diff options
author | netblue30 <netblue30@yahoo.com> | 2016-01-22 09:59:12 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-01-22 09:59:12 -0500 |
commit | 4d53c56e6c999405107887889866b220df4dd3c2 (patch) | |
tree | 8905c15c9be44b21a93aa53c6bfe8633a7b0abf0 | |
parent | profile cleanup (diff) | |
download | firejail-4d53c56e6c999405107887889866b220df4dd3c2.tar.gz firejail-4d53c56e6c999405107887889866b220df4dd3c2.tar.zst firejail-4d53c56e6c999405107887889866b220df4dd3c2.zip |
fixed .asoundrc problems for Debian sid
-rw-r--r-- | etc/whitelist-common.inc | 1 | ||||
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/fs_home.c | 69 |
3 files changed, 64 insertions, 7 deletions
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc index 97105e0b4..3c8318ff8 100644 --- a/etc/whitelist-common.inc +++ b/etc/whitelist-common.inc | |||
@@ -4,6 +4,7 @@ whitelist ~/.config/mimeapps.list | |||
4 | whitelist ~/.icons | 4 | whitelist ~/.icons |
5 | whitelist ~/.config/user-dirs.dirs | 5 | whitelist ~/.config/user-dirs.dirs |
6 | read-only ~/.config/user-dirs.dirs | 6 | read-only ~/.config/user-dirs.dirs |
7 | whitelist ~/.asoundrc | ||
7 | 8 | ||
8 | # fonts | 9 | # fonts |
9 | whitelist ~/.fonts | 10 | whitelist ~/.fonts |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 3a7d84996..21ca6c508 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -49,6 +49,7 @@ | |||
49 | #define RUN_WHITELIST_OPT_DIR "/run/firejail/mnt/orig-opt" | 49 | #define RUN_WHITELIST_OPT_DIR "/run/firejail/mnt/orig-opt" |
50 | 50 | ||
51 | #define RUN_XAUTHORITY_FILE "/run/firejail/mnt/.Xauthority" | 51 | #define RUN_XAUTHORITY_FILE "/run/firejail/mnt/.Xauthority" |
52 | #define RUN_ASOUNDRC_FILE "/run/firejail/mnt/.asoundrc" | ||
52 | #define RUN_HOSTNAME_FILE "/run/firejail/mnt/hostname" | 53 | #define RUN_HOSTNAME_FILE "/run/firejail/mnt/hostname" |
53 | #define RUN_HOSTS_FILE "/run/firejail/mnt/hosts" | 54 | #define RUN_HOSTS_FILE "/run/firejail/mnt/hosts" |
54 | #define RUN_RESOLVCONF_FILE "/run/firejail/mnt/resolv.conf" | 55 | #define RUN_RESOLVCONF_FILE "/run/firejail/mnt/resolv.conf" |
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index ba62b788a..08141ed03 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -135,6 +135,28 @@ static int store_xauthority(void) { | |||
135 | return 0; | 135 | return 0; |
136 | } | 136 | } |
137 | 137 | ||
138 | static int store_asoundrc(void) { | ||
139 | // put a copy of .Xauthority in XAUTHORITY_FILE | ||
140 | fs_build_mnt_dir(); | ||
141 | |||
142 | char *src; | ||
143 | char *dest = RUN_ASOUNDRC_FILE; | ||
144 | if (asprintf(&src, "%s/.asoundrc", cfg.homedir) == -1) | ||
145 | errExit("asprintf"); | ||
146 | |||
147 | struct stat s; | ||
148 | if (stat(src, &s) == 0) { | ||
149 | int rv = copy_file(src, dest); | ||
150 | if (rv) { | ||
151 | fprintf(stderr, "Warning: cannot transfer .asoundrc in private home directory\n"); | ||
152 | return 0; | ||
153 | } | ||
154 | return 1; // file copied | ||
155 | } | ||
156 | |||
157 | return 0; | ||
158 | } | ||
159 | |||
138 | static void copy_xauthority(void) { | 160 | static void copy_xauthority(void) { |
139 | // copy XAUTHORITY_FILE in the new home directory | 161 | // copy XAUTHORITY_FILE in the new home directory |
140 | char *src = RUN_XAUTHORITY_FILE ; | 162 | char *src = RUN_XAUTHORITY_FILE ; |
@@ -144,13 +166,38 @@ static void copy_xauthority(void) { | |||
144 | int rv = copy_file(src, dest); | 166 | int rv = copy_file(src, dest); |
145 | if (rv) | 167 | if (rv) |
146 | fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n"); | 168 | fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n"); |
147 | fs_logger2("clone", dest); | 169 | else { |
170 | fs_logger2("clone", dest); | ||
171 | |||
172 | // set permissions and ownership | ||
173 | if (chown(dest, getuid(), getgid()) < 0) | ||
174 | errExit("chown"); | ||
175 | if (chmod(dest, S_IRUSR | S_IWUSR) < 0) | ||
176 | errExit("chmod"); | ||
177 | } | ||
178 | |||
179 | // delete the temporary file | ||
180 | unlink(src); | ||
181 | } | ||
148 | 182 | ||
149 | // set permissions and ownership | 183 | static void copy_asoundrc(void) { |
150 | if (chown(dest, getuid(), getgid()) < 0) | 184 | // copy XAUTHORITY_FILE in the new home directory |
151 | errExit("chown"); | 185 | char *src = RUN_ASOUNDRC_FILE ; |
152 | if (chmod(dest, S_IRUSR | S_IWUSR) < 0) | 186 | char *dest; |
153 | errExit("chmod"); | 187 | if (asprintf(&dest, "%s/.asoundrc", cfg.homedir) == -1) |
188 | errExit("asprintf"); | ||
189 | int rv = copy_file(src, dest); | ||
190 | if (rv) | ||
191 | fprintf(stderr, "Warning: cannot transfer .asoundrc in private home directory\n"); | ||
192 | else { | ||
193 | fs_logger2("clone", dest); | ||
194 | |||
195 | // set permissions and ownership | ||
196 | if (chown(dest, getuid(), getgid()) < 0) | ||
197 | errExit("chown"); | ||
198 | if (chmod(dest, S_IRUSR | S_IWUSR) < 0) | ||
199 | errExit("chmod"); | ||
200 | } | ||
154 | 201 | ||
155 | // delete the temporary file | 202 | // delete the temporary file |
156 | unlink(src); | 203 | unlink(src); |
@@ -168,6 +215,7 @@ void fs_private_homedir(void) { | |||
168 | assert(private_homedir); | 215 | assert(private_homedir); |
169 | 216 | ||
170 | int xflag = store_xauthority(); | 217 | int xflag = store_xauthority(); |
218 | int aflag = store_asoundrc(); | ||
171 | 219 | ||
172 | uid_t u = getuid(); | 220 | uid_t u = getuid(); |
173 | gid_t g = getgid(); | 221 | gid_t g = getgid(); |
@@ -211,6 +259,8 @@ void fs_private_homedir(void) { | |||
211 | skel(homedir, u, g); | 259 | skel(homedir, u, g); |
212 | if (xflag) | 260 | if (xflag) |
213 | copy_xauthority(); | 261 | copy_xauthority(); |
262 | if (aflag) | ||
263 | copy_asoundrc(); | ||
214 | } | 264 | } |
215 | 265 | ||
216 | // private mode (--private): | 266 | // private mode (--private): |
@@ -225,6 +275,7 @@ void fs_private(void) { | |||
225 | gid_t g = getgid(); | 275 | gid_t g = getgid(); |
226 | 276 | ||
227 | int xflag = store_xauthority(); | 277 | int xflag = store_xauthority(); |
278 | int aflag = store_asoundrc(); | ||
228 | 279 | ||
229 | // mask /home | 280 | // mask /home |
230 | if (arg_debug) | 281 | if (arg_debug) |
@@ -258,6 +309,8 @@ void fs_private(void) { | |||
258 | skel(homedir, u, g); | 309 | skel(homedir, u, g); |
259 | if (xflag) | 310 | if (xflag) |
260 | copy_xauthority(); | 311 | copy_xauthority(); |
312 | if (aflag) | ||
313 | copy_asoundrc(); | ||
261 | } | 314 | } |
262 | 315 | ||
263 | static void check_dir_or_file(const char *name) { | 316 | static void check_dir_or_file(const char *name) { |
@@ -410,6 +463,7 @@ void fs_private_home_list(void) { | |||
410 | assert(private_list); | 463 | assert(private_list); |
411 | 464 | ||
412 | int xflag = store_xauthority(); | 465 | int xflag = store_xauthority(); |
466 | int aflag = store_asoundrc(); | ||
413 | 467 | ||
414 | uid_t u = getuid(); | 468 | uid_t u = getuid(); |
415 | gid_t g = getgid(); | 469 | gid_t g = getgid(); |
@@ -501,6 +555,7 @@ void fs_private_home_list(void) { | |||
501 | skel(homedir, u, g); | 555 | skel(homedir, u, g); |
502 | if (xflag) | 556 | if (xflag) |
503 | copy_xauthority(); | 557 | copy_xauthority(); |
504 | 558 | if (aflag) | |
559 | copy_asoundrc(); | ||
505 | } | 560 | } |
506 | 561 | ||