diff options
author | Aleksey Manevich <manevich.aleksey@gmail.com> | 2016-08-23 19:46:43 +0300 |
---|---|---|
committer | Aleksey Manevich <manevich.aleksey@gmail.com> | 2016-08-24 00:47:30 +0300 |
commit | 9e025dab2a228092058d170daa78290a33e626b3 (patch) | |
tree | c2df004901452d94cfd2fc9608189cfa34dd36b1 | |
parent | remove unneeded chown (diff) | |
download | firejail-9e025dab2a228092058d170daa78290a33e626b3.tar.gz firejail-9e025dab2a228092058d170daa78290a33e626b3.tar.zst firejail-9e025dab2a228092058d170daa78290a33e626b3.zip |
ASSERT_PERMS macros
-rw-r--r-- | src/firejail/appimage.c | 1 | ||||
-rw-r--r-- | src/firejail/firejail.h | 23 |
2 files changed, 23 insertions, 1 deletions
diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c index 37e3de5d8..513a5a8a2 100644 --- a/src/firejail/appimage.c +++ b/src/firejail/appimage.c | |||
@@ -81,6 +81,7 @@ void appimage_set(const char *appimage_path) { | |||
81 | fprintf(stderr, "Error: cannot create temporary directory\n"); | 81 | fprintf(stderr, "Error: cannot create temporary directory\n"); |
82 | exit(1); | 82 | exit(1); |
83 | } | 83 | } |
84 | ASSERT_PERMS(mntdir, getuid(), getgid(), 0700); | ||
84 | 85 | ||
85 | char *mode; | 86 | char *mode; |
86 | if (asprintf(&mode, "mode=700,uid=%d,gid=%d", getuid(), getgid()) == -1) | 87 | if (asprintf(&mode, "mode=700,uid=%d,gid=%d", getuid(), getgid()) == -1) |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 8e30e929a..4bc953e24 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -75,6 +75,27 @@ | |||
75 | #define DEFAULT_ROOT_PROFILE "server" | 75 | #define DEFAULT_ROOT_PROFILE "server" |
76 | #define MAX_INCLUDE_LEVEL 6 // include levels in profile files | 76 | #define MAX_INCLUDE_LEVEL 6 // include levels in profile files |
77 | 77 | ||
78 | |||
79 | #define ASSERT_PERMS(file, uid, gid, mode) \ | ||
80 | do { \ | ||
81 | assert(file);\ | ||
82 | struct stat s;\ | ||
83 | if (stat(file, &s) == -1) errExit("stat");\ | ||
84 | assert(s.st_uid == uid && s.st_gid == gid && (s.st_mode & 07777) == mode);\ | ||
85 | } while (0) | ||
86 | #define ASSERT_PERMS_FD(fd, uid, gid, mode) \ | ||
87 | do { \ | ||
88 | struct stat s;\ | ||
89 | if (stat(fd, &s) == -1) errExit("stat");\ | ||
90 | assert(s.st_uid == uid && s.st_gid == gid && (s.st_mode & 07777) == mode);\ | ||
91 | } while (0) | ||
92 | #define ASSERT_PERMS_STREAM(file, uid, gid, mode) \ | ||
93 | do { \ | ||
94 | int fd = fileno(file);\ | ||
95 | if (fd == -1) errExit("fileno");\ | ||
96 | ASSERT_PERMS_FD(fd, uid, gid, mode);\ | ||
97 | } while (0) | ||
98 | |||
78 | // main.c | 99 | // main.c |
79 | typedef struct bridge_t { | 100 | typedef struct bridge_t { |
80 | // on the host | 101 | // on the host |
@@ -386,7 +407,7 @@ void logsignal(int s); | |||
386 | void logmsg(const char *msg); | 407 | void logmsg(const char *msg); |
387 | void logargs(int argc, char **argv) ; | 408 | void logargs(int argc, char **argv) ; |
388 | void logerr(const char *msg); | 409 | void logerr(const char *msg); |
389 | int copy_file(const char *srcname, const char *destname); | 410 | int copy_file(const char *srcname, const char *destname, uid_t uid, gid_t gid, mode_t mode); |
390 | int is_dir(const char *fname); | 411 | int is_dir(const char *fname); |
391 | int is_link(const char *fname); | 412 | int is_link(const char *fname); |
392 | char *line_remove_spaces(const char *buf); | 413 | char *line_remove_spaces(const char *buf); |