diff options
author | netblue30 <netblue30@yahoo.com> | 2016-10-09 11:20:41 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-10-09 11:20:41 -0400 |
commit | e0f28ab1a1551f78154670283e1dbb2af99853b5 (patch) | |
tree | ff35af518f96241f77dc51c3c42d7300f5c1ec54 | |
parent | moving appimage mount point from /tmp to /run - fixing --private-tmp (diff) | |
download | firejail-e0f28ab1a1551f78154670283e1dbb2af99853b5.tar.gz firejail-e0f28ab1a1551f78154670283e1dbb2af99853b5.tar.zst firejail-e0f28ab1a1551f78154670283e1dbb2af99853b5.zip |
cleanup
-rw-r--r-- | src/firejail/fs.c | 13 | ||||
-rw-r--r-- | src/firejail/fs_bin.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_etc.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_home.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_trace.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_var.c | 2 | ||||
-rw-r--r-- | src/firejail/seccomp.c | 8 |
7 files changed, 16 insertions, 15 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index d63ed104f..a5f12c7df 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -77,14 +77,15 @@ void fs_build_firejail_dir(void) { | |||
77 | if (stat(RUN_FIREJAIL_BASEDIR, &s)) { | 77 | if (stat(RUN_FIREJAIL_BASEDIR, &s)) { |
78 | create_dir_as_root(RUN_FIREJAIL_BASEDIR, 0755); | 78 | create_dir_as_root(RUN_FIREJAIL_BASEDIR, 0755); |
79 | } | 79 | } |
80 | else { // check /tmp/firejail directory belongs to root end exit if doesn't! | 80 | |
81 | // check /run/firejail directory belongs to root end exit if doesn't! | ||
82 | if (stat(RUN_FIREJAIL_DIR, &s) == 0) { | ||
81 | if (s.st_uid != 0 || s.st_gid != 0) { | 83 | if (s.st_uid != 0 || s.st_gid != 0) { |
82 | fprintf(stderr, "Error: non-root %s directory, exiting...\n", RUN_FIREJAIL_DIR); | 84 | fprintf(stderr, "Error: non-root %s directory, exiting...\n", RUN_FIREJAIL_DIR); |
83 | exit(1); | 85 | exit(1); |
84 | } | 86 | } |
85 | } | 87 | } |
86 | 88 | else { | |
87 | if (stat(RUN_FIREJAIL_DIR, &s)) { | ||
88 | create_dir_as_root(RUN_FIREJAIL_DIR, 0755); | 89 | create_dir_as_root(RUN_FIREJAIL_DIR, 0755); |
89 | } | 90 | } |
90 | 91 | ||
@@ -113,7 +114,7 @@ void fs_build_firejail_dir(void) { | |||
113 | } | 114 | } |
114 | 115 | ||
115 | 116 | ||
116 | // build /tmp/firejail/mnt directory | 117 | // build /run/firejail/mnt directory |
117 | static int tmpfs_mounted = 0; | 118 | static int tmpfs_mounted = 0; |
118 | #ifdef HAVE_CHROOT | 119 | #ifdef HAVE_CHROOT |
119 | static void fs_build_remount_mnt_dir(void) { | 120 | static void fs_build_remount_mnt_dir(void) { |
@@ -137,7 +138,7 @@ void fs_build_mnt_dir(void) { | |||
137 | if (arg_debug) | 138 | if (arg_debug) |
138 | printf("Mounting tmpfs on %s directory\n", RUN_MNT_DIR); | 139 | printf("Mounting tmpfs on %s directory\n", RUN_MNT_DIR); |
139 | if (mount("tmpfs", RUN_MNT_DIR, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) | 140 | if (mount("tmpfs", RUN_MNT_DIR, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) |
140 | errExit("mounting /tmp/firejail/mnt"); | 141 | errExit("mounting /run/firejail/mnt"); |
141 | tmpfs_mounted = 1; | 142 | tmpfs_mounted = 1; |
142 | fs_logger2("tmpfs", RUN_MNT_DIR); | 143 | fs_logger2("tmpfs", RUN_MNT_DIR); |
143 | } | 144 | } |
@@ -1254,7 +1255,7 @@ void fs_private_tmp(void) { | |||
1254 | if (arg_debug) | 1255 | if (arg_debug) |
1255 | printf("Mounting tmpfs on /tmp directory\n"); | 1256 | printf("Mounting tmpfs on /tmp directory\n"); |
1256 | if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=1777,gid=0") < 0) | 1257 | if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=1777,gid=0") < 0) |
1257 | errExit("mounting /tmp/firejail/mnt"); | 1258 | errExit("mounting tmpfs on /tmp directory"); |
1258 | fs_logger2("tmpfs", "/tmp"); | 1259 | fs_logger2("tmpfs", "/tmp"); |
1259 | } | 1260 | } |
1260 | 1261 | ||
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c index 40539305f..e65474f44 100644 --- a/src/firejail/fs_bin.c +++ b/src/firejail/fs_bin.c | |||
@@ -208,7 +208,7 @@ void fs_private_bin_list(void) { | |||
208 | char *private_list = cfg.bin_private_keep; | 208 | char *private_list = cfg.bin_private_keep; |
209 | assert(private_list); | 209 | assert(private_list); |
210 | 210 | ||
211 | // create /tmp/firejail/mnt/bin directory | 211 | // create /run/firejail/mnt/bin directory |
212 | fs_build_mnt_dir(); | 212 | fs_build_mnt_dir(); |
213 | if (mkdir(RUN_BIN_DIR, 0755) == -1) | 213 | if (mkdir(RUN_BIN_DIR, 0755) == -1) |
214 | errExit("mkdir"); | 214 | errExit("mkdir"); |
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index e860bc173..fc9e40ca0 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c | |||
@@ -128,7 +128,7 @@ void fs_private_etc_list(void) { | |||
128 | exit(1); | 128 | exit(1); |
129 | } | 129 | } |
130 | 130 | ||
131 | // create /tmp/firejail/mnt/etc directory | 131 | // create /run/firejail/mnt/etc directory |
132 | fs_build_mnt_dir(); | 132 | fs_build_mnt_dir(); |
133 | if (mkdir(RUN_ETC_DIR, 0755) == -1) | 133 | if (mkdir(RUN_ETC_DIR, 0755) == -1) |
134 | errExit("mkdir"); | 134 | errExit("mkdir"); |
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 63d5a1c5e..bd3c404e9 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -591,7 +591,7 @@ void fs_private_home_list(void) { | |||
591 | exit(1); | 591 | exit(1); |
592 | } | 592 | } |
593 | 593 | ||
594 | // create /tmp/firejail/mnt/home directory | 594 | // create /run/firejail/mnt/home directory |
595 | fs_build_mnt_dir(); | 595 | fs_build_mnt_dir(); |
596 | int rv = mkdir(RUN_HOME_DIR, 0755); | 596 | int rv = mkdir(RUN_HOME_DIR, 0755); |
597 | if (rv == -1) | 597 | if (rv == -1) |
diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c index 78fc8a647..37e899f12 100644 --- a/src/firejail/fs_trace.c +++ b/src/firejail/fs_trace.c | |||
@@ -44,7 +44,7 @@ void fs_trace_preload(void) { | |||
44 | } | 44 | } |
45 | 45 | ||
46 | void fs_trace(void) { | 46 | void fs_trace(void) { |
47 | // create /tmp/firejail/mnt directory | 47 | // create /run/firejail/mnt directory |
48 | fs_build_mnt_dir(); | 48 | fs_build_mnt_dir(); |
49 | 49 | ||
50 | // create the new ld.so.preload file and mount-bind it | 50 | // create the new ld.so.preload file and mount-bind it |
diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c index a578d04e6..4468efb10 100644 --- a/src/firejail/fs_var.c +++ b/src/firejail/fs_var.c | |||
@@ -317,7 +317,7 @@ void fs_var_utmp(void) { | |||
317 | return; | 317 | return; |
318 | } | 318 | } |
319 | 319 | ||
320 | // create /tmp/firejail/mnt directory | 320 | // create /run/firejail/mnt directory |
321 | fs_build_mnt_dir(); | 321 | fs_build_mnt_dir(); |
322 | 322 | ||
323 | // create a new utmp file | 323 | // create a new utmp file |
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c index c2da1168a..549359d94 100644 --- a/src/firejail/seccomp.c +++ b/src/firejail/seccomp.c | |||
@@ -708,7 +708,7 @@ int seccomp_filter_drop(int enforce_seccomp) { | |||
708 | if (arg_debug) | 708 | if (arg_debug) |
709 | filter_debug(); | 709 | filter_debug(); |
710 | 710 | ||
711 | // save seccomp filter in /tmp/firejail/mnt/seccomp | 711 | // save seccomp filter in /run/firejail/mnt/seccomp |
712 | // in order to use it in --join operations | 712 | // in order to use it in --join operations |
713 | write_seccomp_file(); | 713 | write_seccomp_file(); |
714 | 714 | ||
@@ -754,7 +754,7 @@ int seccomp_filter_keep(void) { | |||
754 | if (arg_debug) | 754 | if (arg_debug) |
755 | filter_debug(); | 755 | filter_debug(); |
756 | 756 | ||
757 | // save seccomp filter in /tmp/firejail/mnt/seccomp | 757 | // save seccomp filter in /run/firejail/mnt/seccomp |
758 | // in order to use it in --join operations | 758 | // in order to use it in --join operations |
759 | write_seccomp_file(); | 759 | write_seccomp_file(); |
760 | 760 | ||
@@ -796,7 +796,7 @@ int seccomp_filter_errno(void) { | |||
796 | if (arg_debug) | 796 | if (arg_debug) |
797 | filter_debug(); | 797 | filter_debug(); |
798 | 798 | ||
799 | // save seccomp filter in /tmp/firejail/mnt/seccomp | 799 | // save seccomp filter in /run/firejail/mnt/seccomp |
800 | // in order to use it in --join operations | 800 | // in order to use it in --join operations |
801 | write_seccomp_file(); | 801 | write_seccomp_file(); |
802 | 802 | ||
@@ -819,7 +819,7 @@ int seccomp_filter_errno(void) { | |||
819 | 819 | ||
820 | 820 | ||
821 | void seccomp_set(void) { | 821 | void seccomp_set(void) { |
822 | // read seccomp filter from /tmp/firejail/mnt/seccomp | 822 | // read seccomp filter from /runp/firejail/mnt/seccomp |
823 | read_seccomp_file(RUN_SECCOMP_CFG); | 823 | read_seccomp_file(RUN_SECCOMP_CFG); |
824 | 824 | ||
825 | // apply filter | 825 | // apply filter |