fixing filesystem reporting for firetools

5 files changed, 51 insertions, 3 deletions

diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c
index 6bd7ecd17..eaa7362cf 100644
--- a/src/firejail/fs_bin.c
+++ b/src/firejail/fs_bin.c
@@ -146,6 +146,19 @@ errexit:
         return 0;
 }
 
+static void report_duplication(const char *fname) {
+        // report the file on all bin paths
+        int i = 0;      
+        while (paths[i]) {
+                char *p;
+                if (asprintf(&p, "%s/%s", paths[i], fname) == -1)
+                        errExit("asprintf");
+                fs_logger2("clone", p);
+                free(p);
+                i++;
+        }
+}
+
 static void duplicate(char *fname, FILE *fplist) {
         assert(fname);
 
@@ -193,17 +206,20 @@ static void duplicate(char *fname, FILE *fplist) {
                 if (is_link(full_path)) {
                         char *actual_path = realpath(full_path, NULL);
                         if (actual_path) {
-                                if (valid_full_path_file(actual_path))
+                                if (valid_full_path_file(actual_path)) {
                                         sbox_run(SBOX_ROOT| SBOX_SECCOMP, 3, PATH_FCOPY, actual_path, RUN_BIN_DIR);
+                                        char *f = strrchr(actual_path, '/');
+                                        if (f && *(++f) !='\0')
+                                                report_duplication(f);
+                                }
                                 free(actual_path);
                         }
                 }
 
                 sbox_run(SBOX_ROOT| SBOX_SECCOMP, 3, PATH_FCOPY, full_path, RUN_BIN_DIR);
         }
-
-        fs_logger2("clone", fname);
         free(full_path);
+        report_duplication(fname);
 }
 
 static void globbing(char *fname, FILE *fplist) {
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c
index 0dbbb65a0..d839a0786 100644
--- a/src/firejail/fs_dev.c
+++ b/src/firejail/fs_dev.c
@@ -131,6 +131,7 @@ static void create_char_dev(const char *path, mode_t mode, int major, int minor)
         if (chmod(path, mode) < 0)
                 goto errexit;
         ASSERT_PERMS(path, 0, 0, mode);
+        fs_logger2("create", path);
 
         return;
 
@@ -144,6 +145,7 @@ static void create_link(const char *oldpath, const char *newpath) {
                 goto errexit;
         if (chown(newpath, 0, 0) < 0)
                 goto errexit;
+        fs_logger2("create", newpath);
         return;
 
 errexit:
@@ -205,6 +207,7 @@ void fs_private_dev(void){
                 printf("Create /dev/shm directory\n");
         mkdir_attr("/dev/shm", 01777, 0, 0);
         fs_logger("mkdir /dev/shm");
+        fs_logger("create /dev/shm");
 
         // create default devices
         create_char_dev("/dev/zero", 0666, 1, 5); // mknod -m 666 /dev/zero c 1 5
@@ -227,6 +230,7 @@ void fs_private_dev(void){
         // pseudo-terminal
         mkdir_attr("/dev/pts", 0755, 0, 0);
         fs_logger("mkdir /dev/pts");
+        fs_logger("create /dev/pts");
         create_char_dev("/dev/pts/ptmx", 0666, 5, 2); //"mknod -m 666 /dev/pts/ptmx c 5 2");
         fs_logger("mknod /dev/pts/ptmx");
         create_link("/dev/pts/ptmx", "/dev/ptmx");
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index 6d3818ccb..5a39fab48 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -50,6 +50,7 @@ static void skel(const char *homedir, uid_t u, gid_t g) {
                 if (stat("/etc/skel/.zshrc", &s) == 0) {
                         copy_file_as_user("/etc/skel/.zshrc", fname, u, g, 0644); // regular user
                         fs_logger("clone /etc/skel/.zshrc");
+                        fs_logger2("clone", fname);
                 }
                 else {
                         touch_file_as_user(fname, u, g, 0644);
@@ -74,6 +75,7 @@ static void skel(const char *homedir, uid_t u, gid_t g) {
                 if (stat("/etc/skel/.cshrc", &s) == 0) {
                         copy_file_as_user("/etc/skel/.cshrc", fname, u, g, 0644); // regular user
                         fs_logger("clone /etc/skel/.cshrc");
+                        fs_logger2("clone", fname);
                 }
                 else {
                         touch_file_as_user(fname, u, g, 0644);
@@ -97,6 +99,7 @@ static void skel(const char *homedir, uid_t u, gid_t g) {
                 if (stat("/etc/skel/.bashrc", &s) == 0) {
                         copy_file_as_user("/etc/skel/.bashrc", fname, u, g, 0644); // regular user
                         fs_logger("clone /etc/skel/.bashrc");
+                        fs_logger2("clone", fname);
                 }
                 free(fname);
         }
@@ -312,6 +315,7 @@ void fs_private(void) {
                 if (chown(homedir, u, g) < 0)
                         errExit("chown");
                 fs_logger2("mkdir", homedir);
+                fs_logger2("tmpfs", homedir);
         }
 
         skel(homedir, u, g);
@@ -500,6 +504,7 @@ void fs_private_home_list(void) {
 
         if (mount(RUN_HOME_DIR, homedir, NULL, MS_BIND|MS_REC, NULL) < 0)
                 errExit("mount bind");
+        fs_logger2("tmpfs", homedir);
 
         if (uid != 0) {
                 // mask /root
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c
index 18739c554..56a66742a 100644
--- a/src/firejail/fs_lib.c
+++ b/src/firejail/fs_lib.c
@@ -43,6 +43,21 @@ extern void fslib_install_system(void);
 static int lib_cnt = 0;
 static int dir_cnt = 0;
 
+static void report_duplication(const char *full_path) {
+        char *fname = strrchr(full_path, '/');
+        if (fname && *(++fname) != '\0') {
+                // report the file on all bin paths
+                int i = 0;      
+                while (lib_paths[i]) {
+                        char *p;
+                        if (asprintf(&p, "%s/%s", lib_paths[i], fname) == -1)
+                                errExit("asprintf");
+                        fs_logger2("clone", p);
+                        free(p);
+                        i++;
+                }
+        }
+}
 
 static char *build_dest_dir(const char *full_path) {
         assert(full_path);
@@ -81,6 +96,7 @@ void fslib_duplicate(const char *full_path) {
                 printf("copying %s to private %s\n", full_path, dest_dir);
 
         sbox_run(SBOX_ROOT| SBOX_SECCOMP, 4, PATH_FCOPY, "--follow-link", full_path, dest_dir);
+        report_duplication(full_path);
         lib_cnt++;
 }
 
diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c
index 2f8cd5f7d..6768b525b 100644
--- a/src/firejail/pulseaudio.c
+++ b/src/firejail/pulseaudio.c
@@ -147,6 +147,7 @@ void pulseaudio_init(void) {
                 }
                 // wait for the child to finish
                 waitpid(child, NULL, 0);
+                fs_logger2("create", dir1);
         }
         else {
                 // make sure the directory is owned by the user
@@ -179,6 +180,7 @@ void pulseaudio_init(void) {
                 }
                 // wait for the child to finish
                 waitpid(child, NULL, 0);
+                fs_logger2("create", dir1);
         }
         else {
                 // make sure the directory is owned by the user
@@ -199,6 +201,11 @@ void pulseaudio_init(void) {
                     mount(NULL, homeusercfg, NULL, MS_NOEXEC|MS_NODEV|MS_NOSUID|MS_BIND|MS_REMOUNT, NULL) < 0)
                         errExit("mount pulseaudio");
                 fs_logger2("tmpfs", homeusercfg);
+                char *p;
+                if (asprintf(&p, "%s/client.conf", homeusercfg) == -1)
+                        errExit("asprintf");
+                fs_logger2("create", p);
+                free(p);
         }
         else {
                 // set environment