aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2015-10-20 12:59:35 -0400
committerLibravatar netblue30 <netblue30@yahoo.com>2015-10-20 12:59:35 -0400
commit6c6e947fc5830e19b64383a44c88d0bbaaf36a9c (patch)
tree1bd46321d9ef7193af5a2bedcc9d7d314db68205
parenttesting and fixes (diff)
downloadfirejail-6c6e947fc5830e19b64383a44c88d0bbaaf36a9c.tar.gz
firejail-6c6e947fc5830e19b64383a44c88d0bbaaf36a9c.tar.zst
firejail-6c6e947fc5830e19b64383a44c88d0bbaaf36a9c.zip
fixes
Diffstat
-rw-r--r--src/firejail/firejail.h5
-rw-r--r--src/firejail/fs.c31
-rw-r--r--src/firejail/fs_bin.c2
-rw-r--r--src/firejail/fs_etc.c2
-rw-r--r--src/firejail/fs_home.c2
-rw-r--r--src/firejail/sandbox.c4
6 files changed, 43 insertions, 3 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index d3cfb1e96..297624c3b 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -26,6 +26,7 @@
26#define RO_DIR "/tmp/firejail/firejail.ro.dir" 26#define RO_DIR "/tmp/firejail/firejail.ro.dir"
27#define RO_FILE "/tmp/firejail/firejail.ro.file" 27#define RO_FILE "/tmp/firejail/firejail.ro.file"
28#define MNT_DIR "/tmp/firejail/mnt" 28#define MNT_DIR "/tmp/firejail/mnt"
29#define CP_COMMAND "/tmp/firejail/mnt/cp"
29#define HOME_DIR "/tmp/firejail/mnt/home" 30#define HOME_DIR "/tmp/firejail/mnt/home"
30#define ETC_DIR "/tmp/firejail/mnt/etc" 31#define ETC_DIR "/tmp/firejail/mnt/etc"
31#define BIN_DIR "/tmp/firejail/mnt/bin" 32#define BIN_DIR "/tmp/firejail/mnt/bin"
@@ -217,6 +218,10 @@ int net_get_mac(const char *ifname, unsigned char mac[6]);
217void fs_build_firejail_dir(void); 218void fs_build_firejail_dir(void);
218// build /tmp/firejail/mnt directory 219// build /tmp/firejail/mnt directory
219void fs_build_mnt_dir(void); 220void fs_build_mnt_dir(void);
221// grab a copy of cp command
222void fs_build_cp_command(void);
223// delete the temporary cp command
224void fs_delete_cp_command(void) ;
220// blacklist files or directoies by mounting empty files on top of them 225// blacklist files or directoies by mounting empty files on top of them
221void fs_blacklist(void); 226void fs_blacklist(void);
222// remount a directory read-only 227// remount a directory read-only
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index b3748de51..42d31f567 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -83,6 +83,37 @@ void fs_build_mnt_dir(void) {
83 } 83 }
84} 84}
85 85
86// grab a copy of cp command
87void fs_build_cp_command(void) {
88 struct stat s;
89 fs_build_mnt_dir();
90 if (stat(CP_COMMAND, &s)) {
91 char* fname = realpath("/bin/cp", NULL);
92 if (fname == NULL) {
93 fprintf(stderr, "Error: /bin/cp not found\n");
94 exit(1);
95 }
96 if (stat(fname, &s)) {
97 fprintf(stderr, "Error: /bin/cp not found\n");
98 exit(1);
99 }
100 int rv = copy_file(fname, CP_COMMAND);
101 if (rv) {
102 fprintf(stderr, "Error: cannot access /bin/cp\n");
103 exit(1);
104 }
105 if (chmod(CP_COMMAND, 0755))
106 errExit("chmod");
107
108 free(fname);
109 }
110}
111
112// delete the temporary cp command
113void fs_delete_cp_command(void) {
114 unlink(CP_COMMAND);
115}
116
86//*********************************************** 117//***********************************************
87// process profile file 118// process profile file
88//*********************************************** 119//***********************************************
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c
index 668223755..0105716b2 100644
--- a/src/firejail/fs_bin.c
+++ b/src/firejail/fs_bin.c
@@ -137,7 +137,7 @@ static void duplicate(char *fname) {
137 char *actual_path = realpath(full_path, NULL); 137 char *actual_path = realpath(full_path, NULL);
138 if (actual_path) { 138 if (actual_path) {
139 // copy the file 139 // copy the file
140 if (asprintf(&cmd, "cp -a %s %s/%s", actual_path, BIN_DIR, fname) == -1) 140 if (asprintf(&cmd, "%s -a %s %s/%s", CP_COMMAND, actual_path, BIN_DIR, fname) == -1)
141 errExit("asprintf"); 141 errExit("asprintf");
142 if (arg_debug) 142 if (arg_debug)
143 printf("%s\n", cmd); 143 printf("%s\n", cmd);
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c
index 8e5fe1b86..617d45d06 100644
--- a/src/firejail/fs_etc.c
+++ b/src/firejail/fs_etc.c
@@ -76,7 +76,7 @@ static void duplicate(char *fname) {
76 char *cmd; 76 char *cmd;
77 77
78 // copy the file 78 // copy the file
79 if (asprintf(&cmd, "cp -a --parents /etc/%s %s", fname, MNT_DIR) == -1) 79 if (asprintf(&cmd, "%s -a --parents /etc/%s %s", CP_COMMAND, fname, MNT_DIR) == -1)
80 errExit("asprintf"); 80 errExit("asprintf");
81 if (arg_debug) 81 if (arg_debug)
82 printf("%s\n", cmd); 82 printf("%s\n", cmd);
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index 1144e90e8..2cbb59e69 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -376,7 +376,7 @@ static void duplicate(char *name) {
376 } 376 }
377 377
378 // copy the file 378 // copy the file
379 if (asprintf(&cmd, "cp -a --parents \"%s\" %s", fname, HOME_DIR) == -1) 379 if (asprintf(&cmd, "%s -a --parents \"%s\" %s", CP_COMMAND, fname, HOME_DIR) == -1)
380 errExit("asprintf"); 380 errExit("asprintf");
381 if (arg_debug) 381 if (arg_debug)
382 printf("%s\n", cmd); 382 printf("%s\n", cmd);
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 6eab5fc4e..51ca2daf5 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -170,6 +170,8 @@ int sandbox(void* sandbox_arg) {
170 netfilter(arg_netfilter_file); 170 netfilter(arg_netfilter_file);
171 } 171 }
172 172
173 fs_build_cp_command();
174
173 //**************************** 175 //****************************
174 // trace pre-install 176 // trace pre-install
175 //**************************** 177 //****************************
@@ -365,6 +367,8 @@ int sandbox(void* sandbox_arg) {
365 printf("\n"); 367 printf("\n");
366 } 368 }
367 } 369 }
370
371 fs_delete_cp_command();
368 372
369 //**************************** 373 //****************************
370 // start executable 374 // start executable
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-28 16:32:10 +0000