diff options
| author |  smitsohu <smitsohu@gmail.com> | 2020-12-21 00:59:44 +0100 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2020-12-21 00:59:44 +0100 |
| commit | 40d81119e5f42a3db807c23d9737e0e8dfafc6e0 (patch) | |
| tree | 99ce046ea991690bf5bb1c57ba313f803e5f4320 | |
| parent | disable-common.inc: add missing dns tools (#3828) (diff) | |
| download | firejail-40d81119e5f42a3db807c23d9737e0e8dfafc6e0.tar.gz firejail-40d81119e5f42a3db807c23d9737e0e8dfafc6e0.tar.zst firejail-40d81119e5f42a3db807c23d9737e0e8dfafc6e0.zip | |
simplify private option code
| -rw-r--r-- | src/firejail/fs_home.c | 51 |
1 files changed, 23 insertions, 28 deletions
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index af891d61f..8c7c19203 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
| @@ -360,43 +360,38 @@ void fs_private(void) { | |||
| 360 | selinux_relabel_path("/root", "/root"); | 360 | selinux_relabel_path("/root", "/root"); |
| 361 | fs_logger("tmpfs /root"); | 361 | fs_logger("tmpfs /root"); |
| 362 | 362 | ||
| 363 | if (arg_allusers) { | 363 | // mask /home |
| 364 | if (u != 0) | 364 | if (!arg_allusers) { |
| 365 | // mask user home directory | ||
| 366 | // the directory should be owned by the current user | ||
| 367 | fs_tmpfs(homedir, 1); | ||
| 368 | } | ||
| 369 | else { // mask /home | ||
| 370 | if (arg_debug) | 365 | if (arg_debug) |
| 371 | printf("Mounting a new /home directory\n"); | 366 | printf("Mounting a new /home directory\n"); |
| 372 | if (mount("tmpfs", "/home", "tmpfs", MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_STRICTATIME, "mode=755,gid=0") < 0) | 367 | if (mount("tmpfs", "/home", "tmpfs", MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_STRICTATIME, "mode=755,gid=0") < 0) |
| 373 | errExit("mounting /home directory"); | 368 | errExit("mounting /home directory"); |
| 374 | selinux_relabel_path("/home", "/home"); | 369 | selinux_relabel_path("/home", "/home"); |
| 375 | fs_logger("tmpfs /home"); | 370 | fs_logger("tmpfs /home"); |
| 371 | } | ||
| 376 | 372 | ||
| 377 | if (u != 0) { | 373 | if (u != 0) { |
| 378 | if (strncmp(homedir, "/home/", 6) == 0) { | 374 | if (!arg_allusers && strncmp(homedir, "/home/", 6) == 0) { |
| 379 | // create /home/user | 375 | // create new empty /home/user directory |
| 380 | if (arg_debug) | 376 | if (arg_debug) |
| 381 | printf("Create a new user directory\n"); | 377 | printf("Create a new user directory\n"); |
| 382 | if (mkdir(homedir, S_IRWXU) == -1) { | 378 | if (mkdir(homedir, S_IRWXU) == -1) { |
| 383 | if (mkpath_as_root(homedir) == -1) | 379 | if (mkpath_as_root(homedir) == -1) |
| 384 | errExit("mkpath"); | 380 | errExit("mkpath"); |
| 385 | if (mkdir(homedir, S_IRWXU) == -1 && errno != EEXIST) | 381 | if (mkdir(homedir, S_IRWXU) == -1) |
| 386 | errExit("mkdir"); | 382 | errExit("mkdir"); |
| 387 | } | ||
| 388 | if (chown(homedir, u, g) < 0) | ||
| 389 | errExit("chown"); | ||
| 390 | |||
| 391 | selinux_relabel_path(homedir, homedir); | ||
| 392 | fs_logger2("mkdir", homedir); | ||
| 393 | fs_logger2("tmpfs", homedir); | ||
| 394 | } | 383 | } |
| 395 | else | 384 | if (chown(homedir, u, g) < 0) |
| 396 | // mask user home directory | 385 | errExit("chown"); |
| 397 | // the directory should be owned by the current user | 386 | |
| 398 | fs_tmpfs(homedir, 1); | 387 | selinux_relabel_path(homedir, homedir); |
| 388 | fs_logger2("mkdir", homedir); | ||
| 389 | fs_logger2("tmpfs", homedir); | ||
| 399 | } | 390 | } |
| 391 | else | ||
| 392 | // mask user home directory | ||
| 393 | // the directory should be owned by the current user | ||
| 394 | fs_tmpfs(homedir, 1); | ||
| 400 | } | 395 | } |
| 401 | 396 | ||
| 402 | skel(homedir, u, g); | 397 | skel(homedir, u, g); |