; | ||
270 | } | ||
271 | if (cnt != 0) | ||
272 | lnk2 = lnk + (cnt - 1) * 3 + 2; | ||
273 | |||
274 | if (!is_dir(lnk2)) { | ||
275 | // create directory | 265 | // create directory |
276 | if (mkdir(lnk2, S_IRWXU|S_IRWXG|S_IRWXO)) | 266 | if (mkdir(lnk, S_IRWXU|S_IRWXG|S_IRWXO)) |
277 | errExit("mkdir"); | 267 | errExit("mkdir"); |
278 | if (chown(lnk2, 0, 0)) | 268 | if (chown(lnk, 0, 0)) |
279 | errExit("chown"); | 269 | errExit("chown"); |
280 | if (chmod(lnk2, S_IRWXU|S_IRWXG|S_IRWXO)) | 270 | if (chmod(lnk, S_IRWXU|S_IRWXG|S_IRWXO)) |
281 | errExit("chmod"); | 271 | errExit("chmod"); |
282 | } | 272 | } |
283 | if (arg_debug) | 273 | if (arg_debug) |
284 | printf("Mounting tmpfs on %s on behalf of /var/lock\n", lnk2); | 274 | printf("Mounting tmpfs on %s on behalf of /var/lock\n", lnk); |
285 | if (mount("tmpfs", lnk2, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) | 275 | if (mount("tmpfs", lnk, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) |
286 | errExit("mounting /var/lock"); | 276 | errExit("mounting /var/lock"); |
287 | free(lnk); | 277 | free(lnk); |
288 | } | 278 | } |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 2c50caf17..95409129a 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -172,30 +172,6 @@ int copy_file(const char *srcname, const char *destname) { | |||
172 | return 0; | 172 | return 0; |
173 | } | 173 | } |
174 | 174 | ||
175 | |||
176 | char *get_link(const char *fname) { | ||
177 | assert(fname); | ||
178 | struct stat sb; | ||
179 | char *linkname; | ||
180 | ssize_t r; | ||
181 | |||
182 | if (lstat(fname, &sb) == -1) | ||
183 | return NULL; | ||
184 | |||
185 | linkname = malloc(sb.st_size + 1); | ||
186 | if (linkname == NULL) | ||
187 | return NULL; | ||
188 | memset(linkname, 0, sb.st_size + 1); | ||
189 | |||
190 | r = readlink(fname, linkname, sb.st_size + 1); | ||
191 | if (r < 0) { | ||
192 | free(linkname); | ||
193 | return NULL; | ||
194 | } | ||
195 | return linkname; | ||
196 | } | ||
197 | |||
198 | |||
199 | // return 1 if the file is a directory | 175 | // return 1 if the file is a directory |
200 | int is_dir(const char *fname) { | 176 | int is_dir(const char *fname) { |
201 | assert(fname); | 177 | assert(fname); |