diff options
author | netblue30 <netblue30@yahoo.com> | 2017-01-11 19:43:07 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-01-11 19:43:07 -0500 |
commit | 385ce504eaf504316d9579fdefbf4ada2ff9105e (patch) | |
tree | 6db26871d99987598ad01a3cdb69cf6499caf996 | |
parent | fix (diff) | |
download | firejail-385ce504eaf504316d9579fdefbf4ada2ff9105e.tar.gz firejail-385ce504eaf504316d9579fdefbf4ada2ff9105e.tar.zst firejail-385ce504eaf504316d9579fdefbf4ada2ff9105e.zip |
copy_file cleanup
-rw-r--r-- | src/firejail/x11.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 91017237d..4e0b46fb8 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -653,11 +653,7 @@ void x11_xorg(void) { | |||
653 | struct stat s; | 653 | struct stat s; |
654 | if (stat(dest, &s) == -1) { | 654 | if (stat(dest, &s) == -1) { |
655 | // create an .Xauthority file | 655 | // create an .Xauthority file |
656 | FILE *fp = fopen(dest, "w"); | 656 | touch_file_as_user(dest, getuid(), getgid(), 0600); |
657 | if (!fp) | ||
658 | errExit("fopen"); | ||
659 | SET_PERMS_STREAM(fp, getuid(), getgid(), 0600); | ||
660 | fclose(fp); | ||
661 | } | 657 | } |
662 | 658 | ||
663 | // check xauth utility is present in the system | 659 | // check xauth utility is present in the system |
@@ -666,6 +662,10 @@ void x11_xorg(void) { | |||
666 | exit(1); | 662 | exit(1); |
667 | } | 663 | } |
668 | 664 | ||
665 | // temporarily mount a tempfs on top of /tmp directory | ||
666 | if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) | ||
667 | errExit("mounting /tmp"); | ||
668 | |||
669 | // create a temporary .Xauthority file | 669 | // create a temporary .Xauthority file |
670 | char tmpfname[] = "/tmp/.tmpXauth-XXXXXX"; | 670 | char tmpfname[] = "/tmp/.tmpXauth-XXXXXX"; |
671 | int fd = mkstemp(tmpfname); | 671 | int fd = mkstemp(tmpfname); |
@@ -673,9 +673,9 @@ void x11_xorg(void) { | |||
673 | fprintf(stderr, "Error: cannot create .Xauthority file\n"); | 673 | fprintf(stderr, "Error: cannot create .Xauthority file\n"); |
674 | exit(1); | 674 | exit(1); |
675 | } | 675 | } |
676 | close(fd); | 676 | if (fchown(fd, getuid(), getgid()) == -1) |
677 | if (chown(tmpfname, getuid(), getgid()) == -1) | ||
678 | errExit("chown"); | 677 | errExit("chown"); |
678 | close(fd); | ||
679 | 679 | ||
680 | pid_t child = fork(); | 680 | pid_t child = fork(); |
681 | if (child < 0) | 681 | if (child < 0) |
@@ -713,7 +713,7 @@ void x11_xorg(void) { | |||
713 | 713 | ||
714 | // move the temporary file in RUN_XAUTHORITY_SEC_FILE in order to have it deleted | 714 | // move the temporary file in RUN_XAUTHORITY_SEC_FILE in order to have it deleted |
715 | // automatically when the sandbox is closed | 715 | // automatically when the sandbox is closed |
716 | if (copy_file(tmpfname, RUN_XAUTHORITY_SEC_FILE, getuid(), getgid(), 0600)) { | 716 | if (copy_file(tmpfname, RUN_XAUTHORITY_SEC_FILE, getuid(), getgid(), 0600)) { // root needed |
717 | fprintf(stderr, "Error: cannot create the new .Xauthority file\n"); | 717 | fprintf(stderr, "Error: cannot create the new .Xauthority file\n"); |
718 | exit(1); | 718 | exit(1); |
719 | } | 719 | } |
@@ -730,5 +730,8 @@ void x11_xorg(void) { | |||
730 | if (set_perms(dest, getuid(), getgid(), 0600)) | 730 | if (set_perms(dest, getuid(), getgid(), 0600)) |
731 | errExit("set_perms"); | 731 | errExit("set_perms"); |
732 | free(dest); | 732 | free(dest); |
733 | |||
734 | // unmount /tmp | ||
735 | umount("/tmp"); | ||
733 | #endif | 736 | #endif |
734 | } | 737 | } |