diff options
author | netblue30 <netblue30@yahoo.com> | 2015-10-20 12:59:35 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-10-20 12:59:35 -0400 |
commit | 6c6e947fc5830e19b64383a44c88d0bbaaf36a9c (patch) | |
tree | 1bd46321d9ef7193af5a2bedcc9d7d314db68205 | |
parent | testing and fixes (diff) | |
download | firejail-6c6e947fc5830e19b64383a44c88d0bbaaf36a9c.tar.gz firejail-6c6e947fc5830e19b64383a44c88d0bbaaf36a9c.tar.zst firejail-6c6e947fc5830e19b64383a44c88d0bbaaf36a9c.zip |
fixes
-rw-r--r-- | src/firejail/firejail.h | 5 | ||||
-rw-r--r-- | src/firejail/fs.c | 31 | ||||
-rw-r--r-- | src/firejail/fs_bin.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_etc.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_home.c | 2 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 4 |
6 files changed, 43 insertions, 3 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index d3cfb1e96..297624c3b 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -26,6 +26,7 @@ | |||
26 | #define RO_DIR "/tmp/firejail/firejail.ro.dir" | 26 | #define RO_DIR "/tmp/firejail/firejail.ro.dir" |
27 | #define RO_FILE "/tmp/firejail/firejail.ro.file" | 27 | #define RO_FILE "/tmp/firejail/firejail.ro.file" |
28 | #define MNT_DIR "/tmp/firejail/mnt" | 28 | #define MNT_DIR "/tmp/firejail/mnt" |
29 | #define CP_COMMAND "/tmp/firejail/mnt/cp" | ||
29 | #define HOME_DIR "/tmp/firejail/mnt/home" | 30 | #define HOME_DIR "/tmp/firejail/mnt/home" |
30 | #define ETC_DIR "/tmp/firejail/mnt/etc" | 31 | #define ETC_DIR "/tmp/firejail/mnt/etc" |
31 | #define BIN_DIR "/tmp/firejail/mnt/bin" | 32 | #define BIN_DIR "/tmp/firejail/mnt/bin" |
@@ -217,6 +218,10 @@ int net_get_mac(const char *ifname, unsigned char mac[6]); | |||
217 | void fs_build_firejail_dir(void); | 218 | void fs_build_firejail_dir(void); |
218 | // build /tmp/firejail/mnt directory | 219 | // build /tmp/firejail/mnt directory |
219 | void fs_build_mnt_dir(void); | 220 | void fs_build_mnt_dir(void); |
221 | // grab a copy of cp command | ||
222 | void fs_build_cp_command(void); | ||
223 | // delete the temporary cp command | ||
224 | void fs_delete_cp_command(void) ; | ||
220 | // blacklist files or directoies by mounting empty files on top of them | 225 | // blacklist files or directoies by mounting empty files on top of them |
221 | void fs_blacklist(void); | 226 | void fs_blacklist(void); |
222 | // remount a directory read-only | 227 | // remount a directory read-only |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index b3748de51..42d31f567 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -83,6 +83,37 @@ void fs_build_mnt_dir(void) { | |||
83 | } | 83 | } |
84 | } | 84 | } |
85 | 85 | ||
86 | // grab a copy of cp command | ||
87 | void fs_build_cp_command(void) { | ||
88 | struct stat s; | ||
89 | fs_build_mnt_dir(); | ||
90 | if (stat(CP_COMMAND, &s)) { | ||
91 | char* fname = realpath("/bin/cp", NULL); | ||
92 | if (fname == NULL) { | ||
93 | fprintf(stderr, "Error: /bin/cp not found\n"); | ||
94 | exit(1); | ||
95 | } | ||
96 | if (stat(fname, &s)) { | ||
97 | fprintf(stderr, "Error: /bin/cp not found\n"); | ||
98 | exit(1); | ||
99 | } | ||
100 | int rv = copy_file(fname, CP_COMMAND); | ||
101 | if (rv) { | ||
102 | fprintf(stderr, "Error: cannot access /bin/cp\n"); | ||
103 | exit(1); | ||
104 | } | ||
105 | if (chmod(CP_COMMAND, 0755)) | ||
106 | errExit("chmod"); | ||
107 | |||
108 | free(fname); | ||
109 | } | ||
110 | } | ||
111 | |||
112 | // delete the temporary cp command | ||
113 | void fs_delete_cp_command(void) { | ||
114 | unlink(CP_COMMAND); | ||
115 | } | ||
116 | |||
86 | //*********************************************** | 117 | //*********************************************** |
87 | // process profile file | 118 | // process profile file |
88 | //*********************************************** | 119 | //*********************************************** |
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c index 668223755..0105716b2 100644 --- a/src/firejail/fs_bin.c +++ b/src/firejail/fs_bin.c | |||
@@ -137,7 +137,7 @@ static void duplicate(char *fname) { | |||
137 | char *actual_path = realpath(full_path, NULL); | 137 | char *actual_path = realpath(full_path, NULL); |
138 | if (actual_path) { | 138 | if (actual_path) { |
139 | // copy the file | 139 | // copy the file |
140 | if (asprintf(&cmd, "cp -a %s %s/%s", actual_path, BIN_DIR, fname) == -1) | 140 | if (asprintf(&cmd, "%s -a %s %s/%s", CP_COMMAND, actual_path, BIN_DIR, fname) == -1) |
141 | errExit("asprintf"); | 141 | errExit("asprintf"); |
142 | if (arg_debug) | 142 | if (arg_debug) |
143 | printf("%s\n", cmd); | 143 | printf("%s\n", cmd); |
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index 8e5fe1b86..617d45d06 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c | |||
@@ -76,7 +76,7 @@ static void duplicate(char *fname) { | |||
76 | char *cmd; | 76 | char *cmd; |
77 | 77 | ||
78 | // copy the file | 78 | // copy the file |
79 | if (asprintf(&cmd, "cp -a --parents /etc/%s %s", fname, MNT_DIR) == -1) | 79 | if (asprintf(&cmd, "%s -a --parents /etc/%s %s", CP_COMMAND, fname, MNT_DIR) == -1) |
80 | errExit("asprintf"); | 80 | errExit("asprintf"); |
81 | if (arg_debug) | 81 | if (arg_debug) |
82 | printf("%s\n", cmd); | 82 | printf("%s\n", cmd); |
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 1144e90e8..2cbb59e69 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -376,7 +376,7 @@ static void duplicate(char *name) { | |||
376 | } | 376 | } |
377 | 377 | ||
378 | // copy the file | 378 | // copy the file |
379 | if (asprintf(&cmd, "cp -a --parents \"%s\" %s", fname, HOME_DIR) == -1) | 379 | if (asprintf(&cmd, "%s -a --parents \"%s\" %s", CP_COMMAND, fname, HOME_DIR) == -1) |
380 | errExit("asprintf"); | 380 | errExit("asprintf"); |
381 | if (arg_debug) | 381 | if (arg_debug) |
382 | printf("%s\n", cmd); | 382 | printf("%s\n", cmd); |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 6eab5fc4e..51ca2daf5 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -170,6 +170,8 @@ int sandbox(void* sandbox_arg) { | |||
170 | netfilter(arg_netfilter_file); | 170 | netfilter(arg_netfilter_file); |
171 | } | 171 | } |
172 | 172 | ||
173 | fs_build_cp_command(); | ||
174 | |||
173 | //**************************** | 175 | //**************************** |
174 | // trace pre-install | 176 | // trace pre-install |
175 | //**************************** | 177 | //**************************** |
@@ -365,6 +367,8 @@ int sandbox(void* sandbox_arg) { | |||
365 | printf("\n"); | 367 | printf("\n"); |
366 | } | 368 | } |
367 | } | 369 | } |
370 | |||
371 | fs_delete_cp_command(); | ||
368 | 372 | ||
369 | //**************************** | 373 | //**************************** |
370 | // start executable | 374 | // start executable |