--git-install

author: netblue30 <netblue30@yahoo.com> 2017-02-04 16:01:49 -0500
committer: netblue30 <netblue30@yahoo.com> 2017-02-04 16:01:49 -0500
commit: d580c3454f59d10d6e0d63280658a40cd575dffa (patch)
tree: 32041411c62af8b04b33bde0bddc2990db231305
parent: --git-install (diff)
download: firejail-d580c3454f59d10d6e0d63280658a40cd575dffa.tar.gz
firejail-d580c3454f59d10d6e0d63280658a40cd575dffa.tar.zst
firejail-d580c3454f59d10d6e0d63280658a40cd575dffa.zip
1 files changed, 16 insertions, 28 deletions
diff --git a/src/firejail/git.c b/src/firejail/git.c
index aaae44de7..1cfbb1bf4 100644
--- a/src/firejail/git.c
+++ b/src/firejail/git.c
@@ -23,6 +23,7 @@
 #include <sys/mount.h>
 // install a very simple mount namespace sandbox with a tmpfs on top of /tmp
+// and drop privileges
 static void sbox_ns(void) {
        if (unshare(CLONE_NEWNS) < 0)
                errExit("unshare");
@@ -32,20 +33,11 @@ static void sbox_ns(void) {
                errExit("mount");
        }
-        // moount a tmpfs on top of /tmp
+        // mount a tmpfs on top of /tmp
        if (mount(NULL, "/tmp", "tmpfs", 0, NULL) < 0)
                errExit("mount");
-}
-                
-void git_install() {
-        // redirect to "/usr/bin/firejail --noprofile --private-tmp /usr/lib/firejail/fgit-install.sh"
-        EUID_ASSERT();
-        EUID_ROOT();
-        
-        // install a mount namespace with a tmpfs on top of /tmp
-        sbox_ns();
-        
        // drop privileges
        if (setgid(getgid()) < 0)
                errExit("setgid/getgid");
@@ -59,15 +51,25 @@ void git_install() {
        printf("/tmp directory: "); fflush(0);
        rv = system("ls -l /tmp");
        (void) rv;
+}
+                
+void git_install(void) {
+        // redirect to "/usr/bin/firejail --noprofile --private-tmp /usr/lib/firejail/fgit-install.sh"
+        EUID_ASSERT();
+        EUID_ROOT();
+        
+        // install a mount namespace with a tmpfs on top of /tmp
+        sbox_ns();
+        
        // run command
        const char *cmd = LIBDIR "/firejail/fgit-install.sh";
-        rv = system(cmd);
+        int rv = system(cmd);
        (void) rv;
        exit(0);
 }
-void git_uninstall() {
+void git_uninstall(void) {
        // redirect to "/usr/bin/firejail --noprofile --private-tmp /usr/lib/firejail/fgit-install.sh"
        EUID_ASSERT();
        EUID_ROOT();
@@ -75,23 +77,9 @@ void git_uninstall() {
        // install a mount namespace with a tmpfs on top of /tmp
        sbox_ns();
        
-        // drop privileges
-        if (setgid(getgid()) < 0)
-                errExit("setgid/getgid");
-        if (setuid(getuid()) < 0)
-                errExit("setuid/getuid");
-        assert(getenv("LD_PRELOAD") == NULL);   
-        printf("Running as "); fflush(0);
-        int rv = system("whoami");
-        (void) rv;
-        printf("/tmp directory: "); fflush(0);
-        rv = system("ls -l /tmp");
-        (void) rv;
        // run command
        const char *cmd = LIBDIR "/firejail/fgit-uninstall.sh";
-        rv = system(cmd);
+        int rv = system(cmd);
        (void) rv;
        exit(0);
 }
author	netblue30 <netblue30@yahoo.com>	2017-02-04 16:01:49 -0500
committer	netblue30 <netblue30@yahoo.com>	2017-02-04 16:01:49 -0500
commit	d580c3454f59d10d6e0d63280658a40cd575dffa (patch)
tree	32041411c62af8b04b33bde0bddc2990db231305
parent	--git-install (diff)
download	firejail-d580c3454f59d10d6e0d63280658a40cd575dffa.tar.gz firejail-d580c3454f59d10d6e0d63280658a40cd575dffa.tar.zst firejail-d580c3454f59d10d6e0d63280658a40cd575dffa.zip

diff --git a/src/firejail/git.c b/src/firejail/git.c index aaae44de7..1cfbb1bf4 100644 --- a/src/firejail/git.c +++ b/src/firejail/git.c
@@ -23,6 +23,7 @@
23	#include <sys/mount.h>	23	#include <sys/mount.h>
24		24
25	// install a very simple mount namespace sandbox with a tmpfs on top of /tmp	25	// install a very simple mount namespace sandbox with a tmpfs on top of /tmp
		26	// and drop privileges
26	static void sbox_ns(void) {	27	static void sbox_ns(void) {
27	if (unshare(CLONE_NEWNS) < 0)	28	if (unshare(CLONE_NEWNS) < 0)
28	errExit("unshare");	29	errExit("unshare");
@@ -32,20 +33,11 @@ static void sbox_ns(void) {
32	errExit("mount");	33	errExit("mount");
33	}	34	}
34		35
35	// moount a tmpfs on top of /tmp	36	// mount a tmpfs on top of /tmp
36	if (mount(NULL, "/tmp", "tmpfs", 0, NULL) < 0)	37	if (mount(NULL, "/tmp", "tmpfs", 0, NULL) < 0)
37	errExit("mount");	38	errExit("mount");
38	}
39
40		39
41	void git_install() {	40
42	// redirect to "/usr/bin/firejail --noprofile --private-tmp /usr/lib/firejail/fgit-install.sh"
43	EUID_ASSERT();
44	EUID_ROOT();
45
46	// install a mount namespace with a tmpfs on top of /tmp
47	sbox_ns();
48
49	// drop privileges	41	// drop privileges
50	if (setgid(getgid()) < 0)	42	if (setgid(getgid()) < 0)
51	errExit("setgid/getgid");	43	errExit("setgid/getgid");
@@ -59,15 +51,25 @@ void git_install() {
59	printf("/tmp directory: "); fflush(0);	51	printf("/tmp directory: "); fflush(0);
60	rv = system("ls -l /tmp");	52	rv = system("ls -l /tmp");
61	(void) rv;	53	(void) rv;
		54	}
		55
62		56
		57	void git_install(void) {
		58	// redirect to "/usr/bin/firejail --noprofile --private-tmp /usr/lib/firejail/fgit-install.sh"
		59	EUID_ASSERT();
		60	EUID_ROOT();
		61
		62	// install a mount namespace with a tmpfs on top of /tmp
		63	sbox_ns();
		64
63	// run command	65	// run command
64	const char *cmd = LIBDIR "/firejail/fgit-install.sh";	66	const char *cmd = LIBDIR "/firejail/fgit-install.sh";
65	rv = system(cmd);	67	int rv = system(cmd);
66	(void) rv;	68	(void) rv;
67	exit(0);	69	exit(0);
68	}	70	}
69		71
70	void git_uninstall() {	72	void git_uninstall(void) {
71	// redirect to "/usr/bin/firejail --noprofile --private-tmp /usr/lib/firejail/fgit-install.sh"	73	// redirect to "/usr/bin/firejail --noprofile --private-tmp /usr/lib/firejail/fgit-install.sh"
72	EUID_ASSERT();	74	EUID_ASSERT();
73	EUID_ROOT();	75	EUID_ROOT();
@@ -75,23 +77,9 @@ void git_uninstall() {
75	// install a mount namespace with a tmpfs on top of /tmp	77	// install a mount namespace with a tmpfs on top of /tmp
76	sbox_ns();	78	sbox_ns();
77		79
78	// drop privileges
79	if (setgid(getgid()) < 0)
80	errExit("setgid/getgid");
81	if (setuid(getuid()) < 0)
82	errExit("setuid/getuid");
83	assert(getenv("LD_PRELOAD") == NULL);
84
85	printf("Running as "); fflush(0);
86	int rv = system("whoami");
87	(void) rv;
88	printf("/tmp directory: "); fflush(0);
89	rv = system("ls -l /tmp");
90	(void) rv;
91
92	// run command	80	// run command
93	const char *cmd = LIBDIR "/firejail/fgit-uninstall.sh";	81	const char *cmd = LIBDIR "/firejail/fgit-uninstall.sh";
94	rv = system(cmd);	82	int rv = system(cmd);
95	(void) rv;	83	(void) rv;
96	exit(0);	84	exit(0);
97	}	85	}