diff options
| author |  netblue30 <netblue30@yahoo.com> | 2015-08-16 15:27:31 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2015-08-16 15:27:31 -0400 |
| commit | 04b8a2a23b077398f6c51784fe412c91878c1a82 (patch) | |
| tree | bcfb81ed866807a42141d156aabfa8a546ec5b4a | |
| parent | --overlay rework, adding a persistent directory; implemented --overlay-tmpfs ... (diff) | |
| parent | Replace get_link with realpath (diff) | |
| download | firejail-04b8a2a23b077398f6c51784fe412c91878c1a82.tar.gz firejail-04b8a2a23b077398f6c51784fe412c91878c1a82.tar.zst firejail-04b8a2a23b077398f6c51784fe412c91878c1a82.zip | |
Merge pull request #29 from pmillerchip/symlink-fixes
Replace get_link with realpath
| -rw-r--r-- | src/firejail/firejail.h | 1 | ||||
| -rw-r--r-- | src/firejail/fs_dev.c | 24 | ||||
| -rw-r--r-- | src/firejail/fs_var.c | 26 | ||||
| -rw-r--r-- | src/firejail/util.c | 24 |
4 files changed, 15 insertions, 60 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 7eb4786e6..3acaeb6fb 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
| @@ -253,7 +253,6 @@ void logmsg(const char *msg); | |||
| 253 | void logargs(int argc, char **argv) ; | 253 | void logargs(int argc, char **argv) ; |
| 254 | void logerr(const char *msg); | 254 | void logerr(const char *msg); |
| 255 | int copy_file(const char *srcname, const char *destname); | 255 | int copy_file(const char *srcname, const char *destname); |
| 256 | char *get_link(const char *fname); | ||
| 257 | int is_dir(const char *fname); | 256 | int is_dir(const char *fname); |
| 258 | int is_link(const char *fname); | 257 | int is_link(const char *fname); |
| 259 | char *line_remove_spaces(const char *buf); | 258 | char *line_remove_spaces(const char *buf); |
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c index 80bd11582..212b3211c 100644 --- a/src/firejail/fs_dev.c +++ b/src/firejail/fs_dev.c | |||
| @@ -127,30 +127,20 @@ void fs_dev_shm(void) { | |||
| 127 | errExit("mounting /dev/shm"); | 127 | errExit("mounting /dev/shm"); |
| 128 | } | 128 | } |
| 129 | else { | 129 | else { |
| 130 | char *lnk = get_link("/dev/shm"); | 130 | char *lnk = realpath("/dev/shm", NULL); |
| 131 | if (lnk) { | 131 | if (lnk) { |
| 132 | // convert a link such as "../shm" into "/shm" | 132 | if (!is_dir(lnk)) { |
| 133 | char *lnk2 = lnk; | ||
| 134 | int cnt = 0; | ||
| 135 | while (strncmp(lnk2, "../", 3) == 0) { | ||
| 136 | cnt++; | ||
| 137 | lnk2 = lnk2 + 3; | ||
| 138 | } | ||
| 139 | if (cnt != 0) | ||
| 140 | lnk2 = lnk + (cnt - 1) * 3 + 2; | ||
| 141 | |||
| 142 | if (!is_dir(lnk2)) { | ||
| 143 | // create directory | 133 | // create directory |
| 144 | if (mkdir(lnk2, S_IRWXU|S_IRWXG|S_IRWXO)) | 134 | if (mkdir(lnk, S_IRWXU|S_IRWXG|S_IRWXO)) |
| 145 | errExit("mkdir"); | 135 | errExit("mkdir"); |
| 146 | if (chown(lnk2, 0, 0)) | 136 | if (chown(lnk, 0, 0)) |
| 147 | errExit("chown"); | 137 | errExit("chown"); |
| 148 | if (chmod(lnk2, S_IRWXU|S_IRWXG|S_IRWXO)) | 138 | if (chmod(lnk, S_IRWXU|S_IRWXG|S_IRWXO)) |
| 149 | errExit("chmod"); | 139 | errExit("chmod"); |
| 150 | } | 140 | } |
| 151 | if (arg_debug) | 141 | if (arg_debug) |
| 152 | printf("Mounting tmpfs on %s on behalf of /dev/shm\n", lnk2); | 142 | printf("Mounting tmpfs on %s on behalf of /dev/shm\n", lnk); |
| 153 | if (mount("tmpfs", lnk2, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) | 143 | if (mount("tmpfs", lnk, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) |
| 154 | errExit("mounting /var/tmp"); | 144 | errExit("mounting /var/tmp"); |
| 155 | free(lnk); | 145 | free(lnk); |
| 156 | } | 146 | } |
diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c index 588090c00..9f554f662 100644 --- a/src/firejail/fs_var.c +++ b/src/firejail/fs_var.c | |||
| @@ -240,7 +240,7 @@ void dbg_test_dir(const char *dir) { | |||
| 240 | if (is_dir(dir)) | 240 | if (is_dir(dir)) |
| 241 | printf("%s is a directory\n", dir); | 241 | printf("%s is a directory\n", dir); |
| 242 | if (is_link(dir)) { | 242 | if (is_link(dir)) { |
| 243 | char *lnk = get_link(dir); | 243 | char *lnk = realpath(dir, NULL); |
| 244 | if (lnk) { | 244 | if (lnk) { |
| 245 | printf("%s is a symbolic link to %s\n", dir, lnk); | 245 | printf("%s is a symbolic link to %s\n", dir, lnk); |
| 246 | free(lnk); | 246 | free(lnk); |
| @@ -259,30 +259,20 @@ void fs_var_lock(void) { | |||
| 259 | errExit("mounting /lock"); | 259 | errExit("mounting /lock"); |
| 260 | } | 260 | } |
| 261 | else { | 261 | else { |
| 262 | char *lnk = get_link("/var/lock"); | 262 | char *lnk = realpath("/var/lock", NULL); |
| 263 | if (lnk) { | 263 | if (lnk) { |
| 264 | // convert a link such as "../shm" into "/shm" | 264 | if (!is_dir(lnk)) { |
| 265 | char *lnk2 = lnk; | ||
| 266 | int cnt = 0; | ||
| 267 | while (strncmp(lnk2, "../", 3) == 0) { | ||
| 268 | cnt++; | ||
| 269 | lnk2 = lnk2 + 3; | ||
| 270 | } | ||
| 271 | if (cnt != 0) | ||
| 272 | lnk2 = lnk + (cnt - 1) * 3 + 2; | ||
| 273 | |||
| 274 | if (!is_dir(lnk2)) { | ||
| 275 | // create directory | 265 | // create directory |
| 276 | if (mkdir(lnk2, S_IRWXU|S_IRWXG|S_IRWXO)) | 266 | if (mkdir(lnk, S_IRWXU|S_IRWXG|S_IRWXO)) |
| 277 | errExit("mkdir"); | 267 | errExit("mkdir"); |
| 278 | if (chown(lnk2, 0, 0)) | 268 | if (chown(lnk, 0, 0)) |
| 279 | errExit("chown"); | 269 | errExit("chown"); |
| 280 | if (chmod(lnk2, S_IRWXU|S_IRWXG|S_IRWXO)) | 270 | if (chmod(lnk, S_IRWXU|S_IRWXG|S_IRWXO)) |
| 281 | errExit("chmod"); | 271 | errExit("chmod"); |
| 282 | } | 272 | } |
| 283 | if (arg_debug) | 273 | if (arg_debug) |
| 284 | printf("Mounting tmpfs on %s on behalf of /var/lock\n", lnk2); | 274 | printf("Mounting tmpfs on %s on behalf of /var/lock\n", lnk); |
| 285 | if (mount("tmpfs", lnk2, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) | 275 | if (mount("tmpfs", lnk, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) |
| 286 | errExit("mounting /var/lock"); | 276 | errExit("mounting /var/lock"); |
| 287 | free(lnk); | 277 | free(lnk); |
| 288 | } | 278 | } |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 2c50caf17..95409129a 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
| @@ -172,30 +172,6 @@ int copy_file(const char *srcname, const char *destname) { | |||
| 172 | return 0; | 172 | return 0; |
| 173 | } | 173 | } |
| 174 | 174 | ||
| 175 | |||
| 176 | char *get_link(const char *fname) { | ||
| 177 | assert(fname); | ||
| 178 | struct stat sb; | ||
| 179 | char *linkname; | ||
| 180 | ssize_t r; | ||
| 181 | |||
| 182 | if (lstat(fname, &sb) == -1) | ||
| 183 | return NULL; | ||
| 184 | |||
| 185 | linkname = malloc(sb.st_size + 1); | ||
| 186 | if (linkname == NULL) | ||
| 187 | return NULL; | ||
| 188 | memset(linkname, 0, sb.st_size + 1); | ||
| 189 | |||
| 190 | r = readlink(fname, linkname, sb.st_size + 1); | ||
| 191 | if (r < 0) { | ||
| 192 | free(linkname); | ||
| 193 | return NULL; | ||
| 194 | } | ||
| 195 | return linkname; | ||
| 196 | } | ||
| 197 | |||
| 198 | |||
| 199 | // return 1 if the file is a directory | 175 | // return 1 if the file is a directory |
| 200 | int is_dir(const char *fname) { | 176 | int is_dir(const char *fname) { |
| 201 | assert(fname); | 177 | assert(fname); |