misc small adjustments

author: smitsohu <smitsohu@gmail.com> 2018-11-13 16:42:10 +0100
committer: smitsohu <smitsohu@gmail.com> 2018-11-13 16:42:10 +0100
commit: a0f6b2e900432271cb6d73d8725b5a13d7368438 (patch)
tree: e27ee1c9db364bcab5bcb04b6950a33c0ee4aed2
parent: user database: improve error strings and checks (diff)
download: firejail-a0f6b2e900432271cb6d73d8725b5a13d7368438.tar.gz
firejail-a0f6b2e900432271cb6d73d8725b5a13d7368438.tar.zst
firejail-a0f6b2e900432271cb6d73d8725b5a13d7368438.zip
3 files changed, 35 insertions, 31 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 8a397e3d8..2e921ad37 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -562,7 +562,7 @@ typedef struct {
 // mountinfo.c
 MountData *get_last_mount(void);
 int get_mount_id(const char *path);
-char **build_mount_array(const int mountid, const char *path);
+char **build_mount_array(const int mount_id, const char *path);
 // fs_var.c
 void fs_var_log(void);  // mounting /var/log
diff --git a/src/firejail/mountinfo.c b/src/firejail/mountinfo.c
index ab1e501a7..a7dc714df 100644
--- a/src/firejail/mountinfo.c
+++ b/src/firejail/mountinfo.c
@@ -69,7 +69,7 @@ static void unmangle_path(char *path) {
 static void parse_line(char *line, MountData *output) {
        assert(line && output);
        memset(output, 0, sizeof(*output));
-        // extract filesystem name, directory and filesystem types
+        // extract mount id, filesystem name, directory and filesystem types
        // examples:
        //      587 543 8:1 /tmp /etc rw,relatime master:1 - ext4 /dev/sda1 rw,errors=remount-ro,data=ordered
        //              output.mountid: 587
@@ -153,6 +153,8 @@ MountData *get_last_mount(void) {
 // Extract the mount id from /proc/self/fdinfo and return it.
 int get_mount_id(const char *path) {
+        assert(path);
        int fd = open(path, O_PATH|O_CLOEXEC);
        if (fd == -1)
                return -1;
@@ -197,8 +199,12 @@ int get_mount_id(const char *path) {
        return -2;
 }
-// Return array with all paths that might need a remount.
+// Check /proc/self/mountinfo if path has any submounts (or if path would have submounts
-char **build_mount_array(const int mountid, const char *path) {
+// if it was made a mount point).
+// Returns an array that can be iterated over for recursive remounting.
+char **build_mount_array(const int mount_id, const char *path) {
+        assert(path);
        // open /proc/self/mountinfo
        FILE *fp = fopen("/proc/self/mountinfo", "re");
        if (!fp) {
@@ -207,29 +213,33 @@ char **build_mount_array(const int mountid, const char *path) {
                exit(1);
        }
-        size_t size = 32;
+        // array to be returned
        size_t cnt = 0;
+        size_t size = 32;
        char **rv = malloc(size * sizeof(*rv));
        if (!rv)
                errExit("malloc");
        // read /proc/self/mountinfo
        size_t pathlen = strlen(path);
+        char buf[MAX_BUF];
+        MountData mntp;
        int found = 0;
-        if (fgets(mbuf, MAX_BUF, fp) == NULL) {
+        if (fgets(buf, MAX_BUF, fp) == NULL) {
                fprintf(stderr, "Error: cannot read /proc/self/mountinfo\n");
                exit(1);
        }
        do {
                // find mount point with mount id
                if (!found) {
-                        parse_line(mbuf, &mdata);
+                        parse_line(buf, &mntp);
-                        if (mdata.mountid == mountid) {
+                        if (mntp.mountid == mount_id) {
-                            // don't remount blacklisted paths,
+                                // give up if mount id has been reassigned,
-                            // give up if mount id has been reassigned
+                                // don't remount blacklisted path
-                            if (strstr(mdata.fsname, "firejail.ro.dir") ||
+                                if (strncmp(mntp.dir, path, strlen(mntp.dir)) ||
-                                strstr(mdata.fsname, "firejail.ro.file") ||
+                                strstr(mntp.fsname, "firejail.ro.dir") ||
-                                strncmp(mdata.dir, path, strlen(mdata.dir)))
+                                strstr(mntp.fsname, "firejail.ro.file"))
                                break;
                                *rv = strdup(path);
@@ -244,24 +254,24 @@ char **build_mount_array(const int mountid, const char *path) {
                }
                // from here on add all mount points below path,
                // don't remount blacklisted paths
-                parse_line(mbuf, &mdata);
+                parse_line(buf, &mntp);
-                if (strncmp(mdata.dir, path, pathlen) == 0 &&
+                if (strncmp(mntp.dir, path, pathlen) == 0 &&
-                    mdata.dir[pathlen] == '/' &&
+                    mntp.dir[pathlen] == '/' &&
-                    strstr(mdata.fsname, "firejail.ro.dir") == NULL &&
+                    strstr(mntp.fsname, "firejail.ro.dir") == NULL &&
-                    strstr(mdata.fsname, "firejail.ro.file") == NULL) {
+                    strstr(mntp.fsname, "firejail.ro.file") == NULL) {
-                        if (cnt >= size) {
+                        if (cnt == size) {
                                size *= 2;
                                rv = realloc(rv, size * sizeof(*rv));
                                if (!rv)
                                        errExit("realloc");
                        }
-                        rv[cnt] = strdup(mdata.dir);
+                        rv[cnt] = strdup(mntp.dir);
                        if (rv[cnt] == NULL)
                                errExit("strdup");
                        cnt++;
                }
-        } while (fgets(mbuf, MAX_BUF, fp));
+        } while (fgets(buf, MAX_BUF, fp));
        if (cnt == size) {
                size++;
diff --git a/src/lib/firejail_user.c b/src/lib/firejail_user.c
index 4dbbcee2a..a595d8331 100644
--- a/src/lib/firejail_user.c
+++ b/src/lib/firejail_user.c
@@ -115,16 +115,10 @@ int firejail_user_check(const char *name) {
        // check file existence
        char *fname = get_fname();
        assert(fname);
-        if (access(fname, F_OK)) {
+        if (access(fname, F_OK) == -1 && errno == ENOENT) {
-                if (errno == ENOENT) { // assume the user doesn't care about access checking
+                // assume the user doesn't care about access checking
-                        free(fname);
+                free(fname);
-                        return 1;
+                return 1;
-                }
-                else { // for example no search permission on SYSCONFDIR
-                        fprintf(stderr, "Error: cannot access %s\n", fname);
-                        perror("access");
-                        exit(1);
-                }
        }
        FILE *fp = fopen(fname, "r");
author	smitsohu <smitsohu@gmail.com>	2018-11-13 16:42:10 +0100
committer	smitsohu <smitsohu@gmail.com>	2018-11-13 16:42:10 +0100
commit	a0f6b2e900432271cb6d73d8725b5a13d7368438 (patch)
tree	e27ee1c9db364bcab5bcb04b6950a33c0ee4aed2
parent	user database: improve error strings and checks (diff)
download	firejail-a0f6b2e900432271cb6d73d8725b5a13d7368438.tar.gz firejail-a0f6b2e900432271cb6d73d8725b5a13d7368438.tar.zst firejail-a0f6b2e900432271cb6d73d8725b5a13d7368438.zip

diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 8a397e3d8..2e921ad37 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h
@@ -562,7 +562,7 @@ typedef struct {
562	// mountinfo.c	562	// mountinfo.c
563	MountData *get_last_mount(void);	563	MountData *get_last_mount(void);
564	int get_mount_id(const char *path);	564	int get_mount_id(const char *path);
565	char *build_mount_array(const int mountid, const char path);	565	char *build_mount_array(const int mount_id, const char path);
566		566
567	// fs_var.c	567	// fs_var.c
568	void fs_var_log(void); // mounting /var/log	568	void fs_var_log(void); // mounting /var/log


diff --git a/src/firejail/mountinfo.c b/src/firejail/mountinfo.c index ab1e501a7..a7dc714df 100644 --- a/src/firejail/mountinfo.c +++ b/src/firejail/mountinfo.c
@@ -69,7 +69,7 @@ static void unmangle_path(char *path) {
69	static void parse_line(char line, MountData output) {	69	static void parse_line(char line, MountData output) {
70	assert(line && output);	70	assert(line && output);
71	memset(output, 0, sizeof(*output));	71	memset(output, 0, sizeof(*output));
72	// extract filesystem name, directory and filesystem types	72	// extract mount id, filesystem name, directory and filesystem types
73	// examples:	73	// examples:
74	// 587 543 8:1 /tmp /etc rw,relatime master:1 - ext4 /dev/sda1 rw,errors=remount-ro,data=ordered	74	// 587 543 8:1 /tmp /etc rw,relatime master:1 - ext4 /dev/sda1 rw,errors=remount-ro,data=ordered
75	// output.mountid: 587	75	// output.mountid: 587
@@ -153,6 +153,8 @@ MountData *get_last_mount(void) {
153		153
154	// Extract the mount id from /proc/self/fdinfo and return it.	154	// Extract the mount id from /proc/self/fdinfo and return it.
155	int get_mount_id(const char *path) {	155	int get_mount_id(const char *path) {
		156	assert(path);
		157
156	int fd = open(path, O_PATH\|O_CLOEXEC);	158	int fd = open(path, O_PATH\|O_CLOEXEC);
157	if (fd == -1)	159	if (fd == -1)
158	return -1;	160	return -1;
@@ -197,8 +199,12 @@ int get_mount_id(const char *path) {
197	return -2;	199	return -2;
198	}	200	}
199		201
200	// Return array with all paths that might need a remount.	202	// Check /proc/self/mountinfo if path has any submounts (or if path would have submounts
201	char *build_mount_array(const int mountid, const char path) {	203	// if it was made a mount point).
		204	// Returns an array that can be iterated over for recursive remounting.
		205	char *build_mount_array(const int mount_id, const char path) {
		206	assert(path);
		207
202	// open /proc/self/mountinfo	208	// open /proc/self/mountinfo
203	FILE *fp = fopen("/proc/self/mountinfo", "re");	209	FILE *fp = fopen("/proc/self/mountinfo", "re");
204	if (!fp) {	210	if (!fp) {
@@ -207,29 +213,33 @@ char *build_mount_array(const int mountid, const char path) {
207	exit(1);	213	exit(1);
208	}	214	}
209		215
210	size_t size = 32;	216	// array to be returned
211	size_t cnt = 0;	217	size_t cnt = 0;
		218	size_t size = 32;
212	char *rv = malloc(size sizeof(*rv));	219	char *rv = malloc(size sizeof(*rv));
213	if (!rv)	220	if (!rv)
214	errExit("malloc");	221	errExit("malloc");
215		222
216	// read /proc/self/mountinfo	223	// read /proc/self/mountinfo
217	size_t pathlen = strlen(path);	224	size_t pathlen = strlen(path);
		225	char buf[MAX_BUF];
		226	MountData mntp;
218	int found = 0;	227	int found = 0;
219	if (fgets(mbuf, MAX_BUF, fp) == NULL) {	228
		229	if (fgets(buf, MAX_BUF, fp) == NULL) {
220	fprintf(stderr, "Error: cannot read /proc/self/mountinfo\n");	230	fprintf(stderr, "Error: cannot read /proc/self/mountinfo\n");
221	exit(1);	231	exit(1);
222	}	232	}
223	do {	233	do {
224	// find mount point with mount id	234	// find mount point with mount id
225	if (!found) {	235	if (!found) {
226	parse_line(mbuf, &mdata);	236	parse_line(buf, &mntp);
227	if (mdata.mountid == mountid) {	237	if (mntp.mountid == mount_id) {
228	// don't remount blacklisted paths,	238	// give up if mount id has been reassigned,
229	// give up if mount id has been reassigned	239	// don't remount blacklisted path
230	if (strstr(mdata.fsname, "firejail.ro.dir") \|\|	240	if (strncmp(mntp.dir, path, strlen(mntp.dir)) \|\|
231	strstr(mdata.fsname, "firejail.ro.file") \|\|	241	strstr(mntp.fsname, "firejail.ro.dir") \|\|
232	strncmp(mdata.dir, path, strlen(mdata.dir)))	242	strstr(mntp.fsname, "firejail.ro.file"))
233	break;	243	break;
234		244
235	*rv = strdup(path);	245	*rv = strdup(path);
@@ -244,24 +254,24 @@ char *build_mount_array(const int mountid, const char path) {
244	}	254	}
245	// from here on add all mount points below path,	255	// from here on add all mount points below path,
246	// don't remount blacklisted paths	256	// don't remount blacklisted paths
247	parse_line(mbuf, &mdata);	257	parse_line(buf, &mntp);
248	if (strncmp(mdata.dir, path, pathlen) == 0 &&	258	if (strncmp(mntp.dir, path, pathlen) == 0 &&
249	mdata.dir[pathlen] == '/' &&	259	mntp.dir[pathlen] == '/' &&
250	strstr(mdata.fsname, "firejail.ro.dir") == NULL &&	260	strstr(mntp.fsname, "firejail.ro.dir") == NULL &&
251	strstr(mdata.fsname, "firejail.ro.file") == NULL) {	261	strstr(mntp.fsname, "firejail.ro.file") == NULL) {
252		262
253	if (cnt >= size) {	263	if (cnt == size) {
254	size *= 2;	264	size *= 2;
255	rv = realloc(rv, size * sizeof(*rv));	265	rv = realloc(rv, size * sizeof(*rv));
256	if (!rv)	266	if (!rv)
257	errExit("realloc");	267	errExit("realloc");
258	}	268	}
259	rv[cnt] = strdup(mdata.dir);	269	rv[cnt] = strdup(mntp.dir);
260	if (rv[cnt] == NULL)	270	if (rv[cnt] == NULL)
261	errExit("strdup");	271	errExit("strdup");
262	cnt++;	272	cnt++;
263	}	273	}
264	} while (fgets(mbuf, MAX_BUF, fp));	274	} while (fgets(buf, MAX_BUF, fp));
265		275
266	if (cnt == size) {	276	if (cnt == size) {
267	size++;	277	size++;


diff --git a/src/lib/firejail_user.c b/src/lib/firejail_user.c index 4dbbcee2a..a595d8331 100644 --- a/src/lib/firejail_user.c +++ b/src/lib/firejail_user.c
@@ -115,16 +115,10 @@ int firejail_user_check(const char *name) {
115	// check file existence	115	// check file existence
116	char *fname = get_fname();	116	char *fname = get_fname();
117	assert(fname);	117	assert(fname);
118	if (access(fname, F_OK)) {	118	if (access(fname, F_OK) == -1 && errno == ENOENT) {
119	if (errno == ENOENT) { // assume the user doesn't care about access checking	119	// assume the user doesn't care about access checking
120	free(fname);	120	free(fname);
121	return 1;	121	return 1;
122	}
123	else { // for example no search permission on SYSCONFDIR
124	fprintf(stderr, "Error: cannot access %s\n", fname);
125	perror("access");
126	exit(1);
127	}
128	}	122	}
129		123
130	FILE *fp = fopen(fname, "r");	124	FILE *fp = fopen(fname, "r");