diff options
author | netblue30 <netblue30@yahoo.com> | 2017-04-25 10:08:45 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-04-25 10:08:45 -0400 |
commit | d4827db063abce8100817079c8fc0bb2b21429ce (patch) | |
tree | a9c114d6dcac1aa3fd2aea5c5e1bb74a53a9f1b9 /src/firecfg/main.c | |
parent | Merge branch 'master' of https://github.com/netblue30/firejail (diff) | |
download | firejail-d4827db063abce8100817079c8fc0bb2b21429ce.tar.gz firejail-d4827db063abce8100817079c8fc0bb2b21429ce.tar.zst firejail-d4827db063abce8100817079c8fc0bb2b21429ce.zip |
firecfg fixes
Diffstat (limited to 'src/firecfg/main.c')
-rw-r--r-- | src/firecfg/main.c | 45 |
1 files changed, 38 insertions, 7 deletions
diff --git a/src/firecfg/main.c b/src/firecfg/main.c index 04ccbf2c3..7d63cb848 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c | |||
@@ -26,6 +26,7 @@ | |||
26 | #include <sys/stat.h> | 26 | #include <sys/stat.h> |
27 | #include <fcntl.h> | 27 | #include <fcntl.h> |
28 | #include <unistd.h> | 28 | #include <unistd.h> |
29 | #include <grp.h> | ||
29 | #include <string.h> | 30 | #include <string.h> |
30 | #include <errno.h> | 31 | #include <errno.h> |
31 | #include <sys/mman.h> | 32 | #include <sys/mman.h> |
@@ -287,6 +288,25 @@ static void set_links(void) { | |||
287 | free(firejail_exec); | 288 | free(firejail_exec); |
288 | } | 289 | } |
289 | 290 | ||
291 | int have_profile(const char *filename) { | ||
292 | // remove .desktop extension | ||
293 | char *f1 = strdup(filename); | ||
294 | if (!f1) | ||
295 | errExit("strdup"); | ||
296 | f1[strlen(filename) - 8] = '\0'; | ||
297 | |||
298 | // build profile name | ||
299 | char *profname; | ||
300 | if (asprintf(&profname, "%s/%s.profile", SYSCONFDIR, f1) == -1) | ||
301 | errExit("asprintf"); | ||
302 | |||
303 | struct stat s; | ||
304 | int rv = stat(profname, &s); | ||
305 | free(f1); | ||
306 | free(profname); | ||
307 | return (rv == 0)? 1: 0; | ||
308 | } | ||
309 | |||
290 | static void fix_desktop_files(char *homedir) { | 310 | static void fix_desktop_files(char *homedir) { |
291 | assert(homedir); | 311 | assert(homedir); |
292 | struct stat sb; | 312 | struct stat sb; |
@@ -324,7 +344,7 @@ static void fix_desktop_files(char *homedir) { | |||
324 | exit(1); | 344 | exit(1); |
325 | } | 345 | } |
326 | 346 | ||
327 | printf("\nFixing desktop files in ~/.local/shared/applications\n"); | 347 | printf("\nFixing desktop files in %s\n", user_apps_dir); |
328 | // copy | 348 | // copy |
329 | struct dirent *entry; | 349 | struct dirent *entry; |
330 | while ((entry = readdir(dir)) != NULL) { | 350 | while ((entry = readdir(dir)) != NULL) { |
@@ -348,6 +368,10 @@ static void fix_desktop_files(char *homedir) { | |||
348 | if (stat(filename, &sb) == -1) | 368 | if (stat(filename, &sb) == -1) |
349 | errExit("stat"); | 369 | errExit("stat"); |
350 | 370 | ||
371 | // no profile in /etc/firejail, no desktop file fixing | ||
372 | if (!have_profile(filename)) | ||
373 | continue; | ||
374 | |||
351 | /* coverity[toctou] */ | 375 | /* coverity[toctou] */ |
352 | int fd = open(filename, O_RDONLY); | 376 | int fd = open(filename, O_RDONLY); |
353 | if (fd == -1) | 377 | if (fd == -1) |
@@ -501,17 +525,24 @@ int main(int argc, char **argv) { | |||
501 | 525 | ||
502 | // switch to the local user, and fix desktop files | 526 | // switch to the local user, and fix desktop files |
503 | char *user = getlogin(); | 527 | char *user = getlogin(); |
504 | if (!user) | 528 | if (!user) { |
505 | goto errexit; | 529 | user = getenv("SUDO_USER"); |
530 | if (!user) { | ||
531 | goto errexit; | ||
532 | } | ||
533 | } | ||
534 | |||
506 | if (user) { | 535 | if (user) { |
507 | // find home directory | 536 | // find home directory |
508 | struct passwd *pw = getpwnam(user); | 537 | struct passwd *pw = getpwnam(user); |
509 | if (!pw) | 538 | if (!pw) { |
510 | goto errexit; | 539 | goto errexit; |
540 | } | ||
511 | char *home = pw->pw_dir; | 541 | char *home = pw->pw_dir; |
512 | if (!home) | 542 | if (!home) { |
513 | goto errexit; | 543 | goto errexit; |
514 | 544 | } | |
545 | |||
515 | // drop permissions | 546 | // drop permissions |
516 | if (setgroups(0, NULL) < 0) | 547 | if (setgroups(0, NULL) < 0) |
517 | errExit("setgroups"); | 548 | errExit("setgroups"); |
@@ -528,7 +559,7 @@ int main(int argc, char **argv) { | |||
528 | return 0; | 559 | return 0; |
529 | 560 | ||
530 | errexit: | 561 | errexit: |
531 | fprintf(stderr, "Error: cannot set desktop files in ~/.local/share/applications\n"); | 562 | fprintf(stderr, "Error: cannot detect login user in order to set desktop files in ~/.local/share/applications\n"); |
532 | return 1; | 563 | return 1; |
533 | } | 564 | } |
534 | 565 | ||