appimage fixes

author: netblue30 <netblue30@yahoo.com> 2016-06-06 10:09:21 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-06-06 10:09:21 -0400
commit: 9fc8878b4131b34e4425d0b0eb30b477a71b1c44 (patch)
tree: 4f26e75c6cd1d6c92693f70a9536da0d76708c7b
parent: /proc cleanup (diff)
download: firejail-9fc8878b4131b34e4425d0b0eb30b477a71b1c44.tar.gz
firejail-9fc8878b4131b34e4425d0b0eb30b477a71b1c44.tar.zst
firejail-9fc8878b4131b34e4425d0b0eb30b477a71b1c44.zip
4 files changed, 38 insertions, 21 deletions
diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c
index e25d50a2d..59ce31052 100644
--- a/src/firejail/appimage.c
+++ b/src/firejail/appimage.c
@@ -26,11 +26,14 @@
 #include <sys/mount.h>
 #include <fcntl.h>
 #include <linux/loop.h>
+#include <errno.h>
+static char *devloop = NULL;    // device file 
+static char *mntdir = NULL;     // mount point in /tmp directory
+void appimage_set(const char *appimage_path) {
-char *appimage_set(const char *appimage_path) {
        assert(appimage_path);
+        assert(devloop == NULL);        // don't call this twice!
        EUID_ASSERT();
        
        // check appimage_path
@@ -49,7 +52,6 @@ char *appimage_set(const char *appimage_path) {
                exit(1);
        }
        close(cfd);
-        char *devloop;
        if (asprintf(&devloop, "/dev/loop%d", devnr) == -1)
                errExit("asprintf");
                
@@ -63,15 +65,17 @@ char *appimage_set(const char *appimage_path) {
        close(ffd);
        
        char dirname[] = "/tmp/firejail-mnt-XXXXXX";
-        char *mntdir =  strdup(mkdtemp(dirname));
+        mntdir =  strdup(mkdtemp(dirname));
        if (mntdir == NULL) {
                fprintf(stderr, "Error: cannot create temporary directory\n");
                exit(1);
        }
        mkdir(mntdir, 755);
-        chown(mntdir, getuid(), getgid());
+        if (chown(mntdir, getuid(), getgid()) == -1)
-        chmod(mntdir, 755);
+                errExit("chown");
+        if (chmod(mntdir, 755) == -1)
+                errExit("chmod");
+        
        char *mode;
        if (asprintf(&mode, "mode=755,uid=%d,gid=%d", getuid(), getgid()) == -1)
                errExit("asprintf");
@@ -79,6 +83,7 @@ char *appimage_set(const char *appimage_path) {
        if (mount(devloop, mntdir, "iso9660",MS_MGC_VAL|MS_RDONLY,  mode) < 0)
                errExit("mounting appimage");
        if (arg_debug)
                printf("appimage mounted on %s\n", mntdir);
        EUID_USER();
@@ -87,8 +92,26 @@ char *appimage_set(const char *appimage_path) {
        if (asprintf(&cfg.command_line, "%s/AppRun", mntdir) == -1)
                errExit("asprintf");
        
-        free(devloop);
        free(mode);
-        
+}
-        return mntdir;
+void appimage_clear(void) {
+        int rv;
+        if (mntdir) {
+                rv = umount2(mntdir, MNT_FORCE);
+                if (rv == -1 && errno == EBUSY) {
+                        sleep(1);                       
+                        rv = umount2(mntdir, MNT_FORCE);
+                        
+                }
+                rmdir(mntdir);
+                free(mntdir);
+        }
+        if (devloop) {
+                int lfd = open(devloop, O_RDONLY);
+                rv = ioctl(lfd, LOOP_CLR_FD, 0);
+                close(lfd);
+        }
 }
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 00674c047..2d5e05f79 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -576,7 +576,8 @@ void fs_rdwr_add(const char *path);
 void fs_rdwr(void);
 // appimage.c
-char *appimage_set(const char *appimage_path);
+void appimage_set(const char *appimage_path);
+void appimage_clear(void);
 #endif
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 984d413a3..8cae9191c 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -570,8 +570,6 @@ void fs_rdonly_noexit(const char *dir) {
 // mount /proc and /sys directories
 void fs_proc_sys_dev_boot(void) {
-        struct stat s;
        if (arg_debug)
                printf("Remounting /proc and /proc/sys filesystems\n");
        if (mount("proc", "/proc", "proc", MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_REC, NULL) < 0)
diff --git a/src/firejail/main.c b/src/firejail/main.c
index c2ac4a3fa..1c2f021bb 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -107,7 +107,6 @@ char *fullargv[MAX_ARGS];			// expanded argv for restricted shell
 int fullargc = 0;
 static pid_t child = 0;
 pid_t sandbox_pid;
-static char *appimage_mntdir = NULL;
 static void set_name_file(pid_t pid);
 static void delete_name_file(pid_t pid);
@@ -130,16 +129,13 @@ static void myexit(int rv) {
        // delete sandbox files in shared memory
        EUID_ROOT();
        clear_run_files(sandbox_pid);
-        if (appimage_mntdir) {
+        appimage_clear();
-                umount2(appimage_mntdir, MNT_FORCE);
-                rmdir(appimage_mntdir);
-                free(appimage_mntdir);
-        }
                
        exit(rv); 
 }
 static void my_handler(int s){
+printf("**************************\n");
        EUID_ROOT();
        if (!arg_quiet) {
                printf("\nParent received signal %d, shutting down the child process...\n", s);
@@ -1918,9 +1914,8 @@ int main(int argc, char **argv) {
        else if (arg_appimage) {
                if (arg_debug)
                        printf("Configuring appimage environment\n");
-                appimage_mntdir = appimage_set(cfg.command_name);
+                appimage_set(cfg.command_name);
                cfg.window_title = "appimage";
-                //todo: set window title
        }
        else {
                // calculate the length of the command
author	netblue30 <netblue30@yahoo.com>	2016-06-06 10:09:21 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-06-06 10:09:21 -0400
commit	9fc8878b4131b34e4425d0b0eb30b477a71b1c44 (patch)
tree	4f26e75c6cd1d6c92693f70a9536da0d76708c7b
parent	/proc cleanup (diff)
download	firejail-9fc8878b4131b34e4425d0b0eb30b477a71b1c44.tar.gz firejail-9fc8878b4131b34e4425d0b0eb30b477a71b1c44.tar.zst firejail-9fc8878b4131b34e4425d0b0eb30b477a71b1c44.zip

diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c index e25d50a2d..59ce31052 100644 --- a/src/firejail/appimage.c +++ b/src/firejail/appimage.c
@@ -26,11 +26,14 @@
26	#include <sys/mount.h>	26	#include <sys/mount.h>
27	#include <fcntl.h>	27	#include <fcntl.h>
28	#include <linux/loop.h>	28	#include <linux/loop.h>
		29	#include <errno.h>
29		30
		31	static char *devloop = NULL; // device file
		32	static char *mntdir = NULL; // mount point in /tmp directory
30		33
31		34	void appimage_set(const char *appimage_path) {
32	char appimage_set(const char appimage_path) {
33	assert(appimage_path);	35	assert(appimage_path);
		36	assert(devloop == NULL); // don't call this twice!
34	EUID_ASSERT();	37	EUID_ASSERT();
35		38
36	// check appimage_path	39	// check appimage_path
@@ -49,7 +52,6 @@ char appimage_set(const char appimage_path) {
49	exit(1);	52	exit(1);
50	}	53	}
51	close(cfd);	54	close(cfd);
52	char *devloop;
53	if (asprintf(&devloop, "/dev/loop%d", devnr) == -1)	55	if (asprintf(&devloop, "/dev/loop%d", devnr) == -1)
54	errExit("asprintf");	56	errExit("asprintf");
55		57
@@ -63,15 +65,17 @@ char appimage_set(const char appimage_path) {
63	close(ffd);	65	close(ffd);
64		66
65	char dirname[] = "/tmp/firejail-mnt-XXXXXX";	67	char dirname[] = "/tmp/firejail-mnt-XXXXXX";
66	char *mntdir = strdup(mkdtemp(dirname));	68	mntdir = strdup(mkdtemp(dirname));
67	if (mntdir == NULL) {	69	if (mntdir == NULL) {
68	fprintf(stderr, "Error: cannot create temporary directory\n");	70	fprintf(stderr, "Error: cannot create temporary directory\n");
69	exit(1);	71	exit(1);
70	}	72	}
71	mkdir(mntdir, 755);	73	mkdir(mntdir, 755);
72	chown(mntdir, getuid(), getgid());	74	if (chown(mntdir, getuid(), getgid()) == -1)
73	chmod(mntdir, 755);	75	errExit("chown");
74		76	if (chmod(mntdir, 755) == -1)
		77	errExit("chmod");
		78
75	char *mode;	79	char *mode;
76	if (asprintf(&mode, "mode=755,uid=%d,gid=%d", getuid(), getgid()) == -1)	80	if (asprintf(&mode, "mode=755,uid=%d,gid=%d", getuid(), getgid()) == -1)
77	errExit("asprintf");	81	errExit("asprintf");
@@ -79,6 +83,7 @@ char appimage_set(const char appimage_path) {
79	if (mount(devloop, mntdir, "iso9660",MS_MGC_VAL\|MS_RDONLY, mode) < 0)	83	if (mount(devloop, mntdir, "iso9660",MS_MGC_VAL\|MS_RDONLY, mode) < 0)
80	errExit("mounting appimage");	84	errExit("mounting appimage");
81		85
		86
82	if (arg_debug)	87	if (arg_debug)
83	printf("appimage mounted on %s\n", mntdir);	88	printf("appimage mounted on %s\n", mntdir);
84	EUID_USER();	89	EUID_USER();
@@ -87,8 +92,26 @@ char appimage_set(const char appimage_path) {
87	if (asprintf(&cfg.command_line, "%s/AppRun", mntdir) == -1)	92	if (asprintf(&cfg.command_line, "%s/AppRun", mntdir) == -1)
88	errExit("asprintf");	93	errExit("asprintf");
89		94
90	free(devloop);
91	free(mode);	95	free(mode);
92		96	}
93	return mntdir;	97
		98	void appimage_clear(void) {
		99	int rv;
		100
		101	if (mntdir) {
		102	rv = umount2(mntdir, MNT_FORCE);
		103	if (rv == -1 && errno == EBUSY) {
		104	sleep(1);
		105	rv = umount2(mntdir, MNT_FORCE);
		106
		107	}
		108	rmdir(mntdir);
		109	free(mntdir);
		110	}
		111
		112	if (devloop) {
		113	int lfd = open(devloop, O_RDONLY);
		114	rv = ioctl(lfd, LOOP_CLR_FD, 0);
		115	close(lfd);
		116	}
94	}	117	}


diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 00674c047..2d5e05f79 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h
@@ -576,7 +576,8 @@ void fs_rdwr_add(const char *path);
576	void fs_rdwr(void);	576	void fs_rdwr(void);
577		577
578	// appimage.c	578	// appimage.c
579	char appimage_set(const char appimage_path);	579	void appimage_set(const char *appimage_path);
		580	void appimage_clear(void);
580		581
581	#endif	582	#endif
582		583


diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 984d413a3..8cae9191c 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c
@@ -570,8 +570,6 @@ void fs_rdonly_noexit(const char *dir) {
570		570
571	// mount /proc and /sys directories	571	// mount /proc and /sys directories
572	void fs_proc_sys_dev_boot(void) {	572	void fs_proc_sys_dev_boot(void) {
573	struct stat s;
574
575	if (arg_debug)	573	if (arg_debug)
576	printf("Remounting /proc and /proc/sys filesystems\n");	574	printf("Remounting /proc and /proc/sys filesystems\n");
577	if (mount("proc", "/proc", "proc", MS_NOSUID \| MS_NOEXEC \| MS_NODEV \| MS_REC, NULL) < 0)	575	if (mount("proc", "/proc", "proc", MS_NOSUID \| MS_NOEXEC \| MS_NODEV \| MS_REC, NULL) < 0)


diff --git a/src/firejail/main.c b/src/firejail/main.c index c2ac4a3fa..1c2f021bb 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -107,7 +107,6 @@ char *fullargv[MAX_ARGS]; // expanded argv for restricted shell
107	int fullargc = 0;	107	int fullargc = 0;
108	static pid_t child = 0;	108	static pid_t child = 0;
109	pid_t sandbox_pid;	109	pid_t sandbox_pid;
110	static char *appimage_mntdir = NULL;
111		110
112	static void set_name_file(pid_t pid);	111	static void set_name_file(pid_t pid);
113	static void delete_name_file(pid_t pid);	112	static void delete_name_file(pid_t pid);
@@ -130,16 +129,13 @@ static void myexit(int rv) {
130	// delete sandbox files in shared memory	129	// delete sandbox files in shared memory
131	EUID_ROOT();	130	EUID_ROOT();
132	clear_run_files(sandbox_pid);	131	clear_run_files(sandbox_pid);
133	if (appimage_mntdir) {	132	appimage_clear();
134	umount2(appimage_mntdir, MNT_FORCE);
135	rmdir(appimage_mntdir);
136	free(appimage_mntdir);
137	}
138		133
139	exit(rv);	134	exit(rv);
140	}	135	}
141		136
142	static void my_handler(int s){	137	static void my_handler(int s){
		138	printf("**************************\n");
143	EUID_ROOT();	139	EUID_ROOT();
144	if (!arg_quiet) {	140	if (!arg_quiet) {
145	printf("\nParent received signal %d, shutting down the child process...\n", s);	141	printf("\nParent received signal %d, shutting down the child process...\n", s);
@@ -1918,9 +1914,8 @@ int main(int argc, char **argv) {
1918	else if (arg_appimage) {	1914	else if (arg_appimage) {
1919	if (arg_debug)	1915	if (arg_debug)
1920	printf("Configuring appimage environment\n");	1916	printf("Configuring appimage environment\n");
1921	appimage_mntdir = appimage_set(cfg.command_name);	1917	appimage_set(cfg.command_name);
1922	cfg.window_title = "appimage";	1918	cfg.window_title = "appimage";
1923	//todo: set window title
1924	}	1919	}
1925	else {	1920	else {
1926	// calculate the length of the command	1921	// calculate the length of the command