various fixes

author: netblue30 <netblue30@yahoo.com> 2016-01-31 11:37:23 -0500
committer: netblue30 <netblue30@yahoo.com> 2016-01-31 11:37:23 -0500
commit: 1cab02f5ae3c90c01fae4d1c16381820b757a3a6 (patch)
tree: 80bf8b687f4e3316bf562c7f94bee5f06bd08475
parent: fixed ssh login in firejail shell (diff)
download: firejail-1cab02f5ae3c90c01fae4d1c16381820b757a3a6.tar.gz
firejail-1cab02f5ae3c90c01fae4d1c16381820b757a3a6.tar.zst
firejail-1cab02f5ae3c90c01fae4d1c16381820b757a3a6.zip
7 files changed, 10 insertions, 10 deletions
diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c
index c372dd455..da894b321 100644
--- a/src/firejail/bandwidth.c
+++ b/src/firejail/bandwidth.c
@@ -118,7 +118,7 @@ void shm_create_firejail_dir(void) {
        struct stat s;
        if (stat("/dev/shm/firejail", &s) == -1) {
                /* coverity[toctou] */
-                if (mkdir("/dev/shm/firejail", 0777) == -1)
+                if (mkdir("/dev/shm/firejail", 0644) == -1)
                        errExit("mkdir");
                if (chown("/dev/shm/firejail", 0, 0) == -1)
                        errExit("chown");
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c
index e88d5c53b..af67ac290 100644
--- a/src/firejail/fs_bin.c
+++ b/src/firejail/fs_bin.c
@@ -169,7 +169,7 @@ void fs_private_bin_list(void) {
        // create /tmp/firejail/mnt/bin directory
        fs_build_mnt_dir();
-        int rv = mkdir(RUN_BIN_DIR, S_IRWXU | S_IRWXG | S_IRWXO);
+        int rv = mkdir(RUN_BIN_DIR, 0755);
        if (rv == -1)
                errExit("mkdir");
        if (chown(RUN_BIN_DIR, 0, 0) < 0)
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c
index 3d9abaf72..c3a247331 100644
--- a/src/firejail/fs_etc.c
+++ b/src/firejail/fs_etc.c
@@ -113,7 +113,7 @@ void fs_private_etc_list(void) {
        // create /tmp/firejail/mnt/etc directory
        fs_build_mnt_dir();
-        int rv = mkdir(RUN_ETC_DIR, S_IRWXU | S_IRWXG | S_IRWXO);
+        int rv = mkdir(RUN_ETC_DIR, 0755);
        if (rv == -1)
                errExit("mkdir");
        if (chown(RUN_ETC_DIR, 0, 0) < 0)
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index e42ce5255..ad849da3f 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -497,7 +497,7 @@ void fs_private_home_list(void) {
        // create /tmp/firejail/mnt/home directory
        fs_build_mnt_dir();
-        int rv = mkdir(RUN_HOME_DIR, S_IRWXU | S_IRWXG | S_IRWXO);
+        int rv = mkdir(RUN_HOME_DIR, 0755);
        if (rv == -1)
                errExit("mkdir");
        if (chown(RUN_HOME_DIR, u, g) < 0)
diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c
index 8ecd159e8..82d453308 100644
--- a/src/firejail/fs_var.c
+++ b/src/firejail/fs_var.c
@@ -232,14 +232,14 @@ void fs_var_cache(void) {
                        gid = p->pw_gid;
                }
                
-                int rv = mkdir("/var/cache/lighttpd/compress", S_IRWXU | S_IRWXG | S_IRWXO);
+                int rv = mkdir("/var/cache/lighttpd/compress", 0755);
                if (rv == -1)
                        errExit("mkdir");
                if (chown("/var/cache/lighttpd/compress", uid, gid) < 0)
                        errExit("chown");
                fs_logger("mkdir /var/cache/lighttpd/compress");
-                rv = mkdir("/var/cache/lighttpd/uploads", S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
+                rv = mkdir("/var/cache/lighttpd/uploads", 0755);
                if (rv == -1)
                        errExit("mkdir");
                if (chown("/var/cache/lighttpd/uploads", uid, gid) < 0)
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 4a86e9a2b..2c63bf7b0 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -759,11 +759,11 @@ int main(int argc, char **argv) {
                        struct stat s;
                        if (stat(dirname, &s) == -1) {
                                /* coverity[toctou] */
-                                if (mkdir(dirname, S_IRWXU | S_IRWXG | S_IRWXO))
+                                if (mkdir(dirname, 0700))
                                        errExit("mkdir");
                                if (chown(dirname, getuid(), getgid()) < 0)
                                        errExit("chown");
-                                if (chmod(dirname, S_IRWXU  | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) < 0)
+                                if (chmod(dirname, 0700) < 0)
                                        errExit("chmod");
                        }
                        free(dirname);
diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c
index a3348baf4..8bf8d8303 100644
--- a/src/firejail/pulseaudio.c
+++ b/src/firejail/pulseaudio.c
@@ -93,8 +93,8 @@ void pulseaudio_init(void) {
         
        // create the new user pulseaudio directory
         fs_build_mnt_dir();
-        int rv = mkdir(RUN_PULSE_DIR, S_IRWXU | S_IRWXG | S_IRWXO);
+        int rv = mkdir(RUN_PULSE_DIR, 0700);
-        (void) rv; // in --chroot mode the directory canalready be there
+        (void) rv; // in --chroot mode the directory can already be there
        if (chown(RUN_PULSE_DIR, getuid(), getgid()) < 0)
                errExit("chown");
        if (chmod(RUN_PULSE_DIR, 0700) < 0)
author	netblue30 <netblue30@yahoo.com>	2016-01-31 11:37:23 -0500
committer	netblue30 <netblue30@yahoo.com>	2016-01-31 11:37:23 -0500
commit	1cab02f5ae3c90c01fae4d1c16381820b757a3a6 (patch)
tree	80bf8b687f4e3316bf562c7f94bee5f06bd08475
parent	fixed ssh login in firejail shell (diff)
download	firejail-1cab02f5ae3c90c01fae4d1c16381820b757a3a6.tar.gz firejail-1cab02f5ae3c90c01fae4d1c16381820b757a3a6.tar.zst firejail-1cab02f5ae3c90c01fae4d1c16381820b757a3a6.zip

diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c index c372dd455..da894b321 100644 --- a/src/firejail/bandwidth.c +++ b/src/firejail/bandwidth.c
@@ -118,7 +118,7 @@ void shm_create_firejail_dir(void) {
118	struct stat s;	118	struct stat s;
119	if (stat("/dev/shm/firejail", &s) == -1) {	119	if (stat("/dev/shm/firejail", &s) == -1) {
120	/* coverity[toctou] */	120	/* coverity[toctou] */
121	if (mkdir("/dev/shm/firejail", 0777) == -1)	121	if (mkdir("/dev/shm/firejail", 0644) == -1)
122	errExit("mkdir");	122	errExit("mkdir");
123	if (chown("/dev/shm/firejail", 0, 0) == -1)	123	if (chown("/dev/shm/firejail", 0, 0) == -1)
124	errExit("chown");	124	errExit("chown");


diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c index e88d5c53b..af67ac290 100644 --- a/src/firejail/fs_bin.c +++ b/src/firejail/fs_bin.c
@@ -169,7 +169,7 @@ void fs_private_bin_list(void) {
169		169
170	// create /tmp/firejail/mnt/bin directory	170	// create /tmp/firejail/mnt/bin directory
171	fs_build_mnt_dir();	171	fs_build_mnt_dir();
172	int rv = mkdir(RUN_BIN_DIR, S_IRWXU \| S_IRWXG \| S_IRWXO);	172	int rv = mkdir(RUN_BIN_DIR, 0755);
173	if (rv == -1)	173	if (rv == -1)
174	errExit("mkdir");	174	errExit("mkdir");
175	if (chown(RUN_BIN_DIR, 0, 0) < 0)	175	if (chown(RUN_BIN_DIR, 0, 0) < 0)


diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index 3d9abaf72..c3a247331 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c
@@ -113,7 +113,7 @@ void fs_private_etc_list(void) {
113		113
114	// create /tmp/firejail/mnt/etc directory	114	// create /tmp/firejail/mnt/etc directory
115	fs_build_mnt_dir();	115	fs_build_mnt_dir();
116	int rv = mkdir(RUN_ETC_DIR, S_IRWXU \| S_IRWXG \| S_IRWXO);	116	int rv = mkdir(RUN_ETC_DIR, 0755);
117	if (rv == -1)	117	if (rv == -1)
118	errExit("mkdir");	118	errExit("mkdir");
119	if (chown(RUN_ETC_DIR, 0, 0) < 0)	119	if (chown(RUN_ETC_DIR, 0, 0) < 0)


diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index e42ce5255..ad849da3f 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c
@@ -497,7 +497,7 @@ void fs_private_home_list(void) {
497		497
498	// create /tmp/firejail/mnt/home directory	498	// create /tmp/firejail/mnt/home directory
499	fs_build_mnt_dir();	499	fs_build_mnt_dir();
500	int rv = mkdir(RUN_HOME_DIR, S_IRWXU \| S_IRWXG \| S_IRWXO);	500	int rv = mkdir(RUN_HOME_DIR, 0755);
501	if (rv == -1)	501	if (rv == -1)
502	errExit("mkdir");	502	errExit("mkdir");
503	if (chown(RUN_HOME_DIR, u, g) < 0)	503	if (chown(RUN_HOME_DIR, u, g) < 0)


diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c index 8ecd159e8..82d453308 100644 --- a/src/firejail/fs_var.c +++ b/src/firejail/fs_var.c
@@ -232,14 +232,14 @@ void fs_var_cache(void) {
232	gid = p->pw_gid;	232	gid = p->pw_gid;
233	}	233	}
234		234
235	int rv = mkdir("/var/cache/lighttpd/compress", S_IRWXU \| S_IRWXG \| S_IRWXO);	235	int rv = mkdir("/var/cache/lighttpd/compress", 0755);
236	if (rv == -1)	236	if (rv == -1)
237	errExit("mkdir");	237	errExit("mkdir");
238	if (chown("/var/cache/lighttpd/compress", uid, gid) < 0)	238	if (chown("/var/cache/lighttpd/compress", uid, gid) < 0)
239	errExit("chown");	239	errExit("chown");
240	fs_logger("mkdir /var/cache/lighttpd/compress");	240	fs_logger("mkdir /var/cache/lighttpd/compress");
241		241
242	rv = mkdir("/var/cache/lighttpd/uploads", S_IRWXU \| S_IRGRP \| S_IXGRP \| S_IROTH \| S_IXOTH);	242	rv = mkdir("/var/cache/lighttpd/uploads", 0755);
243	if (rv == -1)	243	if (rv == -1)
244	errExit("mkdir");	244	errExit("mkdir");
245	if (chown("/var/cache/lighttpd/uploads", uid, gid) < 0)	245	if (chown("/var/cache/lighttpd/uploads", uid, gid) < 0)


diff --git a/src/firejail/main.c b/src/firejail/main.c index 4a86e9a2b..2c63bf7b0 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -759,11 +759,11 @@ int main(int argc, char **argv) {
759	struct stat s;	759	struct stat s;
760	if (stat(dirname, &s) == -1) {	760	if (stat(dirname, &s) == -1) {
761	/* coverity[toctou] */	761	/* coverity[toctou] */
762	if (mkdir(dirname, S_IRWXU \| S_IRWXG \| S_IRWXO))	762	if (mkdir(dirname, 0700))
763	errExit("mkdir");	763	errExit("mkdir");
764	if (chown(dirname, getuid(), getgid()) < 0)	764	if (chown(dirname, getuid(), getgid()) < 0)
765	errExit("chown");	765	errExit("chown");
766	if (chmod(dirname, S_IRWXU \| S_IRGRP \| S_IXGRP \| S_IROTH \| S_IXOTH) < 0)	766	if (chmod(dirname, 0700) < 0)
767	errExit("chmod");	767	errExit("chmod");
768	}	768	}
769	free(dirname);	769	free(dirname);


diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c index a3348baf4..8bf8d8303 100644 --- a/src/firejail/pulseaudio.c +++ b/src/firejail/pulseaudio.c
@@ -93,8 +93,8 @@ void pulseaudio_init(void) {
93		93
94	// create the new user pulseaudio directory	94	// create the new user pulseaudio directory
95	fs_build_mnt_dir();	95	fs_build_mnt_dir();
96	int rv = mkdir(RUN_PULSE_DIR, S_IRWXU \| S_IRWXG \| S_IRWXO);	96	int rv = mkdir(RUN_PULSE_DIR, 0700);
97	(void) rv; // in --chroot mode the directory canalready be there	97	(void) rv; // in --chroot mode the directory can already be there
98	if (chown(RUN_PULSE_DIR, getuid(), getgid()) < 0)	98	if (chown(RUN_PULSE_DIR, getuid(), getgid()) < 0)
99	errExit("chown");	99	errExit("chown");
100	if (chmod(RUN_PULSE_DIR, 0700) < 0)	100	if (chmod(RUN_PULSE_DIR, 0700) < 0)