diff options
author | netblue30 <netblue30@yahoo.com> | 2017-11-05 15:08:24 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-11-05 15:08:24 -0500 |
commit | 1a61182e9fe4561e1ebf36eb3bc725aaae0c26b0 (patch) | |
tree | 6fd6bdd5cbf95321c1aa320d8c7c0a17d51402c7 /src/firejail/fs_lib.c | |
parent | fix disable-programs.inc (diff) | |
download | firejail-1a61182e9fe4561e1ebf36eb3bc725aaae0c26b0.tar.gz firejail-1a61182e9fe4561e1ebf36eb3bc725aaae0c26b0.tar.zst firejail-1a61182e9fe4561e1ebf36eb3bc725aaae0c26b0.zip |
private-lib fix
Diffstat (limited to 'src/firejail/fs_lib.c')
-rw-r--r-- | src/firejail/fs_lib.c | 31 |
1 files changed, 23 insertions, 8 deletions
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c index 56a66742a..59c0c5261 100644 --- a/src/firejail/fs_lib.c +++ b/src/firejail/fs_lib.c | |||
@@ -69,6 +69,9 @@ static char *build_dest_dir(const char *full_path) { | |||
69 | // copy fname in private_run_dir | 69 | // copy fname in private_run_dir |
70 | void fslib_duplicate(const char *full_path) { | 70 | void fslib_duplicate(const char *full_path) { |
71 | assert(full_path); | 71 | assert(full_path); |
72 | if (arg_debug) | ||
73 | printf("fslib_duplicate %s\n", full_path); | ||
74 | |||
72 | struct stat s; | 75 | struct stat s; |
73 | if (stat(full_path, &s) != 0 || s.st_uid != 0 || access(full_path, R_OK)) | 76 | if (stat(full_path, &s) != 0 || s.st_uid != 0 || access(full_path, R_OK)) |
74 | return; | 77 | return; |
@@ -105,6 +108,10 @@ void fslib_duplicate(const char *full_path) { | |||
105 | // it could be a library or an executable | 108 | // it could be a library or an executable |
106 | // lib is not copied, only libraries used by it | 109 | // lib is not copied, only libraries used by it |
107 | void fslib_copy_libs(const char *full_path) { | 110 | void fslib_copy_libs(const char *full_path) { |
111 | assert(full_path); | ||
112 | if (arg_debug) | ||
113 | printf("fslib_copy_libs %s\n", full_path); | ||
114 | |||
108 | // if library/executable does not exist or the user does not have read access to it | 115 | // if library/executable does not exist or the user does not have read access to it |
109 | // print a warning and exit the function. | 116 | // print a warning and exit the function. |
110 | if (access(full_path, R_OK)) { | 117 | if (access(full_path, R_OK)) { |
@@ -120,6 +127,8 @@ void fslib_copy_libs(const char *full_path) { | |||
120 | errExit("chown"); | 127 | errExit("chown"); |
121 | 128 | ||
122 | // run fldd to extact the list of files | 129 | // run fldd to extact the list of files |
130 | if (arg_debug) | ||
131 | printf("runing fldd %s\n", full_path); | ||
123 | sbox_run(SBOX_USER | SBOX_SECCOMP | SBOX_CAPS_NONE, 3, PATH_FLDD, full_path, RUN_LIB_FILE); | 132 | sbox_run(SBOX_USER | SBOX_SECCOMP | SBOX_CAPS_NONE, 3, PATH_FLDD, full_path, RUN_LIB_FILE); |
124 | 133 | ||
125 | // open the list of libraries and install them on by one | 134 | // open the list of libraries and install them on by one |
@@ -141,6 +150,9 @@ void fslib_copy_libs(const char *full_path) { | |||
141 | 150 | ||
142 | void fslib_copy_dir(const char *full_path) { | 151 | void fslib_copy_dir(const char *full_path) { |
143 | assert(full_path); | 152 | assert(full_path); |
153 | if (arg_debug) | ||
154 | printf("fslib_copy_dir %s\n", full_path); | ||
155 | |||
144 | // do nothing if the directory does not exist or is not owned by root | 156 | // do nothing if the directory does not exist or is not owned by root |
145 | struct stat s; | 157 | struct stat s; |
146 | if (stat(full_path, &s) != 0 || s.st_uid != 0 || !S_ISDIR(s.st_mode) || access(full_path, R_OK)) | 158 | if (stat(full_path, &s) != 0 || s.st_uid != 0 || !S_ISDIR(s.st_mode) || access(full_path, R_OK)) |
@@ -151,8 +163,6 @@ void fslib_copy_dir(const char *full_path) { | |||
151 | dir_name++; | 163 | dir_name++; |
152 | assert(*dir_name != '\0'); | 164 | assert(*dir_name != '\0'); |
153 | 165 | ||
154 | |||
155 | |||
156 | // do nothing if the directory is already there | 166 | // do nothing if the directory is already there |
157 | char *dest; | 167 | char *dest; |
158 | if (asprintf(&dest, "%s/%s", build_dest_dir(full_path), dir_name) == -1) | 168 | if (asprintf(&dest, "%s/%s", build_dest_dir(full_path), dir_name) == -1) |
@@ -371,12 +381,17 @@ void fs_private_lib(void) { | |||
371 | if (!arg_quiet) | 381 | if (!arg_quiet) |
372 | fprintf(stderr, "Installed %d libraries and %d directories\n", lib_cnt, dir_cnt); | 382 | fprintf(stderr, "Installed %d libraries and %d directories\n", lib_cnt, dir_cnt); |
373 | 383 | ||
374 | // for our trace and tracelog libs | 384 | // bring in firejail directory for --trace options |
375 | if (arg_trace) | 385 | fslib_copy_dir(LIBDIR "/firejail"); |
376 | fslib_duplicate(LIBDIR "/firejail/libtrace.so"); | 386 | |
377 | else if (arg_tracelog) | 387 | // ... and for sandbox in sandbox functionality |
378 | fslib_duplicate(LIBDIR "/firejail/libtracelog.so"); | 388 | fslib_copy_libs(LIBDIR "/firejail/faudit"); |
379 | 389 | fslib_copy_libs(LIBDIR "/firejail/fbuilder"); | |
390 | fslib_copy_libs(LIBDIR "/firejail/fcopy"); | ||
391 | fslib_copy_libs(LIBDIR "/firejail/fldd"); | ||
392 | fslib_copy_libs(LIBDIR "/firejail/fnet"); | ||
393 | fslib_copy_libs(LIBDIR "/firejail/fseccomp"); | ||
394 | fslib_copy_libs(LIBDIR "/firejail/ftee"); | ||
380 | // mount lib filesystem | 395 | // mount lib filesystem |
381 | mount_directories(); | 396 | mount_directories(); |
382 | } | 397 | } |