diff options
| author |  Kristóf Marussy <kris7topher@gmail.com> | 2019-12-27 21:13:34 +0100 |
|---|---|---|
| committer | Kristóf Marussy <kris7topher@gmail.com> | 2019-12-30 02:38:59 +0100 |
| commit | 8dd73b29fd99aedf9000e9e0c3278de8cf89ac5d (patch) | |
| tree | e1ee4f761d6a51ee3da7aef5851042d53b4af1db | |
| parent | Allow resolv.conf be written by dhclient (diff) | |
| download | firejail-8dd73b29fd99aedf9000e9e0c3278de8cf89ac5d.tar.gz firejail-8dd73b29fd99aedf9000e9e0c3278de8cf89ac5d.tar.zst firejail-8dd73b29fd99aedf9000e9e0c3278de8cf89ac5d.zip | |
Add sbox_run_v to run programs with explicit argument lists
Refactored sbox_run to pass the varargs argument list as an array to an
auxiliary function.
The auxiliary function allows running programs with dynamically built
argument lists.
| -rw-r--r-- | src/firejail/firejail.h | 1 | ||||
| -rw-r--r-- | src/firejail/sbox.c | 23 |
2 files changed, 18 insertions, 6 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index bfe680d24..0311968c3 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
| @@ -815,6 +815,7 @@ void build_appimage_cmdline(char **command_line, char **window_title, int argc, | |||
| 815 | 815 | ||
| 816 | // run sbox | 816 | // run sbox |
| 817 | int sbox_run(unsigned filter, int num, ...); | 817 | int sbox_run(unsigned filter, int num, ...); |
| 818 | int sbox_run_v(unsigned filter, char * const arg[]); | ||
| 818 | 819 | ||
| 819 | // run_files.c | 820 | // run_files.c |
| 820 | void delete_run_files(pid_t pid); | 821 | void delete_run_files(pid_t pid); |
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c index e5739ecb5..a90cb7668 100644 --- a/src/firejail/sbox.c +++ b/src/firejail/sbox.c | |||
| @@ -105,23 +105,34 @@ static struct sock_fprog prog = { | |||
| 105 | }; | 105 | }; |
| 106 | 106 | ||
| 107 | int sbox_run(unsigned filtermask, int num, ...) { | 107 | int sbox_run(unsigned filtermask, int num, ...) { |
| 108 | EUID_ROOT(); | ||
| 109 | |||
| 110 | int i; | ||
| 111 | va_list valist; | 108 | va_list valist; |
| 112 | va_start(valist, num); | 109 | va_start(valist, num); |
| 113 | 110 | ||
| 114 | // build argument list | 111 | // build argument list |
| 115 | char *arg[num + 1]; | 112 | char **arg = malloc((num + 1) * sizeof(char *)); |
| 113 | int i; | ||
| 116 | for (i = 0; i < num; i++) | 114 | for (i = 0; i < num; i++) |
| 117 | arg[i] = va_arg(valist, char*); | 115 | arg[i] = va_arg(valist, char*); |
| 118 | arg[i] = NULL; | 116 | arg[i] = NULL; |
| 119 | va_end(valist); | 117 | va_end(valist); |
| 120 | 118 | ||
| 119 | int status = sbox_run_v(filtermask, arg); | ||
| 120 | |||
| 121 | free(arg); | ||
| 122 | |||
| 123 | return status; | ||
| 124 | } | ||
| 125 | |||
| 126 | int sbox_run_v(unsigned filtermask, char * const arg[]) { | ||
| 127 | EUID_ROOT(); | ||
| 128 | |||
| 121 | if (arg_debug) { | 129 | if (arg_debug) { |
| 122 | printf("sbox run: "); | 130 | printf("sbox run: "); |
| 123 | for (i = 0; i <= num; i++) | 131 | int i = 0; |
| 132 | while (arg[i]) { | ||
| 124 | printf("%s ", arg[i]); | 133 | printf("%s ", arg[i]); |
| 134 | i++; | ||
| 135 | } | ||
| 125 | printf("\n"); | 136 | printf("\n"); |
| 126 | } | 137 | } |
| 127 | 138 | ||
| @@ -171,7 +182,7 @@ int sbox_run(unsigned filtermask, int num, ...) { | |||
| 171 | 182 | ||
| 172 | // close all other file descriptors | 183 | // close all other file descriptors |
| 173 | int max = 20; // getdtablesize() is overkill for a firejail process | 184 | int max = 20; // getdtablesize() is overkill for a firejail process |
| 174 | for (i = 3; i < max; i++) | 185 | for (int i = 3; i < max; i++) |
| 175 | close(i); // close open files | 186 | close(i); // close open files |
| 176 | 187 | ||
| 177 | umask(027); | 188 | umask(027); |