Arch fixes

author: netblue30 <netblue30@yahoo.com> 2016-08-31 10:40:16 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-08-31 10:40:16 -0400
commit: ddcd56b11c47278fe887e5b4fb5bd86715881114 (patch)
tree: 545cfd2339ab7fc0b48b2027c0530df808b43128
parent: fix join caps (diff)
download: firejail-ddcd56b11c47278fe887e5b4fb5bd86715881114.tar.gz
firejail-ddcd56b11c47278fe887e5b4fb5bd86715881114.tar.zst
firejail-ddcd56b11c47278fe887e5b4fb5bd86715881114.zip
2 files changed, 28 insertions, 19 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 33037da29..11e626b6e 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -554,24 +554,30 @@ void fs_whitelist(void) {
        
        // /media mountpoint
        if (media_dir) {
-                // keep a copy of real /media directory in RUN_WHITELIST_MEDIA_DIR
+                // some distros don't have a /media directory
-                int rv = mkdir(RUN_WHITELIST_MEDIA_DIR, 0755);
+                struct stat s;
-                if (rv == -1)
+                if (stat("/media", &s) == 0) {
-                        errExit("mkdir");
+                        // keep a copy of real /media directory in RUN_WHITELIST_MEDIA_DIR
-                if (chown(RUN_WHITELIST_MEDIA_DIR, 0, 0) < 0)
+                        int rv = mkdir(RUN_WHITELIST_MEDIA_DIR, 0755);
-                        errExit("chown");
+                        if (rv == -1)
-                if (chmod(RUN_WHITELIST_MEDIA_DIR, 0755) < 0)
+                                errExit("mkdir");
-                        errExit("chmod");
+                        if (chown(RUN_WHITELIST_MEDIA_DIR, 0, 0) < 0)
+                                errExit("chown");
+                        if (chmod(RUN_WHITELIST_MEDIA_DIR, 0755) < 0)
+                                errExit("chmod");
        
-                if (mount("/media", RUN_WHITELIST_MEDIA_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
+                        if (mount("/media", RUN_WHITELIST_MEDIA_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
-                        errExit("mount bind");
+                                errExit("mount bind");
        
-                // mount tmpfs on /media
+                        // mount tmpfs on /media
-                if (arg_debug || arg_debug_whitelists)
+                        if (arg_debug || arg_debug_whitelists)
-                        printf("Mounting tmpfs on /media directory\n");
+                                printf("Mounting tmpfs on /media directory\n");
-                if (mount("tmpfs", "/media", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=755,gid=0") < 0)
+                        if (mount("tmpfs", "/media", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=755,gid=0") < 0)
-                        errExit("mounting tmpfs on /media");
+                                errExit("mounting tmpfs on /media");
-                fs_logger("tmpfs /media");
+                        fs_logger("tmpfs /media");
+                }
+                else
+                        media_dir = 0;
        }
        // /var mountpoint
diff --git a/test/fs/private-etc-empty.exp b/test/fs/private-etc-empty.exp
index 2ab634afd..5ddce8678 100755
--- a/test/fs/private-etc-empty.exp
+++ b/test/fs/private-etc-empty.exp
@@ -3,7 +3,7 @@
 # Copyright (C) 2014-2016 Firejail Authors
 # License GPL v2
-set timeout 30
+set timeout 10
 spawn $env(SHELL)
 match_max 100000
@@ -17,7 +17,8 @@ sleep 1
 send -- "ls -l /etc | wc -l\r"
 expect {
        timeout {puts "TESTING ERROR 1\n";exit}
-        "0"
+        "0" {puts "Debian\n"}
+        "1" {puts "Arch\n"}
 }
 send -- "exit\r"
 sleep 1
@@ -32,7 +33,9 @@ sleep 1
 send -- "ls -l /etc | wc -l\r"
 expect {
        timeout {puts "TESTING ERROR 1\n";exit}
-        "0"
+        "0" {puts "Debian\n"}
+        "1" {puts "Arch\n"}
 }
 after 100
author	netblue30 <netblue30@yahoo.com>	2016-08-31 10:40:16 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-08-31 10:40:16 -0400
commit	ddcd56b11c47278fe887e5b4fb5bd86715881114 (patch)
tree	545cfd2339ab7fc0b48b2027c0530df808b43128
parent	fix join caps (diff)
download	firejail-ddcd56b11c47278fe887e5b4fb5bd86715881114.tar.gz firejail-ddcd56b11c47278fe887e5b4fb5bd86715881114.tar.zst firejail-ddcd56b11c47278fe887e5b4fb5bd86715881114.zip

diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 33037da29..11e626b6e 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c
@@ -554,24 +554,30 @@ void fs_whitelist(void) {
554		554
555	// /media mountpoint	555	// /media mountpoint
556	if (media_dir) {	556	if (media_dir) {
557	// keep a copy of real /media directory in RUN_WHITELIST_MEDIA_DIR	557	// some distros don't have a /media directory
558	int rv = mkdir(RUN_WHITELIST_MEDIA_DIR, 0755);	558	struct stat s;
559	if (rv == -1)	559	if (stat("/media", &s) == 0) {
560	errExit("mkdir");	560	// keep a copy of real /media directory in RUN_WHITELIST_MEDIA_DIR
561	if (chown(RUN_WHITELIST_MEDIA_DIR, 0, 0) < 0)	561	int rv = mkdir(RUN_WHITELIST_MEDIA_DIR, 0755);
562	errExit("chown");	562	if (rv == -1)
563	if (chmod(RUN_WHITELIST_MEDIA_DIR, 0755) < 0)	563	errExit("mkdir");
564	errExit("chmod");	564	if (chown(RUN_WHITELIST_MEDIA_DIR, 0, 0) < 0)
		565	errExit("chown");
		566	if (chmod(RUN_WHITELIST_MEDIA_DIR, 0755) < 0)
		567	errExit("chmod");
565		568
566	if (mount("/media", RUN_WHITELIST_MEDIA_DIR, NULL, MS_BIND\|MS_REC, NULL) < 0)	569	if (mount("/media", RUN_WHITELIST_MEDIA_DIR, NULL, MS_BIND\|MS_REC, NULL) < 0)
567	errExit("mount bind");	570	errExit("mount bind");
568		571
569	// mount tmpfs on /media	572	// mount tmpfs on /media
570	if (arg_debug \|\| arg_debug_whitelists)	573	if (arg_debug \|\| arg_debug_whitelists)
571	printf("Mounting tmpfs on /media directory\n");	574	printf("Mounting tmpfs on /media directory\n");
572	if (mount("tmpfs", "/media", "tmpfs", MS_NOSUID \| MS_STRICTATIME \| MS_REC, "mode=755,gid=0") < 0)	575	if (mount("tmpfs", "/media", "tmpfs", MS_NOSUID \| MS_STRICTATIME \| MS_REC, "mode=755,gid=0") < 0)
573	errExit("mounting tmpfs on /media");	576	errExit("mounting tmpfs on /media");
574	fs_logger("tmpfs /media");	577	fs_logger("tmpfs /media");
		578	}
		579	else
		580	media_dir = 0;
575	}	581	}
576		582
577	// /var mountpoint	583	// /var mountpoint


diff --git a/test/fs/private-etc-empty.exp b/test/fs/private-etc-empty.exp index 2ab634afd..5ddce8678 100755 --- a/test/fs/private-etc-empty.exp +++ b/test/fs/private-etc-empty.exp
@@ -3,7 +3,7 @@
3	# Copyright (C) 2014-2016 Firejail Authors	3	# Copyright (C) 2014-2016 Firejail Authors
4	# License GPL v2	4	# License GPL v2
5		5
6	set timeout 30	6	set timeout 10
7	spawn $env(SHELL)	7	spawn $env(SHELL)
8	match_max 100000	8	match_max 100000
9		9
@@ -17,7 +17,8 @@ sleep 1
17	send -- "ls -l /etc \| wc -l\r"	17	send -- "ls -l /etc \| wc -l\r"
18	expect {	18	expect {
19	timeout {puts "TESTING ERROR 1\n";exit}	19	timeout {puts "TESTING ERROR 1\n";exit}
20	"0"	20	"0" {puts "Debian\n"}
		21	"1" {puts "Arch\n"}
21	}	22	}
22	send -- "exit\r"	23	send -- "exit\r"
23	sleep 1	24	sleep 1
@@ -32,7 +33,9 @@ sleep 1
32	send -- "ls -l /etc \| wc -l\r"	33	send -- "ls -l /etc \| wc -l\r"
33	expect {	34	expect {
34	timeout {puts "TESTING ERROR 1\n";exit}	35	timeout {puts "TESTING ERROR 1\n";exit}
35	"0"	36	"0" {puts "Debian\n"}
		37	"1" {puts "Arch\n"}
		38
36	}	39	}
37		40
38	after 100	41	after 100