diff options
| author |  smitsohu <smitsohu@gmail.com> | 2018-09-30 23:59:16 +0200 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2018-09-30 23:59:16 +0200 |
| commit | f58fc1cdd46df855d5c1f38d48d74b26c0b4e078 (patch) | |
| tree | 09db6ee0996ada6c74ff10e2622acd5bc9eb995d | |
| parent | Merge pull request #2127 from veloute/vimfix (diff) | |
| download | firejail-f58fc1cdd46df855d5c1f38d48d74b26c0b4e078.tar.gz firejail-f58fc1cdd46df855d5c1f38d48d74b26c0b4e078.tar.zst firejail-f58fc1cdd46df855d5c1f38d48d74b26c0b4e078.zip | |
cleanup
| -rw-r--r-- | src/firejail/fs_whitelist.c | 53 |
1 files changed, 14 insertions, 39 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 1fd1fb675..9bedcc708 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
| @@ -35,19 +35,6 @@ | |||
| 35 | #define EMPTY_STRING ("") | 35 | #define EMPTY_STRING ("") |
| 36 | #define MAXBUF 4098 | 36 | #define MAXBUF 4098 |
| 37 | 37 | ||
| 38 | // returns mallocated memory | ||
| 39 | char *parse_nowhitelist(int nowhitelist_flag, char *ptr1) { | ||
| 40 | char *rv; | ||
| 41 | if (nowhitelist_flag) { | ||
| 42 | if (asprintf(&rv, "nowhitelist ~/%s", ptr1) == -1) | ||
| 43 | errExit("asprintf"); | ||
| 44 | } | ||
| 45 | else { | ||
| 46 | if (asprintf(&rv, "whitelist ~/%s", ptr1) == -1) | ||
| 47 | errExit("asprintf"); | ||
| 48 | } | ||
| 49 | return rv; | ||
| 50 | } | ||
| 51 | 38 | ||
| 52 | static int mkpath(const char* path, mode_t mode) { | 39 | static int mkpath(const char* path, mode_t mode) { |
| 53 | assert(path && *path); | 40 | assert(path && *path); |
| @@ -369,35 +356,23 @@ void fs_whitelist(void) { | |||
| 369 | } | 356 | } |
| 370 | char *dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; | 357 | char *dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; |
| 371 | 358 | ||
| 372 | // resolve macros | 359 | // replace ~/ or ${HOME} into /home/username or resolve macro |
| 373 | if (is_macro(dataptr)) { | ||
| 374 | char *tmp = resolve_macro(dataptr); // returns allocated mem | ||
| 375 | if (tmp != NULL) { | ||
| 376 | char *tmp1 = parse_nowhitelist(nowhitelist_flag, tmp); | ||
| 377 | assert(tmp1); | ||
| 378 | free(tmp); | ||
| 379 | tmp = tmp1; | ||
| 380 | } | ||
| 381 | if (tmp) { | ||
| 382 | entry->data = tmp; | ||
| 383 | dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; | ||
| 384 | } | ||
| 385 | else { | ||
| 386 | if (!nowhitelist_flag && !arg_quiet && !arg_private) { | ||
| 387 | fprintf(stderr, "***\n"); | ||
| 388 | fprintf(stderr, "*** Warning: cannot whitelist %s directory\n", dataptr); | ||
| 389 | fprintf(stderr, "*** Any file saved in this directory will be lost when the sandbox is closed.\n"); | ||
| 390 | fprintf(stderr, "***\n"); | ||
| 391 | } | ||
| 392 | entry->data = EMPTY_STRING; | ||
| 393 | continue; | ||
| 394 | } | ||
| 395 | } | ||
| 396 | |||
| 397 | // replace ~/ or ${HOME} into /home/username | ||
| 398 | new_name = expand_home(dataptr, cfg.homedir); | 360 | new_name = expand_home(dataptr, cfg.homedir); |
| 399 | assert(new_name); | 361 | assert(new_name); |
| 400 | 362 | ||
| 363 | // skip command if resolving the macro was not successful | ||
| 364 | if (is_macro(new_name)) { | ||
| 365 | if (!nowhitelist_flag && !arg_quiet && !arg_private) { | ||
| 366 | fprintf(stderr, "***\n"); | ||
| 367 | fprintf(stderr, "*** Warning: cannot whitelist %s directory\n", new_name); | ||
| 368 | fprintf(stderr, "*** Any file saved in this directory will be lost when the sandbox is closed.\n"); | ||
| 369 | fprintf(stderr, "***\n"); | ||
| 370 | } | ||
| 371 | free(new_name); | ||
| 372 | entry->data = EMPTY_STRING; | ||
| 373 | continue; | ||
| 374 | } | ||
| 375 | |||
| 401 | // remove trailing slashes and single dots | 376 | // remove trailing slashes and single dots |
| 402 | trim_trailing_slash_or_dot(new_name); | 377 | trim_trailing_slash_or_dot(new_name); |
| 403 | 378 | ||