diff options
author | netblue30 <netblue30@protonmail.com> | 2021-10-09 14:04:05 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-10-09 14:04:05 +0000 |
commit | 6c9e2636e7e46eacd8f4f75de1fe5675d4a16686 (patch) | |
tree | 490ce253fa8c6836f87f141da46512bd3f848bc0 | |
parent | Merge pull request #4583 from kmk3/fix-include-limits-h (diff) | |
parent | Merge branch 'master' into replace-iwrite-iwuser (diff) | |
download | firejail-6c9e2636e7e46eacd8f4f75de1fe5675d4a16686.tar.gz firejail-6c9e2636e7e46eacd8f4f75de1fe5675d4a16686.tar.zst firejail-6c9e2636e7e46eacd8f4f75de1fe5675d4a16686.zip |
Merge pull request #4591 from kmk3/replace-iwrite-iwuser
s/S_IWRITE/S_IWUSR/
-rw-r--r-- | src/firejail/chroot.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_hostname.c | 4 | ||||
-rw-r--r-- | src/firejail/fs_trace.c | 4 | ||||
-rw-r--r-- | src/firejail/fs_var.c | 6 | ||||
-rw-r--r-- | src/firejail/ls.c | 2 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 2 |
6 files changed, 10 insertions, 10 deletions
diff --git a/src/firejail/chroot.c b/src/firejail/chroot.c index 37ec22117..9425638ea 100644 --- a/src/firejail/chroot.c +++ b/src/firejail/chroot.c | |||
@@ -86,7 +86,7 @@ static void update_file(int parentfd, const char *relpath) { | |||
86 | if (arg_debug) | 86 | if (arg_debug) |
87 | printf("Updating chroot /%s\n", relpath); | 87 | printf("Updating chroot /%s\n", relpath); |
88 | unlinkat(parentfd, relpath, 0); | 88 | unlinkat(parentfd, relpath, 0); |
89 | int out = openat(parentfd, relpath, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 89 | int out = openat(parentfd, relpath, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
90 | if (out == -1) { | 90 | if (out == -1) { |
91 | close(in); | 91 | close(in); |
92 | goto errout; | 92 | goto errout; |
diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c index f7ce8c18f..8b7e94f51 100644 --- a/src/firejail/fs_hostname.c +++ b/src/firejail/fs_hostname.c | |||
@@ -32,7 +32,7 @@ void fs_hostname(const char *hostname) { | |||
32 | if (arg_debug) | 32 | if (arg_debug) |
33 | printf("Creating a new /etc/hostname file\n"); | 33 | printf("Creating a new /etc/hostname file\n"); |
34 | 34 | ||
35 | create_empty_file_as_root(RUN_HOSTNAME_FILE, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 35 | create_empty_file_as_root(RUN_HOSTNAME_FILE, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
36 | 36 | ||
37 | // bind-mount the file on top of /etc/hostname | 37 | // bind-mount the file on top of /etc/hostname |
38 | if (mount(RUN_HOSTNAME_FILE, "/etc/hostname", NULL, MS_BIND|MS_REC, NULL) < 0) | 38 | if (mount(RUN_HOSTNAME_FILE, "/etc/hostname", NULL, MS_BIND|MS_REC, NULL) < 0) |
@@ -74,7 +74,7 @@ void fs_hostname(const char *hostname) { | |||
74 | } | 74 | } |
75 | fclose(fp1); | 75 | fclose(fp1); |
76 | // mode and owner | 76 | // mode and owner |
77 | SET_PERMS_STREAM(fp2, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 77 | SET_PERMS_STREAM(fp2, 0, 0, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
78 | fclose(fp2); | 78 | fclose(fp2); |
79 | 79 | ||
80 | // bind-mount the file on top of /etc/hostname | 80 | // bind-mount the file on top of /etc/hostname |
diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c index 28852a689..17a7b3d23 100644 --- a/src/firejail/fs_trace.c +++ b/src/firejail/fs_trace.c | |||
@@ -53,7 +53,7 @@ void fs_tracefile(void) { | |||
53 | if (arg_debug) | 53 | if (arg_debug) |
54 | printf("Creating an empty trace log file: %s\n", arg_tracefile); | 54 | printf("Creating an empty trace log file: %s\n", arg_tracefile); |
55 | EUID_USER(); | 55 | EUID_USER(); |
56 | int fd = open(arg_tracefile, O_CREAT|O_WRONLY|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 56 | int fd = open(arg_tracefile, O_CREAT|O_WRONLY|O_CLOEXEC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
57 | if (fd == -1) { | 57 | if (fd == -1) { |
58 | perror("open"); | 58 | perror("open"); |
59 | fprintf(stderr, "Error: cannot open trace log file %s for writing\n", arg_tracefile); | 59 | fprintf(stderr, "Error: cannot open trace log file %s for writing\n", arg_tracefile); |
@@ -106,7 +106,7 @@ void fs_trace(void) { | |||
106 | fmessage("Post-exec seccomp protector enabled\n"); | 106 | fmessage("Post-exec seccomp protector enabled\n"); |
107 | } | 107 | } |
108 | 108 | ||
109 | SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 109 | SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
110 | fclose(fp); | 110 | fclose(fp); |
111 | 111 | ||
112 | // mount the new preload file | 112 | // mount the new preload file |
diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c index 5ba38d46c..e19d0df96 100644 --- a/src/firejail/fs_var.c +++ b/src/firejail/fs_var.c | |||
@@ -128,7 +128,7 @@ void fs_var_log(void) { | |||
128 | /* coverity[toctou] */ | 128 | /* coverity[toctou] */ |
129 | FILE *fp = fopen("/var/log/wtmp", "wxe"); | 129 | FILE *fp = fopen("/var/log/wtmp", "wxe"); |
130 | if (fp) { | 130 | if (fp) { |
131 | SET_PERMS_STREAM(fp, 0, wtmp_group, S_IRUSR | S_IWRITE | S_IRGRP | S_IWGRP | S_IROTH); | 131 | SET_PERMS_STREAM(fp, 0, wtmp_group, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH); |
132 | fclose(fp); | 132 | fclose(fp); |
133 | } | 133 | } |
134 | fs_logger("touch /var/log/wtmp"); | 134 | fs_logger("touch /var/log/wtmp"); |
@@ -136,7 +136,7 @@ void fs_var_log(void) { | |||
136 | // create an empty /var/log/btmp file | 136 | // create an empty /var/log/btmp file |
137 | fp = fopen("/var/log/btmp", "wxe"); | 137 | fp = fopen("/var/log/btmp", "wxe"); |
138 | if (fp) { | 138 | if (fp) { |
139 | SET_PERMS_STREAM(fp, 0, wtmp_group, S_IRUSR | S_IWRITE | S_IRGRP | S_IWGRP); | 139 | SET_PERMS_STREAM(fp, 0, wtmp_group, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); |
140 | fclose(fp); | 140 | fclose(fp); |
141 | } | 141 | } |
142 | fs_logger("touch /var/log/btmp"); | 142 | fs_logger("touch /var/log/btmp"); |
@@ -313,7 +313,7 @@ void fs_var_utmp(void) { | |||
313 | // save new utmp file | 313 | // save new utmp file |
314 | int rv = fwrite(&u_boot, sizeof(u_boot), 1, fp); | 314 | int rv = fwrite(&u_boot, sizeof(u_boot), 1, fp); |
315 | (void) rv; | 315 | (void) rv; |
316 | SET_PERMS_STREAM(fp, 0, utmp_group, S_IRUSR | S_IWRITE | S_IRGRP | S_IWGRP | S_IROTH); | 316 | SET_PERMS_STREAM(fp, 0, utmp_group, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH); |
317 | fclose(fp); | 317 | fclose(fp); |
318 | 318 | ||
319 | // mount the new utmp file | 319 | // mount the new utmp file |
diff --git a/src/firejail/ls.c b/src/firejail/ls.c index 70985ba9e..53e918dde 100644 --- a/src/firejail/ls.c +++ b/src/firejail/ls.c | |||
@@ -305,7 +305,7 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { | |||
305 | } | 305 | } |
306 | // create destination file if necessary | 306 | // create destination file if necessary |
307 | EUID_ASSERT(); | 307 | EUID_ASSERT(); |
308 | int fd = open(dest_fname, O_WRONLY|O_CREAT|O_CLOEXEC, S_IRUSR | S_IWRITE); | 308 | int fd = open(dest_fname, O_WRONLY|O_CREAT|O_CLOEXEC, S_IRUSR | S_IWUSR); |
309 | if (fd == -1) { | 309 | if (fd == -1) { |
310 | fprintf(stderr, "Error: cannot open %s for writing\n", dest_fname); | 310 | fprintf(stderr, "Error: cannot open %s for writing\n", dest_fname); |
311 | exit(1); | 311 | exit(1); |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index b776a0cc5..d66b6c573 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -204,7 +204,7 @@ static void save_umask(void) { | |||
204 | } | 204 | } |
205 | 205 | ||
206 | static char *create_join_file(void) { | 206 | static char *create_join_file(void) { |
207 | int fd = open(RUN_JOIN_FILE, O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 207 | int fd = open(RUN_JOIN_FILE, O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
208 | if (fd == -1) | 208 | if (fd == -1) |
209 | errExit("open"); | 209 | errExit("open"); |
210 | if (ftruncate(fd, 1) == -1) | 210 | if (ftruncate(fd, 1) == -1) |