fix older platforms

author: netblue30 <netblue30@yahoo.com> 2016-12-15 11:52:19 -0500
committer: netblue30 <netblue30@yahoo.com> 2016-12-15 11:52:19 -0500
commit: d4b8abd58351fbd1b61cbad7898ae30dc0ee9da4 (patch)
tree: 73c6a776b9f98c741714a8e0a47878c7b87e4ccd
parent: added a 1 second delay after xpra server is started (diff)
download: firejail-d4b8abd58351fbd1b61cbad7898ae30dc0ee9da4.tar.gz
firejail-d4b8abd58351fbd1b61cbad7898ae30dc0ee9da4.tar.zst
firejail-d4b8abd58351fbd1b61cbad7898ae30dc0ee9da4.zip
1 files changed, 27 insertions, 21 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index adddf626b..890f281aa 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -532,29 +532,35 @@ void fs_proc_sys_dev_boot(void) {
        disable_file(BLACKLIST_FILE, "/dev/port");
        
-        // disable various ipc sockets
-        struct stat s; 
-        // disable /run/user/{uid}/gnupg
+        // disable various ipc sockets in /run/user
-        char *fnamegpg;
+        struct stat s; 
-        if (asprintf(&fnamegpg, "/run/user/%d/gnupg", getuid()) == -1)
+        
-                errExit("asprintf");
+        char *fname;
-        if (stat(fnamegpg, &s) == -1) 
+        if (asprintf(&fname, "/run/usr/%d", getuid()) == -1)
-            mkdir_attr(fnamegpg, 0700, getuid(), getgid());
-        if (stat(fnamegpg, &s) == 0)
-                disable_file(BLACKLIST_FILE, fnamegpg);
-        free(fnamegpg);
-        // disable /run/user/{uid}/systemd
-        char *fnamesysd;
-        if (asprintf(&fnamesysd, "/run/user/%d/systemd", getuid()) == -1)
                errExit("asprintf");
-        if (stat(fnamesysd, &s) == -1) 
+        if (is_dir(fname)) { // older distros don't have this directory
-                mkdir_attr(fnamesysd, 0755, getuid(), getgid());
+                // disable /run/user/{uid}/gnupg
-        if (stat(fnamesysd, &s) == 0)
+                char *fnamegpg;
-                disable_file(BLACKLIST_FILE, fnamesysd);
+                if (asprintf(&fnamegpg, "/run/user/%d/gnupg", getuid()) == -1)
-        free(fnamesysd);
+                        errExit("asprintf");
+                if (stat(fnamegpg, &s) == -1) 
+                    mkdir_attr(fnamegpg, 0700, getuid(), getgid());
+                if (stat(fnamegpg, &s) == 0)
+                        disable_file(BLACKLIST_FILE, fnamegpg);
+                free(fnamegpg);
+                
+                // disable /run/user/{uid}/systemd
+                char *fnamesysd;
+                if (asprintf(&fnamesysd, "/run/user/%d/systemd", getuid()) == -1)
+                        errExit("asprintf");
+                if (stat(fnamesysd, &s) == -1) 
+                        mkdir_attr(fnamesysd, 0755, getuid(), getgid());
+                if (stat(fnamesysd, &s) == 0)
+                        disable_file(BLACKLIST_FILE, fnamesysd);
+                free(fnamesysd);
+        }
+        free(fname);
        
 // todo: investigate
 #if 0
author	netblue30 <netblue30@yahoo.com>	2016-12-15 11:52:19 -0500
committer	netblue30 <netblue30@yahoo.com>	2016-12-15 11:52:19 -0500
commit	d4b8abd58351fbd1b61cbad7898ae30dc0ee9da4 (patch)
tree	73c6a776b9f98c741714a8e0a47878c7b87e4ccd
parent	added a 1 second delay after xpra server is started (diff)
download	firejail-d4b8abd58351fbd1b61cbad7898ae30dc0ee9da4.tar.gz firejail-d4b8abd58351fbd1b61cbad7898ae30dc0ee9da4.tar.zst firejail-d4b8abd58351fbd1b61cbad7898ae30dc0ee9da4.zip

diff --git a/src/firejail/fs.c b/src/firejail/fs.c index adddf626b..890f281aa 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c
@@ -532,29 +532,35 @@ void fs_proc_sys_dev_boot(void) {
532	disable_file(BLACKLIST_FILE, "/dev/port");	532	disable_file(BLACKLIST_FILE, "/dev/port");
533		533
534		534
535	// disable various ipc sockets
536	struct stat s;
537		535
538	// disable /run/user/{uid}/gnupg	536	// disable various ipc sockets in /run/user
539	char *fnamegpg;	537	struct stat s;
540	if (asprintf(&fnamegpg, "/run/user/%d/gnupg", getuid()) == -1)	538
541	errExit("asprintf");	539	char *fname;
542	if (stat(fnamegpg, &s) == -1)	540	if (asprintf(&fname, "/run/usr/%d", getuid()) == -1)
543	mkdir_attr(fnamegpg, 0700, getuid(), getgid());
544	if (stat(fnamegpg, &s) == 0)
545	disable_file(BLACKLIST_FILE, fnamegpg);
546	free(fnamegpg);
547
548	// disable /run/user/{uid}/systemd
549	char *fnamesysd;
550	if (asprintf(&fnamesysd, "/run/user/%d/systemd", getuid()) == -1)
551	errExit("asprintf");	541	errExit("asprintf");
552	if (stat(fnamesysd, &s) == -1)	542	if (is_dir(fname)) { // older distros don't have this directory
553	mkdir_attr(fnamesysd, 0755, getuid(), getgid());	543	// disable /run/user/{uid}/gnupg
554	if (stat(fnamesysd, &s) == 0)	544	char *fnamegpg;
555	disable_file(BLACKLIST_FILE, fnamesysd);	545	if (asprintf(&fnamegpg, "/run/user/%d/gnupg", getuid()) == -1)
556	free(fnamesysd);	546	errExit("asprintf");
557		547	if (stat(fnamegpg, &s) == -1)
		548	mkdir_attr(fnamegpg, 0700, getuid(), getgid());
		549	if (stat(fnamegpg, &s) == 0)
		550	disable_file(BLACKLIST_FILE, fnamegpg);
		551	free(fnamegpg);
		552
		553	// disable /run/user/{uid}/systemd
		554	char *fnamesysd;
		555	if (asprintf(&fnamesysd, "/run/user/%d/systemd", getuid()) == -1)
		556	errExit("asprintf");
		557	if (stat(fnamesysd, &s) == -1)
		558	mkdir_attr(fnamesysd, 0755, getuid(), getgid());
		559	if (stat(fnamesysd, &s) == 0)
		560	disable_file(BLACKLIST_FILE, fnamesysd);
		561	free(fnamesysd);
		562	}
		563	free(fname);
558		564
559	// todo: investigate	565	// todo: investigate
560	#if 0	566	#if 0