diff options
author | smitsohu <smitsohu@gmail.com> | 2020-11-20 20:04:20 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2020-11-20 20:04:20 +0100 |
commit | da53c4ebf0b7f5c6d07cb14dd7ec3ff3910fe180 (patch) | |
tree | 9475d0d33b52cc178c7b88caae1f9c0727500351 /src/firejail/fs.c | |
parent | tmpfs testing (diff) | |
download | firejail-da53c4ebf0b7f5c6d07cb14dd7ec3ff3910fe180.tar.gz firejail-da53c4ebf0b7f5c6d07cb14dd7ec3ff3910fe180.tar.zst firejail-da53c4ebf0b7f5c6d07cb14dd7ec3ff3910fe180.zip |
reimplement --private-cache using --tmpfs
Diffstat (limited to 'src/firejail/fs.c')
-rw-r--r-- | src/firejail/fs.c | 36 |
1 files changed, 6 insertions, 30 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 65f53bf76..0d4e496e8 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -162,11 +162,12 @@ static void disable_file(OPERATION op, const char *filename) { | |||
162 | } | 162 | } |
163 | else if (op == MOUNT_TMPFS) { | 163 | else if (op == MOUNT_TMPFS) { |
164 | if (S_ISDIR(s.st_mode)) { | 164 | if (S_ISDIR(s.st_mode)) { |
165 | if (getuid() && | 165 | if (getuid()) { |
166 | (strncmp(cfg.homedir, fname, strlen(cfg.homedir)) != 0 || | 166 | if (strncmp(cfg.homedir, fname, strlen(cfg.homedir)) != 0 || |
167 | fname[strlen(cfg.homedir)] != '/')) { | 167 | fname[strlen(cfg.homedir)] != '/') { |
168 | fprintf(stderr, "Error: tmpfs outside $HOME is only available for root\n"); | 168 | fprintf(stderr, "Error: tmpfs outside $HOME is only available for root\n"); |
169 | exit(1); | 169 | exit(1); |
170 | } | ||
170 | } | 171 | } |
171 | fs_tmpfs(fname, getuid()); | 172 | fs_tmpfs(fname, getuid()); |
172 | last_disable = SUCCESSFUL; | 173 | last_disable = SUCCESSFUL; |
@@ -1260,28 +1261,3 @@ void fs_private_tmp(void) { | |||
1260 | } | 1261 | } |
1261 | closedir(dir); | 1262 | closedir(dir); |
1262 | } | 1263 | } |
1263 | |||
1264 | // this function is called from sandbox.c before blacklist/whitelist functions | ||
1265 | void fs_private_cache(void) { | ||
1266 | char *cache; | ||
1267 | if (asprintf(&cache, "%s/.cache", cfg.homedir) == -1) | ||
1268 | errExit("asprintf"); | ||
1269 | // check if ~/.cache is a valid destination | ||
1270 | struct stat s; | ||
1271 | if (lstat(cache, &s) == -1) { | ||
1272 | fwarning("skipping private-cache: cannot find %s\n", cache); | ||
1273 | free(cache); | ||
1274 | return; | ||
1275 | } | ||
1276 | if (!S_ISDIR(s.st_mode)) { | ||
1277 | if (S_ISLNK(s.st_mode)) | ||
1278 | fwarning("skipping private-cache: %s is a symbolic link\n", cache); | ||
1279 | else | ||
1280 | fwarning("skipping private-cache: %s is not a directory\n", cache); | ||
1281 | free(cache); | ||
1282 | return; | ||
1283 | } | ||
1284 | // do the mount | ||
1285 | fs_tmpfs(cache, getuid()); // check ownership of ~/.cache | ||
1286 | free(cache); | ||
1287 | } | ||