aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2018-08-29 08:55:32 -0400
committerLibravatar netblue30 <netblue30@yahoo.com>2018-08-29 08:55:32 -0400
commit594e2a48ec1a2350d9315ba6cf71b805446a49ad (patch)
treeed05e8de6d45da91138275e1d0d636081654d909
parentapparmor: cleanup /home path (diff)
downloadfirejail-594e2a48ec1a2350d9315ba6cf71b805446a49ad.tar.gz
firejail-594e2a48ec1a2350d9315ba6cf71b805446a49ad.tar.zst
firejail-594e2a48ec1a2350d9315ba6cf71b805446a49ad.zip
cleanup
Diffstat
-rw-r--r--src/firejail/fs_whitelist.c2
-rw-r--r--src/firejail/sbox.c4
-rw-r--r--src/libpostexecseccomp/libpostexecseccomp.c4
3 files changed, 8 insertions, 2 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 8a402f692..1fd1fb675 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -494,6 +494,7 @@ void fs_whitelist(void) {
494 printf("\"%s\" disabled by --private\n", entry->data); 494 printf("\"%s\" disabled by --private\n", entry->data);
495 495
496 entry->data = EMPTY_STRING; 496 entry->data = EMPTY_STRING;
497 free(fname);
497 continue; 498 continue;
498 } 499 }
499 500
@@ -638,6 +639,7 @@ void fs_whitelist(void) {
638 } 639 }
639 } 640 }
640 else { 641 else {
642 free(fname);
641 goto errexit; 643 goto errexit;
642 } 644 }
643 645
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c
index c11daad58..1c6f3c327 100644
--- a/src/firejail/sbox.c
+++ b/src/firejail/sbox.c
@@ -142,8 +142,10 @@ int sbox_run(unsigned filter, int num, ...) {
142 } 142 }
143 else if ((filter & SBOX_ALLOW_STDIN) == 0) { 143 else if ((filter & SBOX_ALLOW_STDIN) == 0) {
144 int fd = open("/dev/null",O_RDWR, 0); 144 int fd = open("/dev/null",O_RDWR, 0);
145 if (fd != -1) 145 if (fd != -1) {
146 dup2(fd, STDIN_FILENO); 146 dup2(fd, STDIN_FILENO);
147 close(fd);
148 }
147 else // the user could run the sandbox without /dev/null 149 else // the user could run the sandbox without /dev/null
148 close(STDIN_FILENO); 150 close(STDIN_FILENO);
149 } 151 }
diff --git a/src/libpostexecseccomp/libpostexecseccomp.c b/src/libpostexecseccomp/libpostexecseccomp.c
index 6d2c8c695..de64d50c5 100644
--- a/src/libpostexecseccomp/libpostexecseccomp.c
+++ b/src/libpostexecseccomp/libpostexecseccomp.c
@@ -32,6 +32,8 @@ static void load_seccomp(void) {
32 return; 32 return;
33 33
34 off_t size = lseek(fd, 0, SEEK_END); 34 off_t size = lseek(fd, 0, SEEK_END);
35 if (size <= 0)
36 return;
35 unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter); 37 unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter);
36 struct sock_filter *filter = MAP_FAILED; 38 struct sock_filter *filter = MAP_FAILED;
37 if (size != 0) 39 if (size != 0)
@@ -39,7 +41,7 @@ static void load_seccomp(void) {
39 41
40 close(fd); 42 close(fd);
41 43
42 if (size == 0 || filter == MAP_FAILED) 44 if (filter == MAP_FAILED)
43 return; 45 return;
44 46
45 // install filter 47 // install filter
generated by cgit v1.2.3-54-g00ecf (git 2.45.1) at 2024-05-29 18:56:30 +0000