Add --keep-dev-shm (undocumented for now).

author: Chiraag Nataraj <chiraag.nataraj@gmail.com> 2018-06-13 15:41:21 -0400
committer: Chiraag Nataraj <chiraag.nataraj@gmail.com> 2018-06-13 15:41:21 -0400
commit: aee73739fa43d05ef3fc7ef52f31c6a6460e042a (patch)
tree: e140d3df70d7282b73ed10236b3bb4ec89da46d2 /src/firejail/fs_dev.c
parent: Change --nousb to --nou2f per suggestion on last commit. (diff)
download: firejail-aee73739fa43d05ef3fc7ef52f31c6a6460e042a.tar.gz
firejail-aee73739fa43d05ef3fc7ef52f31c6a6460e042a.tar.zst
firejail-aee73739fa43d05ef3fc7ef52f31c6a6460e042a.zip
1 files changed, 14 insertions, 9 deletions
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c
index 9e287bf27..ff525f0b9 100644
--- a/src/firejail/fs_dev.c
+++ b/src/firejail/fs_dev.c
@@ -171,12 +171,23 @@ static void empty_dev_shm(void) {
        fs_logger("create /dev/shm");
 }
+static void mount_dev_shm(void) {
+        mkdir_attr("/dev/shm", 01777, 0, 0);
+        int rv = mount(RUN_DEV_DIR "/shm", "/dev/shm", "none", MS_BIND, "mode=01777,gid=0");
+        if (rv == -1) {
+                fwarning("cannot mount the old /dev/shm in private-dev\n");
+                dbg_test_dir(RUN_DEV_DIR "/shm");
+                empty_dev_shm();
+                return;
+        }
+}
 static void process_dev_shm(void) {
        // Jack audio keeps an Unix socket under (/dev/shm/jack_default_1000_0 or /dev/shm/jack/...)
        // looking for jack socket
        glob_t globbuf;
        int globerr = glob(RUN_DEV_DIR "/shm/jack*", GLOB_NOSORT, NULL, &globbuf);
-        if (globerr) {
+        if (globerr && !arg_keep_dev_shm) {
                empty_dev_shm();
                return;
        }
@@ -184,14 +195,8 @@ static void process_dev_shm(void) {
        // if we got here, it means we have a jack server installed
        // mount-bind the old /dev/shm
-        mkdir_attr("/dev/shm", 01777, 0, 0);
+        mount_dev_shm();
-        int rv = mount(RUN_DEV_DIR "/shm", "/dev/shm", "none", MS_BIND, "mode=01777,gid=0");
-        if (rv == -1) {
-                fwarning("cannot mount the old /dev/shm in private-dev\n");
-                dbg_test_dir(RUN_DEV_DIR "/shm");
-                empty_dev_shm();
-                return;
-        }
 }
author	Chiraag Nataraj <chiraag.nataraj@gmail.com>	2018-06-13 15:41:21 -0400
committer	Chiraag Nataraj <chiraag.nataraj@gmail.com>	2018-06-13 15:41:21 -0400
commit	aee73739fa43d05ef3fc7ef52f31c6a6460e042a (patch)
tree	e140d3df70d7282b73ed10236b3bb4ec89da46d2 /src/firejail/fs_dev.c
parent	Change --nousb to --nou2f per suggestion on last commit. (diff)
download	firejail-aee73739fa43d05ef3fc7ef52f31c6a6460e042a.tar.gz firejail-aee73739fa43d05ef3fc7ef52f31c6a6460e042a.tar.zst firejail-aee73739fa43d05ef3fc7ef52f31c6a6460e042a.zip

diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c index 9e287bf27..ff525f0b9 100644 --- a/src/firejail/fs_dev.c +++ b/src/firejail/fs_dev.c
@@ -171,12 +171,23 @@ static void empty_dev_shm(void) {
171	fs_logger("create /dev/shm");	171	fs_logger("create /dev/shm");
172	}	172	}
173		173
		174	static void mount_dev_shm(void) {
		175	mkdir_attr("/dev/shm", 01777, 0, 0);
		176	int rv = mount(RUN_DEV_DIR "/shm", "/dev/shm", "none", MS_BIND, "mode=01777,gid=0");
		177	if (rv == -1) {
		178	fwarning("cannot mount the old /dev/shm in private-dev\n");
		179	dbg_test_dir(RUN_DEV_DIR "/shm");
		180	empty_dev_shm();
		181	return;
		182	}
		183	}
		184
174	static void process_dev_shm(void) {	185	static void process_dev_shm(void) {
175	// Jack audio keeps an Unix socket under (/dev/shm/jack_default_1000_0 or /dev/shm/jack/...)	186	// Jack audio keeps an Unix socket under (/dev/shm/jack_default_1000_0 or /dev/shm/jack/...)
176	// looking for jack socket	187	// looking for jack socket
177	glob_t globbuf;	188	glob_t globbuf;
178	int globerr = glob(RUN_DEV_DIR "/shm/jack*", GLOB_NOSORT, NULL, &globbuf);	189	int globerr = glob(RUN_DEV_DIR "/shm/jack*", GLOB_NOSORT, NULL, &globbuf);
179	if (globerr) {	190	if (globerr && !arg_keep_dev_shm) {
180	empty_dev_shm();	191	empty_dev_shm();
181	return;	192	return;
182	}	193	}
@@ -184,14 +195,8 @@ static void process_dev_shm(void) {
184		195
185	// if we got here, it means we have a jack server installed	196	// if we got here, it means we have a jack server installed
186	// mount-bind the old /dev/shm	197	// mount-bind the old /dev/shm
187	mkdir_attr("/dev/shm", 01777, 0, 0);	198	mount_dev_shm();
188	int rv = mount(RUN_DEV_DIR "/shm", "/dev/shm", "none", MS_BIND, "mode=01777,gid=0");	199
189	if (rv == -1) {
190	fwarning("cannot mount the old /dev/shm in private-dev\n");
191	dbg_test_dir(RUN_DEV_DIR "/shm");
192	empty_dev_shm();
193	return;
194	}
195	}	200	}
196		201
197		202