diff options
author | netblue30 <netblue30@yahoo.com> | 2016-06-06 10:09:21 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-06-06 10:09:21 -0400 |
commit | 9fc8878b4131b34e4425d0b0eb30b477a71b1c44 (patch) | |
tree | 4f26e75c6cd1d6c92693f70a9536da0d76708c7b | |
parent | /proc cleanup (diff) | |
download | firejail-9fc8878b4131b34e4425d0b0eb30b477a71b1c44.tar.gz firejail-9fc8878b4131b34e4425d0b0eb30b477a71b1c44.tar.zst firejail-9fc8878b4131b34e4425d0b0eb30b477a71b1c44.zip |
appimage fixes
-rw-r--r-- | src/firejail/appimage.c | 43 | ||||
-rw-r--r-- | src/firejail/firejail.h | 3 | ||||
-rw-r--r-- | src/firejail/fs.c | 2 | ||||
-rw-r--r-- | src/firejail/main.c | 11 |
4 files changed, 38 insertions, 21 deletions
diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c index e25d50a2d..59ce31052 100644 --- a/src/firejail/appimage.c +++ b/src/firejail/appimage.c | |||
@@ -26,11 +26,14 @@ | |||
26 | #include <sys/mount.h> | 26 | #include <sys/mount.h> |
27 | #include <fcntl.h> | 27 | #include <fcntl.h> |
28 | #include <linux/loop.h> | 28 | #include <linux/loop.h> |
29 | #include <errno.h> | ||
29 | 30 | ||
31 | static char *devloop = NULL; // device file | ||
32 | static char *mntdir = NULL; // mount point in /tmp directory | ||
30 | 33 | ||
31 | 34 | void appimage_set(const char *appimage_path) { | |
32 | char *appimage_set(const char *appimage_path) { | ||
33 | assert(appimage_path); | 35 | assert(appimage_path); |
36 | assert(devloop == NULL); // don't call this twice! | ||
34 | EUID_ASSERT(); | 37 | EUID_ASSERT(); |
35 | 38 | ||
36 | // check appimage_path | 39 | // check appimage_path |
@@ -49,7 +52,6 @@ char *appimage_set(const char *appimage_path) { | |||
49 | exit(1); | 52 | exit(1); |
50 | } | 53 | } |
51 | close(cfd); | 54 | close(cfd); |
52 | char *devloop; | ||
53 | if (asprintf(&devloop, "/dev/loop%d", devnr) == -1) | 55 | if (asprintf(&devloop, "/dev/loop%d", devnr) == -1) |
54 | errExit("asprintf"); | 56 | errExit("asprintf"); |
55 | 57 | ||
@@ -63,15 +65,17 @@ char *appimage_set(const char *appimage_path) { | |||
63 | close(ffd); | 65 | close(ffd); |
64 | 66 | ||
65 | char dirname[] = "/tmp/firejail-mnt-XXXXXX"; | 67 | char dirname[] = "/tmp/firejail-mnt-XXXXXX"; |
66 | char *mntdir = strdup(mkdtemp(dirname)); | 68 | mntdir = strdup(mkdtemp(dirname)); |
67 | if (mntdir == NULL) { | 69 | if (mntdir == NULL) { |
68 | fprintf(stderr, "Error: cannot create temporary directory\n"); | 70 | fprintf(stderr, "Error: cannot create temporary directory\n"); |
69 | exit(1); | 71 | exit(1); |
70 | } | 72 | } |
71 | mkdir(mntdir, 755); | 73 | mkdir(mntdir, 755); |
72 | chown(mntdir, getuid(), getgid()); | 74 | if (chown(mntdir, getuid(), getgid()) == -1) |
73 | chmod(mntdir, 755); | 75 | errExit("chown"); |
74 | 76 | if (chmod(mntdir, 755) == -1) | |
77 | errExit("chmod"); | ||
78 | |||
75 | char *mode; | 79 | char *mode; |
76 | if (asprintf(&mode, "mode=755,uid=%d,gid=%d", getuid(), getgid()) == -1) | 80 | if (asprintf(&mode, "mode=755,uid=%d,gid=%d", getuid(), getgid()) == -1) |
77 | errExit("asprintf"); | 81 | errExit("asprintf"); |
@@ -79,6 +83,7 @@ char *appimage_set(const char *appimage_path) { | |||
79 | if (mount(devloop, mntdir, "iso9660",MS_MGC_VAL|MS_RDONLY, mode) < 0) | 83 | if (mount(devloop, mntdir, "iso9660",MS_MGC_VAL|MS_RDONLY, mode) < 0) |
80 | errExit("mounting appimage"); | 84 | errExit("mounting appimage"); |
81 | 85 | ||
86 | |||
82 | if (arg_debug) | 87 | if (arg_debug) |
83 | printf("appimage mounted on %s\n", mntdir); | 88 | printf("appimage mounted on %s\n", mntdir); |
84 | EUID_USER(); | 89 | EUID_USER(); |
@@ -87,8 +92,26 @@ char *appimage_set(const char *appimage_path) { | |||
87 | if (asprintf(&cfg.command_line, "%s/AppRun", mntdir) == -1) | 92 | if (asprintf(&cfg.command_line, "%s/AppRun", mntdir) == -1) |
88 | errExit("asprintf"); | 93 | errExit("asprintf"); |
89 | 94 | ||
90 | free(devloop); | ||
91 | free(mode); | 95 | free(mode); |
92 | 96 | } | |
93 | return mntdir; | 97 | |
98 | void appimage_clear(void) { | ||
99 | int rv; | ||
100 | |||
101 | if (mntdir) { | ||
102 | rv = umount2(mntdir, MNT_FORCE); | ||
103 | if (rv == -1 && errno == EBUSY) { | ||
104 | sleep(1); | ||
105 | rv = umount2(mntdir, MNT_FORCE); | ||
106 | |||
107 | } | ||
108 | rmdir(mntdir); | ||
109 | free(mntdir); | ||
110 | } | ||
111 | |||
112 | if (devloop) { | ||
113 | int lfd = open(devloop, O_RDONLY); | ||
114 | rv = ioctl(lfd, LOOP_CLR_FD, 0); | ||
115 | close(lfd); | ||
116 | } | ||
94 | } | 117 | } |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 00674c047..2d5e05f79 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -576,7 +576,8 @@ void fs_rdwr_add(const char *path); | |||
576 | void fs_rdwr(void); | 576 | void fs_rdwr(void); |
577 | 577 | ||
578 | // appimage.c | 578 | // appimage.c |
579 | char *appimage_set(const char *appimage_path); | 579 | void appimage_set(const char *appimage_path); |
580 | void appimage_clear(void); | ||
580 | 581 | ||
581 | #endif | 582 | #endif |
582 | 583 | ||
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 984d413a3..8cae9191c 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -570,8 +570,6 @@ void fs_rdonly_noexit(const char *dir) { | |||
570 | 570 | ||
571 | // mount /proc and /sys directories | 571 | // mount /proc and /sys directories |
572 | void fs_proc_sys_dev_boot(void) { | 572 | void fs_proc_sys_dev_boot(void) { |
573 | struct stat s; | ||
574 | |||
575 | if (arg_debug) | 573 | if (arg_debug) |
576 | printf("Remounting /proc and /proc/sys filesystems\n"); | 574 | printf("Remounting /proc and /proc/sys filesystems\n"); |
577 | if (mount("proc", "/proc", "proc", MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_REC, NULL) < 0) | 575 | if (mount("proc", "/proc", "proc", MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_REC, NULL) < 0) |
diff --git a/src/firejail/main.c b/src/firejail/main.c index c2ac4a3fa..1c2f021bb 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -107,7 +107,6 @@ char *fullargv[MAX_ARGS]; // expanded argv for restricted shell | |||
107 | int fullargc = 0; | 107 | int fullargc = 0; |
108 | static pid_t child = 0; | 108 | static pid_t child = 0; |
109 | pid_t sandbox_pid; | 109 | pid_t sandbox_pid; |
110 | static char *appimage_mntdir = NULL; | ||
111 | 110 | ||
112 | static void set_name_file(pid_t pid); | 111 | static void set_name_file(pid_t pid); |
113 | static void delete_name_file(pid_t pid); | 112 | static void delete_name_file(pid_t pid); |
@@ -130,16 +129,13 @@ static void myexit(int rv) { | |||
130 | // delete sandbox files in shared memory | 129 | // delete sandbox files in shared memory |
131 | EUID_ROOT(); | 130 | EUID_ROOT(); |
132 | clear_run_files(sandbox_pid); | 131 | clear_run_files(sandbox_pid); |
133 | if (appimage_mntdir) { | 132 | appimage_clear(); |
134 | umount2(appimage_mntdir, MNT_FORCE); | ||
135 | rmdir(appimage_mntdir); | ||
136 | free(appimage_mntdir); | ||
137 | } | ||
138 | 133 | ||
139 | exit(rv); | 134 | exit(rv); |
140 | } | 135 | } |
141 | 136 | ||
142 | static void my_handler(int s){ | 137 | static void my_handler(int s){ |
138 | printf("**************************\n"); | ||
143 | EUID_ROOT(); | 139 | EUID_ROOT(); |
144 | if (!arg_quiet) { | 140 | if (!arg_quiet) { |
145 | printf("\nParent received signal %d, shutting down the child process...\n", s); | 141 | printf("\nParent received signal %d, shutting down the child process...\n", s); |
@@ -1918,9 +1914,8 @@ int main(int argc, char **argv) { | |||
1918 | else if (arg_appimage) { | 1914 | else if (arg_appimage) { |
1919 | if (arg_debug) | 1915 | if (arg_debug) |
1920 | printf("Configuring appimage environment\n"); | 1916 | printf("Configuring appimage environment\n"); |
1921 | appimage_mntdir = appimage_set(cfg.command_name); | 1917 | appimage_set(cfg.command_name); |
1922 | cfg.window_title = "appimage"; | 1918 | cfg.window_title = "appimage"; |
1923 | //todo: set window title | ||
1924 | } | 1919 | } |
1925 | else { | 1920 | else { |
1926 | // calculate the length of the command | 1921 | // calculate the length of the command |