clean local overlay storage directory (--overlay-clean)

author: netblue30 <netblue30@yahoo.com> 2016-08-23 13:33:30 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-08-23 13:33:30 -0400
commit: d8815360af1031f23f9abaad461e2c235cf15260 (patch)
tree: 47c43b99098b3d6d945b71afa34eb15c97507a73
parent: terminal sandbox escape (diff)
download: firejail-d8815360af1031f23f9abaad461e2c235cf15260.tar.gz
firejail-d8815360af1031f23f9abaad461e2c235cf15260.tar.zst
firejail-d8815360af1031f23f9abaad461e2c235cf15260.zip
6 files changed, 47 insertions, 3 deletions
diff --git a/RELNOTES b/RELNOTES
index da53398de..eb49768d4 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -4,6 +4,7 @@ firejail (0.9.38.1) baseline; urgency=low
  * security: disable x32 ABI, submitted by Jann Horn
  * security: tighten --chroot, submitted by Jann Horn
  * security: terminal sandbox escape, submitted by Stephan Sokolow
+  * feature: clean local overlay storage directory (--overlay-clean)
 -- netblue30 <netblue30@yahoo.com>  Fri, 12 Aug 2016 10:00:00 -0500
 firejail (0.9.38) baseline; urgency=low
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 39bc2beeb..5104bd688 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -357,6 +357,7 @@ char *expand_home(const char *path, const char* homedir);
 const char *gnu_basename(const char *path);
 uid_t pid_get_uid(pid_t pid);
 void invalid_filename(const char *fname);
+int remove_directory(const char *path);
 // fs_var.c
 void fs_var_log(void);  // mounting /var/log
diff --git a/src/firejail/main.c b/src/firejail/main.c
index bcddaf7ab..c28dba16b 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -245,6 +245,21 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                printf("firejail version %s\n", VERSION);
                exit(0);
        }
+        else if (strcmp(argv[i], "--overlay-clean") == 0) {
+                char *path;
+                if (asprintf(&path, "%s/.firejail", cfg.homedir) == -1)
+                        errExit("asprintf");
+                if (setreuid(0, 0) < 0)
+                        errExit("setreuid");
+                if (setregid(0, 0) < 0)
+                        errExit("setregid");
+                errno = 0;
+                int rv = remove_directory(path);
+                if (rv) {
+                        fprintf(stderr, "Error: cannot removed overlays stored in ~/.firejail directory, errno %d\n", errno);
+                        exit(1);
+                }
+        }
 #ifdef HAVE_NETWORK     
        else if (strncmp(argv[i], "--bandwidth=", 12) == 0) {
                logargs(argc, argv);
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 323884c89..9cb97187e 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -355,9 +355,6 @@ int sandbox(void* sandbox_arg) {
 #ifdef HAVE_CHROOT              
        if (cfg.chrootdir) {
                fs_chroot(cfg.chrootdir);
-                // redo cp command
-//              fs_build_cp_command();
-                
                // force caps and seccomp if not started as root
                if (getuid() != 0) {
                        // force default seccomp inside the chroot, no keep or drop list
diff --git a/src/firejail/util.c b/src/firejail/util.c
index d7964ccb8..f72df9fc6 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -24,6 +24,7 @@
 #include <errno.h>
 #include <dirent.h>
 #include <grp.h>
+#include <ftw.h>
 #define MAX_GROUPS 1024
 // drop privileges
@@ -615,3 +616,21 @@ void invalid_filename(const char *fname) {
                exit(1);
        }
 }
+static int remove_callback(const char *fpath, const struct stat *sb, int typeflag, struct FTW *ftwbuf) {
+        (void) sb;
+        (void) typeflag;
+        (void) ftwbuf;
+        
+        int rv = remove(fpath);
+        if (rv)
+                perror(fpath);
+        return rv;
+}
+int remove_directory(const char *path) {
+        // FTW_PHYS - do not follow symbolic links
+        return nftw(path, remove_callback, 64, FTW_DEPTH | FTW_PHYS);
+}
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index ee019a24f..0adb72151 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -921,6 +921,17 @@ Example:
 $ firejail \-\-overlay-tmpfs firefox
 .TP
+\fB\-\-overlay-clean
+Clean all overlays stored in $HOME/.firejail directory. Overlays created with --overlay-path=path
+outside $HOME/.firejail will not be deleted.
+.br
+.br
+Example:
+.br
+$ firejail \-\-overlay-clean
+.TP
 \fB\-\-private
 Mount new /root and /home/user directories in temporary
 filesystems. All modifications are discarded when the sandbox is
author	netblue30 <netblue30@yahoo.com>	2016-08-23 13:33:30 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-08-23 13:33:30 -0400
commit	d8815360af1031f23f9abaad461e2c235cf15260 (patch)
tree	47c43b99098b3d6d945b71afa34eb15c97507a73
parent	terminal sandbox escape (diff)
download	firejail-d8815360af1031f23f9abaad461e2c235cf15260.tar.gz firejail-d8815360af1031f23f9abaad461e2c235cf15260.tar.zst firejail-d8815360af1031f23f9abaad461e2c235cf15260.zip

diff --git a/RELNOTES b/RELNOTES index da53398de..eb49768d4 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -4,6 +4,7 @@ firejail (0.9.38.1) baseline; urgency=low
4	* security: disable x32 ABI, submitted by Jann Horn	4	* security: disable x32 ABI, submitted by Jann Horn
5	* security: tighten --chroot, submitted by Jann Horn	5	* security: tighten --chroot, submitted by Jann Horn
6	* security: terminal sandbox escape, submitted by Stephan Sokolow	6	* security: terminal sandbox escape, submitted by Stephan Sokolow
		7	* feature: clean local overlay storage directory (--overlay-clean)
7	-- netblue30 <netblue30@yahoo.com> Fri, 12 Aug 2016 10:00:00 -0500	8	-- netblue30 <netblue30@yahoo.com> Fri, 12 Aug 2016 10:00:00 -0500
8		9
9	firejail (0.9.38) baseline; urgency=low	10	firejail (0.9.38) baseline; urgency=low


diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 39bc2beeb..5104bd688 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h
@@ -357,6 +357,7 @@ char expand_home(const char path, const char* homedir);
357	const char gnu_basename(const char path);	357	const char gnu_basename(const char path);
358	uid_t pid_get_uid(pid_t pid);	358	uid_t pid_get_uid(pid_t pid);
359	void invalid_filename(const char *fname);	359	void invalid_filename(const char *fname);
		360	int remove_directory(const char *path);
360		361
361	// fs_var.c	362	// fs_var.c
362	void fs_var_log(void); // mounting /var/log	363	void fs_var_log(void); // mounting /var/log


diff --git a/src/firejail/main.c b/src/firejail/main.c index bcddaf7ab..c28dba16b 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -245,6 +245,21 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
245	printf("firejail version %s\n", VERSION);	245	printf("firejail version %s\n", VERSION);
246	exit(0);	246	exit(0);
247	}	247	}
		248	else if (strcmp(argv[i], "--overlay-clean") == 0) {
		249	char *path;
		250	if (asprintf(&path, "%s/.firejail", cfg.homedir) == -1)
		251	errExit("asprintf");
		252	if (setreuid(0, 0) < 0)
		253	errExit("setreuid");
		254	if (setregid(0, 0) < 0)
		255	errExit("setregid");
		256	errno = 0;
		257	int rv = remove_directory(path);
		258	if (rv) {
		259	fprintf(stderr, "Error: cannot removed overlays stored in ~/.firejail directory, errno %d\n", errno);
		260	exit(1);
		261	}
		262	}
248	#ifdef HAVE_NETWORK	263	#ifdef HAVE_NETWORK
249	else if (strncmp(argv[i], "--bandwidth=", 12) == 0) {	264	else if (strncmp(argv[i], "--bandwidth=", 12) == 0) {
250	logargs(argc, argv);	265	logargs(argc, argv);


diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 323884c89..9cb97187e 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c
@@ -355,9 +355,6 @@ int sandbox(void* sandbox_arg) {
355	#ifdef HAVE_CHROOT	355	#ifdef HAVE_CHROOT
356	if (cfg.chrootdir) {	356	if (cfg.chrootdir) {
357	fs_chroot(cfg.chrootdir);	357	fs_chroot(cfg.chrootdir);
358	// redo cp command
359	// fs_build_cp_command();
360
361	// force caps and seccomp if not started as root	358	// force caps and seccomp if not started as root
362	if (getuid() != 0) {	359	if (getuid() != 0) {
363	// force default seccomp inside the chroot, no keep or drop list	360	// force default seccomp inside the chroot, no keep or drop list


diff --git a/src/firejail/util.c b/src/firejail/util.c index d7964ccb8..f72df9fc6 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c
@@ -24,6 +24,7 @@
24	#include <errno.h>	24	#include <errno.h>
25	#include <dirent.h>	25	#include <dirent.h>
26	#include <grp.h>	26	#include <grp.h>
		27	#include <ftw.h>
27		28
28	#define MAX_GROUPS 1024	29	#define MAX_GROUPS 1024
29	// drop privileges	30	// drop privileges
@@ -615,3 +616,21 @@ void invalid_filename(const char *fname) {
615	exit(1);	616	exit(1);
616	}	617	}
617	}	618	}
		619
		620	static int remove_callback(const char fpath, const struct stat sb, int typeflag, struct FTW *ftwbuf) {
		621	(void) sb;
		622	(void) typeflag;
		623	(void) ftwbuf;
		624
		625	int rv = remove(fpath);
		626	if (rv)
		627	perror(fpath);
		628
		629	return rv;
		630	}
		631
		632
		633	int remove_directory(const char *path) {
		634	// FTW_PHYS - do not follow symbolic links
		635	return nftw(path, remove_callback, 64, FTW_DEPTH \| FTW_PHYS);
		636	}


diff --git a/src/man/firejail.txt b/src/man/firejail.txt index ee019a24f..0adb72151 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -921,6 +921,17 @@ Example:
921	$ firejail \-\-overlay-tmpfs firefox	921	$ firejail \-\-overlay-tmpfs firefox
922		922
923	.TP	923	.TP
		924	\fB\-\-overlay-clean
		925	Clean all overlays stored in $HOME/.firejail directory. Overlays created with --overlay-path=path
		926	outside $HOME/.firejail will not be deleted.
		927	.br
		928
		929	.br
		930	Example:
		931	.br
		932	$ firejail \-\-overlay-clean
		933
		934	.TP
924	\fB\-\-private	935	\fB\-\-private
925	Mount new /root and /home/user directories in temporary	936	Mount new /root and /home/user directories in temporary
926	filesystems. All modifications are discarded when the sandbox is	937	filesystems. All modifications are discarded when the sandbox is