diff options
author | smitsohu <smitsohu@gmail.com> | 2019-07-08 16:37:00 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-07-08 16:37:00 +0200 |
commit | 704ab975cbfe99404a73de31479fac55d02dd967 (patch) | |
tree | 63f9937bfb6089880f69b727d1e9d7946e17d349 /src/firejail/fs.c | |
parent | Fix #2840 (diff) | |
download | firejail-704ab975cbfe99404a73de31479fac55d02dd967.tar.gz firejail-704ab975cbfe99404a73de31479fac55d02dd967.tar.zst firejail-704ab975cbfe99404a73de31479fac55d02dd967.zip |
more simplification of fs_check_chroot_dir
Diffstat (limited to 'src/firejail/fs.c')
-rw-r--r-- | src/firejail/fs.c | 22 |
1 files changed, 5 insertions, 17 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 13f01a51b..fe0427466 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -1188,23 +1188,11 @@ void fs_check_chroot_dir(const char *rootdir) { | |||
1188 | } | 1188 | } |
1189 | 1189 | ||
1190 | // check subdirectories in rootdir | 1190 | // check subdirectories in rootdir |
1191 | typedef struct { | 1191 | fs_check_chroot_subdir("dev", parentfd, 0); |
1192 | char *dname; | 1192 | fs_check_chroot_subdir("etc", parentfd, 1); |
1193 | int check_writable; | 1193 | fs_check_chroot_subdir("proc", parentfd, 0); |
1194 | } chrootsubdir; | 1194 | fs_check_chroot_subdir("tmp", parentfd, 0); |
1195 | chrootsubdir dirs[] = { | 1195 | fs_check_chroot_subdir("var/tmp", parentfd, 0); |
1196 | {"dev", 0}, | ||
1197 | {"etc", 1}, | ||
1198 | {"proc", 0}, | ||
1199 | {"tmp", 0}, | ||
1200 | {"var/tmp", 0}, | ||
1201 | {NULL, 0} | ||
1202 | }; | ||
1203 | chrootsubdir *tmp = dirs; | ||
1204 | while (tmp->dname) { | ||
1205 | fs_check_chroot_subdir(tmp->dname, parentfd, tmp->check_writable); | ||
1206 | tmp++; | ||
1207 | } | ||
1208 | 1196 | ||
1209 | // there should be no checking on <chrootdir>/etc/resolv.conf | 1197 | // there should be no checking on <chrootdir>/etc/resolv.conf |
1210 | // the file is replaced with the real /etc/resolv.conf anyway | 1198 | // the file is replaced with the real /etc/resolv.conf anyway |