diff options
| author |  netblue30 <netblue30@yahoo.com> | 2018-05-08 08:48:24 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2018-05-08 08:48:24 -0400 |
| commit | 5031d16f69a45073e596507b76ef5fbc5f19bdc6 (patch) | |
| tree | 5dabc4f69128b323bed9fb446030329acd9767a0 | |
| parent | errLogExit and --overlay-clean (diff) | |
| download | firejail-5031d16f69a45073e596507b76ef5fbc5f19bdc6.tar.gz firejail-5031d16f69a45073e596507b76ef5fbc5f19bdc6.tar.zst firejail-5031d16f69a45073e596507b76ef5fbc5f19bdc6.zip | |
more errLogExit
| -rw-r--r-- | src/firejail/firejail.h | 1 | ||||
| -rw-r--r-- | src/firejail/fs_whitelist.c | 14 | ||||
| -rw-r--r-- | src/firejail/pulseaudio.c | 12 | ||||
| -rw-r--r-- | src/firejail/util.c | 8 | ||||
| -rw-r--r-- | src/firejail/x11.c | 12 |
5 files changed, 17 insertions, 30 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 2db171070..8c0b3ba4e 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
| @@ -485,6 +485,7 @@ int arp_check(const char *dev, uint32_t destaddr); | |||
| 485 | uint32_t arp_assign(const char *dev, Bridge *br); | 485 | uint32_t arp_assign(const char *dev, Bridge *br); |
| 486 | 486 | ||
| 487 | // util.c | 487 | // util.c |
| 488 | void errLogExit(char* fmt, ...); | ||
| 488 | void fwarning(char* fmt, ...); | 489 | void fwarning(char* fmt, ...); |
| 489 | void fmessage(char* fmt, ...); | 490 | void fmessage(char* fmt, ...); |
| 490 | void drop_privs(int nogroups); | 491 | void drop_privs(int nogroups); |
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 3e093f616..a765be1b6 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
| @@ -212,7 +212,7 @@ static void whitelist_path(ProfileEntry *entry) { | |||
| 212 | fname = path + 5; // strlen("/tmp/") | 212 | fname = path + 5; // strlen("/tmp/") |
| 213 | #ifndef TEST_MOUNTINFO | 213 | #ifndef TEST_MOUNTINFO |
| 214 | if (*fname == '\0') | 214 | if (*fname == '\0') |
| 215 | goto errexit; | 215 | errLogExit("whitelisting /tmp problem"); |
| 216 | #endif | 216 | #endif |
| 217 | 217 | ||
| 218 | if (asprintf(&wfile, "%s/%s", RUN_WHITELIST_TMP_DIR, fname) == -1) | 218 | if (asprintf(&wfile, "%s/%s", RUN_WHITELIST_TMP_DIR, fname) == -1) |
| @@ -330,10 +330,8 @@ static void whitelist_path(ProfileEntry *entry) { | |||
| 330 | 330 | ||
| 331 | // No mounts are allowed on top level directories. A destination such as "/etc" is very bad! | 331 | // No mounts are allowed on top level directories. A destination such as "/etc" is very bad! |
| 332 | // - there should be more than one '/' char in dest string | 332 | // - there should be more than one '/' char in dest string |
| 333 | if (mptr->dir == strrchr(mptr->dir, '/')) { | 333 | if (mptr->dir == strrchr(mptr->dir, '/')) |
| 334 | fprintf(stderr, "Error: invalid mount on top of %s\n", mptr->dir); | 334 | errLogExit("invalid whitelist mount\n"); |
| 335 | exit(1); | ||
| 336 | } | ||
| 337 | 335 | ||
| 338 | free(wfile); | 336 | free(wfile); |
| 339 | return; | 337 | return; |
| @@ -884,10 +882,8 @@ void fs_whitelist(void) { | |||
| 884 | // check again for files in /tmp directory | 882 | // check again for files in /tmp directory |
| 885 | if (strncmp(entry->link, "/tmp/", 5) == 0) { | 883 | if (strncmp(entry->link, "/tmp/", 5) == 0) { |
| 886 | char *path = realpath(entry->link, NULL); | 884 | char *path = realpath(entry->link, NULL); |
| 887 | if (path == NULL || strncmp(path, "/tmp/", 5) != 0) { | 885 | if (path == NULL || strncmp(path, "/tmp/", 5) != 0) |
| 888 | fprintf(stderr, "Error: invalid symbolic link %s\n", entry->link); | 886 | errLogExit("invalid whitelist symlink %s\n", entry->link); |
| 889 | exit(1); | ||
| 890 | } | ||
| 891 | free(path); | 887 | free(path); |
| 892 | } | 888 | } |
| 893 | } | 889 | } |
diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c index a3ba6184f..eaaba86c0 100644 --- a/src/firejail/pulseaudio.c +++ b/src/firejail/pulseaudio.c | |||
| @@ -178,14 +178,10 @@ void pulseaudio_init(void) { | |||
| 178 | 178 | ||
| 179 | // check /proc/self/mountinfo to confirm the mount is ok | 179 | // check /proc/self/mountinfo to confirm the mount is ok |
| 180 | MountData *mptr = get_last_mount(); | 180 | MountData *mptr = get_last_mount(); |
| 181 | if (strncmp(mptr->dir, homeusercfg, strlen(homeusercfg)) != 0) { | 181 | if (strncmp(mptr->dir, homeusercfg, strlen(homeusercfg)) != 0) |
| 182 | fprintf(stderr, "Error: invalid mount on top of %s (should be %s)\n", mptr->dir, homeusercfg); | 182 | errLogExit("invalid mount on top of %s (should be %s)\n", mptr->dir, homeusercfg); |
| 183 | exit(1); | 183 | if (strncmp(mptr->fstype, "tmpfs", 5) != 0) |
| 184 | } | 184 | errLogExit("invalid mount on top of %s (filesystem type is %s)\n", mptr->dir, mptr->fstype); |
| 185 | if (strncmp(mptr->fstype, "tmpfs", 5) != 0) { | ||
| 186 | fprintf(stderr, "Error: invalid mount on top of %s (filesystem type is %s)\n", mptr->dir, mptr->fstype); | ||
| 187 | exit(1); | ||
| 188 | } | ||
| 189 | 185 | ||
| 190 | char *p; | 186 | char *p; |
| 191 | if (asprintf(&p, "%s/client.conf", homeusercfg) == -1) | 187 | if (asprintf(&p, "%s/client.conf", homeusercfg) == -1) |
diff --git a/src/firejail/util.c b/src/firejail/util.c index abebe36a3..b7868a9a3 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
| @@ -43,15 +43,13 @@ void errLogExit(char* fmt, ...) { | |||
| 43 | char *msg1; | 43 | char *msg1; |
| 44 | char *msg2; | 44 | char *msg2; |
| 45 | if (vasprintf(&msg1, fmt, args) != -1 && | 45 | if (vasprintf(&msg1, fmt, args) != -1 && |
| 46 | asprintf(&msg2, "Access error: pid %d, last mount %s %s %s - %s", getuid(), m->fsname, m->dir, m->fstype, msg1) != -1) | 46 | asprintf(&msg2, "Access error: pid %d, last mount name:%s dir:%s type:%s - %s", getuid(), m->fsname, m->dir, m->fstype, msg1) != -1) |
| 47 | syslog(LOG_CRIT, "%s", msg2); | 47 | syslog(LOG_CRIT, "%s", msg2); |
| 48 | closelog(); | ||
| 49 | |||
| 50 | fprintf(stderr, "Access error pid %d - ", getuid()); | ||
| 51 | vfprintf(stderr, fmt, args); | ||
| 52 | va_end(args); | 48 | va_end(args); |
| 49 | closelog(); | ||
| 53 | 50 | ||
| 54 | sleep(2); | 51 | sleep(2); |
| 52 | fprintf(stderr, "%s\n", msg2); | ||
| 55 | exit(1); | 53 | exit(1); |
| 56 | } | 54 | } |
| 57 | 55 | ||
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 853bde43d..0eace3215 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
| @@ -1196,14 +1196,10 @@ void x11_xorg(void) { | |||
| 1196 | 1196 | ||
| 1197 | // check /proc/self/mountinfo to confirm the mount is ok | 1197 | // check /proc/self/mountinfo to confirm the mount is ok |
| 1198 | MountData *mptr = get_last_mount(); | 1198 | MountData *mptr = get_last_mount(); |
| 1199 | if (strncmp(mptr->dir, dest, strlen(dest)) != 0) { | 1199 | if (strncmp(mptr->dir, dest, strlen(dest)) != 0) |
| 1200 | fprintf(stderr, "Error: invalid mount on top of %s (should be %s)\n", mptr->dir, dest); | 1200 | errLogExit("invalid mount on top of %s (should be %s)\n", mptr->dir, dest); |
| 1201 | exit(1); | 1201 | if (strncmp(mptr->fstype, "tmpfs", 5) != 0) |
| 1202 | } | 1202 | errLogExit("invalid mount on top of %s (filesystem type is %s)\n", mptr->dir, mptr->fstype); |
| 1203 | if (strncmp(mptr->fstype, "tmpfs", 5) != 0) { | ||
| 1204 | fprintf(stderr, "Error: invalid mount on top of %s (filesystem type is %s)\n", mptr->dir, mptr->fstype); | ||
| 1205 | exit(1); | ||
| 1206 | } | ||
| 1207 | free(dest); | 1203 | free(dest); |
| 1208 | #endif | 1204 | #endif |
| 1209 | } | 1205 | } |