private-dev fix

author: netblue30 <netblue30@yahoo.com> 2016-09-28 09:07:00 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-09-28 09:07:00 -0400
commit: 28c2ace5fd2dbf8b44f88470ba817d0b0449e8cc (patch)
tree: ace60ee7f4000def469f57f817e101e8fd5214ba
parent: debug (diff)
download: firejail-28c2ace5fd2dbf8b44f88470ba817d0b0449e8cc.tar.gz
firejail-28c2ace5fd2dbf8b44f88470ba817d0b0449e8cc.tar.zst
firejail-28c2ace5fd2dbf8b44f88470ba817d0b0449e8cc.zip
1 files changed, 25 insertions, 6 deletions
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c
index c21aed6c4..6f5385f79 100644
--- a/src/firejail/fs_dev.c
+++ b/src/firejail/fs_dev.c
@@ -59,13 +59,32 @@ static void deventry_mount(void) {
        while (dev[i].dev_fname != NULL) {
                struct stat s;
                if (stat(dev[i].run_fname, &s) == 0) {
+                        int dir = is_dir(dev[i].run_fname);
                        if (arg_debug)
-                                printf("mounting %s\n", dev[i].run_fname);
+                                printf("mounting %s %s\n", dev[i].run_fname, (dir)? "directory": "file");
-                        if (mkdir(dev[i].dev_fname, 0755) == -1)
+                        if (dir) {
-                                errExit("mkdir");
+                                if (mkdir(dev[i].dev_fname, 0755) == -1)
-                        if (chmod(dev[i].dev_fname, 0755) == -1)
+                                        errExit("mkdir");
-                                errExit("chmod");
+                                if (chmod(dev[i].dev_fname, 0755) == -1)
-                        ASSERT_PERMS(dev[i].dev_fname, 0, 0, 0755);
+                                        errExit("chmod");
+                                ASSERT_PERMS(dev[i].dev_fname, 0, 0, 0755);
+                        }
+                        else {
+                                struct stat s;
+                                if (stat(dev[i].run_fname, &s) == -1) {
+                                        if (arg_debug)
+                                                printf("Warning: cannot stat %s file\n", dev[i].run_fname);
+                                        i++;
+                                        continue;
+                                }
+                                FILE *fp = fopen(dev[i].dev_fname, "w");
+                                if (fp) {
+                                        fprintf(fp, "\n");
+                                        SET_PERMS_STREAM(fp, s.st_uid, s.st_gid, s.st_mode);
+                                        fclose(fp);
+                                }
+                        }
+                                
                        if (mount(dev[i].run_fname, dev[i].dev_fname, NULL, MS_BIND|MS_REC, NULL) < 0)
                                errExit("mounting dev file");
                        fs_logger2("whitelist", dev[i].dev_fname);
author	netblue30 <netblue30@yahoo.com>	2016-09-28 09:07:00 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-09-28 09:07:00 -0400
commit	28c2ace5fd2dbf8b44f88470ba817d0b0449e8cc (patch)
tree	ace60ee7f4000def469f57f817e101e8fd5214ba
parent	debug (diff)
download	firejail-28c2ace5fd2dbf8b44f88470ba817d0b0449e8cc.tar.gz firejail-28c2ace5fd2dbf8b44f88470ba817d0b0449e8cc.tar.zst firejail-28c2ace5fd2dbf8b44f88470ba817d0b0449e8cc.zip

diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c index c21aed6c4..6f5385f79 100644 --- a/src/firejail/fs_dev.c +++ b/src/firejail/fs_dev.c
@@ -59,13 +59,32 @@ static void deventry_mount(void) {
59	while (dev[i].dev_fname != NULL) {	59	while (dev[i].dev_fname != NULL) {
60	struct stat s;	60	struct stat s;
61	if (stat(dev[i].run_fname, &s) == 0) {	61	if (stat(dev[i].run_fname, &s) == 0) {
		62	int dir = is_dir(dev[i].run_fname);
62	if (arg_debug)	63	if (arg_debug)
63	printf("mounting %s\n", dev[i].run_fname);	64	printf("mounting %s %s\n", dev[i].run_fname, (dir)? "directory": "file");
64	if (mkdir(dev[i].dev_fname, 0755) == -1)	65	if (dir) {
65	errExit("mkdir");	66	if (mkdir(dev[i].dev_fname, 0755) == -1)
66	if (chmod(dev[i].dev_fname, 0755) == -1)	67	errExit("mkdir");
67	errExit("chmod");	68	if (chmod(dev[i].dev_fname, 0755) == -1)
68	ASSERT_PERMS(dev[i].dev_fname, 0, 0, 0755);	69	errExit("chmod");
		70	ASSERT_PERMS(dev[i].dev_fname, 0, 0, 0755);
		71	}
		72	else {
		73	struct stat s;
		74	if (stat(dev[i].run_fname, &s) == -1) {
		75	if (arg_debug)
		76	printf("Warning: cannot stat %s file\n", dev[i].run_fname);
		77	i++;
		78	continue;
		79	}
		80	FILE *fp = fopen(dev[i].dev_fname, "w");
		81	if (fp) {
		82	fprintf(fp, "\n");
		83	SET_PERMS_STREAM(fp, s.st_uid, s.st_gid, s.st_mode);
		84	fclose(fp);
		85	}
		86	}
		87
69	if (mount(dev[i].run_fname, dev[i].dev_fname, NULL, MS_BIND\|MS_REC, NULL) < 0)	88	if (mount(dev[i].run_fname, dev[i].dev_fname, NULL, MS_BIND\|MS_REC, NULL) < 0)
70	errExit("mounting dev file");	89	errExit("mounting dev file");
71	fs_logger2("whitelist", dev[i].dev_fname);	90	fs_logger2("whitelist", dev[i].dev_fname);