diff options
| author |  smitsohu <smitsohu@gmail.com> | 2021-09-29 17:44:53 +0200 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2021-10-05 20:18:23 +0200 |
| commit | 2247f58f52802a9726fd6991d61ae1d3cdac07b6 (patch) | |
| tree | af5b452ba6580f5f287ca66a6cdf508464410af9 | |
| parent | private-lib fixup (diff) | |
| download | firejail-2247f58f52802a9726fd6991d61ae1d3cdac07b6.tar.gz firejail-2247f58f52802a9726fd6991d61ae1d3cdac07b6.tar.zst firejail-2247f58f52802a9726fd6991d61ae1d3cdac07b6.zip | |
trace, tracelog: don't truncate /etc/ld.so.preload
| -rw-r--r-- | src/firejail/firejail.h | 3 | ||||
| -rw-r--r-- | src/firejail/fs_trace.c | 31 | ||||
| -rw-r--r-- | src/firejail/sandbox.c | 11 |
3 files changed, 28 insertions, 17 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 2a7d88575..bcc7e6ed1 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
| @@ -621,7 +621,8 @@ void caps_print_filter(pid_t pid) __attribute__((noreturn)); | |||
| 621 | void caps_drop_dac_override(void); | 621 | void caps_drop_dac_override(void); |
| 622 | 622 | ||
| 623 | // fs_trace.c | 623 | // fs_trace.c |
| 624 | void fs_trace_preload(void); | 624 | void fs_trace_touch_preload(void); |
| 625 | void fs_trace_touch_or_store_preload(void); | ||
| 625 | void fs_tracefile(void); | 626 | void fs_tracefile(void); |
| 626 | void fs_trace(void); | 627 | void fs_trace(void); |
| 627 | 628 | ||
diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c index 475a391ec..718786cdc 100644 --- a/src/firejail/fs_trace.c +++ b/src/firejail/fs_trace.c | |||
| @@ -26,19 +26,26 @@ | |||
| 26 | #include <fcntl.h> | 26 | #include <fcntl.h> |
| 27 | #include <pwd.h> | 27 | #include <pwd.h> |
| 28 | 28 | ||
| 29 | void fs_trace_preload(void) { | 29 | // create an empty /etc/ld.so.preload |
| 30 | void fs_trace_touch_preload(void) { | ||
| 31 | create_empty_file_as_root("/etc/ld.so.preload", S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); | ||
| 32 | } | ||
| 33 | |||
| 34 | void fs_trace_touch_or_store_preload(void) { | ||
| 30 | struct stat s; | 35 | struct stat s; |
| 31 | 36 | ||
| 32 | // create an empty /etc/ld.so.preload | 37 | if (stat("/etc/ld.so.preload", &s) != 0) { |
| 33 | if (stat("/etc/ld.so.preload", &s)) { | 38 | fs_trace_touch_preload(); |
| 34 | if (arg_debug) | 39 | return; |
| 35 | printf("Creating an empty /etc/ld.so.preload file\n"); | 40 | } |
| 36 | FILE *fp = fopen("/etc/ld.so.preload", "wxe"); | 41 | |
| 37 | if (!fp) | 42 | if (s.st_size == 0) |
| 38 | errExit("fopen"); | 43 | return; |
| 39 | SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 44 | |
| 40 | fclose(fp); | 45 | // create a copy of /etc/ld.so.preload |
| 41 | fs_logger("touch /etc/ld.so.preload"); | 46 | if (copy_file("/etc/ld.so.preload", RUN_LDPRELOAD_FILE, 0, 0, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH)) { |
| 47 | fprintf(stderr, "Error: cannot copy /etc/ld.so.preload file\n"); | ||
| 48 | exit(1); | ||
| 42 | } | 49 | } |
| 43 | } | 50 | } |
| 44 | 51 | ||
| @@ -83,7 +90,7 @@ void fs_trace(void) { | |||
| 83 | if (arg_debug) | 90 | if (arg_debug) |
| 84 | printf("Create the new ld.so.preload file\n"); | 91 | printf("Create the new ld.so.preload file\n"); |
| 85 | 92 | ||
| 86 | FILE *fp = fopen(RUN_LDPRELOAD_FILE, "we"); | 93 | FILE *fp = fopen(RUN_LDPRELOAD_FILE, "ae"); |
| 87 | if (!fp) | 94 | if (!fp) |
| 88 | errExit("fopen"); | 95 | errExit("fopen"); |
| 89 | const char *prefix = RUN_FIREJAIL_LIB_DIR; | 96 | const char *prefix = RUN_FIREJAIL_LIB_DIR; |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 995827fb7..7a1ce737b 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
| @@ -798,7 +798,7 @@ int sandbox(void* sandbox_arg) { | |||
| 798 | 798 | ||
| 799 | // trace pre-install | 799 | // trace pre-install |
| 800 | if (need_preload) | 800 | if (need_preload) |
| 801 | fs_trace_preload(); | 801 | fs_trace_touch_or_store_preload(); |
| 802 | 802 | ||
| 803 | // store hosts file | 803 | // store hosts file |
| 804 | if (cfg.hosts_file) | 804 | if (cfg.hosts_file) |
| @@ -814,8 +814,11 @@ int sandbox(void* sandbox_arg) { | |||
| 814 | //**************************** | 814 | //**************************** |
| 815 | // trace pre-install, this time inside chroot | 815 | // trace pre-install, this time inside chroot |
| 816 | //**************************** | 816 | //**************************** |
| 817 | if (need_preload) | 817 | if (need_preload) { |
| 818 | fs_trace_preload(); | 818 | int rv = unlink(RUN_LDPRELOAD_FILE); |
| 819 | (void) rv; | ||
| 820 | fs_trace_touch_or_store_preload(); | ||
| 821 | } | ||
| 819 | } | 822 | } |
| 820 | else | 823 | else |
| 821 | #endif | 824 | #endif |
| @@ -992,7 +995,7 @@ int sandbox(void* sandbox_arg) { | |||
| 992 | 995 | ||
| 993 | // create /etc/ld.so.preload file again | 996 | // create /etc/ld.so.preload file again |
| 994 | if (need_preload) | 997 | if (need_preload) |
| 995 | fs_trace_preload(); | 998 | fs_trace_touch_preload(); |
| 996 | 999 | ||
| 997 | // openSUSE configuration is split between /etc and /usr/etc | 1000 | // openSUSE configuration is split between /etc and /usr/etc |
| 998 | // process private-etc a second time | 1001 | // process private-etc a second time |