diff options
author | netblue30 <netblue30@yahoo.com> | 2017-10-04 08:29:31 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-10-04 08:29:31 -0400 |
commit | 63e177af7278012d7064d4e1695d3a500f51c9eb (patch) | |
tree | 57b64ed01d1b888f2bc3db304a4928c6bd2eaa61 /src/firejail/fs_lib.c | |
parent | updated authors list (diff) | |
download | firejail-63e177af7278012d7064d4e1695d3a500f51c9eb.tar.gz firejail-63e177af7278012d7064d4e1695d3a500f51c9eb.tar.zst firejail-63e177af7278012d7064d4e1695d3a500f51c9eb.zip |
private-lib: add std C library and locale by default
Diffstat (limited to 'src/firejail/fs_lib.c')
-rw-r--r-- | src/firejail/fs_lib.c | 89 |
1 files changed, 84 insertions, 5 deletions
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c index cdfd4a6e2..abd7cee1a 100644 --- a/src/firejail/fs_lib.c +++ b/src/firejail/fs_lib.c | |||
@@ -22,6 +22,7 @@ | |||
22 | #include <sys/stat.h> | 22 | #include <sys/stat.h> |
23 | #include <sys/types.h> | 23 | #include <sys/types.h> |
24 | #include <unistd.h> | 24 | #include <unistd.h> |
25 | #include <dirent.h> | ||
25 | 26 | ||
26 | #define MAXBUF 4096 | 27 | #define MAXBUF 4096 |
27 | 28 | ||
@@ -133,6 +134,85 @@ static char *valid_file(const char *lib) { | |||
133 | return NULL; | 134 | return NULL; |
134 | } | 135 | } |
135 | 136 | ||
137 | // standard libc libraries based on Debian's libc6 package | ||
138 | // selinux seems to be linked in most command line utilities | ||
139 | // locale (/usr/lib/locale) - without it, the program will default to "C" locale | ||
140 | typedef struct liblist_t { | ||
141 | const char *name; | ||
142 | int len; | ||
143 | } LibList; | ||
144 | |||
145 | static LibList libc_list[] = { | ||
146 | // { "locale", 0 }, hardcoded! | ||
147 | { "libselinux.so.", 0 }, | ||
148 | { "ld-linux-x86-64.so.", 0 }, | ||
149 | { "libanl.so.", 0 }, | ||
150 | { "libc.so.", 0 }, | ||
151 | { "libcidn.so.", 0 }, | ||
152 | { "libcrypt.so.", 0 }, | ||
153 | { "libdl.so.", 0 }, | ||
154 | { "libm.so.", 0 }, | ||
155 | { "libmemusage.so", 0 }, | ||
156 | { "libmvec.so.", 0 }, | ||
157 | { "libnsl.so.", 0 }, | ||
158 | { "libnss_compat.so.", 0 }, | ||
159 | { "libnss_dns.so.", 0 }, | ||
160 | { "libnss_files.so.", 0 }, | ||
161 | { "libnss_hesiod.so.", 0 }, | ||
162 | { "libnss_nisplus.so.", 0 }, | ||
163 | { "libnss_nis.so.", 0 }, | ||
164 | { "libpthread.so.", 0 }, | ||
165 | { "libresolv.so.", 0 }, | ||
166 | { "librt.so.", 0 }, | ||
167 | { "libthread_db.so.", 0 }, | ||
168 | { "libutil.so.", 0 }, | ||
169 | { NULL, 0} | ||
170 | }; | ||
171 | |||
172 | static int find(const char *name) { | ||
173 | assert(name); | ||
174 | |||
175 | int i = 0; | ||
176 | while (libc_list[i].name) { | ||
177 | if (libc_list[i].len == 0) | ||
178 | libc_list[i].len = strlen(libc_list[i].name); | ||
179 | if (strncmp(name, libc_list[i].name, libc_list[i].len) == 0) | ||
180 | return 1; | ||
181 | i++; | ||
182 | } | ||
183 | return 0; | ||
184 | } | ||
185 | |||
186 | // compare the files in dirname against liblist above | ||
187 | static void walk_directory(const char *dirname, const char *destdir) { | ||
188 | assert(dirname); | ||
189 | assert(destdir); | ||
190 | |||
191 | DIR *dir = opendir(dirname); | ||
192 | if (dir) { | ||
193 | struct dirent *entry; | ||
194 | while ((entry = readdir(dir)) != NULL) { | ||
195 | if (strcmp(entry->d_name, ".") == 0) | ||
196 | continue; | ||
197 | if (strcmp(entry->d_name, "..") == 0) | ||
198 | continue; | ||
199 | |||
200 | if (find(entry->d_name)) { | ||
201 | char *fname; | ||
202 | if (asprintf(&fname, "%s/%s", dirname, entry->d_name) == -1) | ||
203 | errExit("asprintf"); | ||
204 | |||
205 | if (is_dir(fname)) | ||
206 | copy_directory(fname, entry->d_name, RUN_LIB_DIR); | ||
207 | else | ||
208 | duplicate(fname, destdir); | ||
209 | } | ||
210 | } | ||
211 | closedir(dir); | ||
212 | } | ||
213 | else | ||
214 | fprintf(stderr, "Error: cannot open %s in order to set --private-lib\n", dirname); | ||
215 | } | ||
136 | 216 | ||
137 | void fs_private_lib(void) { | 217 | void fs_private_lib(void) { |
138 | #ifndef __x86_64__ | 218 | #ifndef __x86_64__ |
@@ -149,14 +229,13 @@ void fs_private_lib(void) { | |||
149 | // create /run/firejail/mnt/lib directory | 229 | // create /run/firejail/mnt/lib directory |
150 | mkdir_attr(RUN_LIB_DIR, 0755, 0, 0); | 230 | mkdir_attr(RUN_LIB_DIR, 0755, 0, 0); |
151 | 231 | ||
152 | // fix libselinux linking problem on Debian stretch; the library is | ||
153 | // linked in most basic command utilities (ls, cp, find etc.), and it | ||
154 | // seems to have a path hardlinked under /lib/x86_64-linux-gnu directory. | ||
155 | struct stat s; | 232 | struct stat s; |
156 | if (stat("/lib/x86_64-linux-gnu/libselinux.so.1", &s) == 0) { | 233 | if (stat("/lib/x86_64-linux-gnu", &s) == 0) { |
157 | mkdir_attr(RUN_LIB_DIR "/x86_64-linux-gnu", 0755, 0, 0); | 234 | mkdir_attr(RUN_LIB_DIR "/x86_64-linux-gnu", 0755, 0, 0); |
158 | duplicate("/lib/x86_64-linux-gnu/libselinux.so.1", RUN_LIB_DIR "/x86_64-linux-gnu"); | 235 | walk_directory("/lib/x86_64-linux-gnu", RUN_LIB_DIR "/x86_64-linux-gnu"); |
159 | } | 236 | } |
237 | if (stat("/usr/lib/locale", &s) == 0) | ||
238 | copy_directory("/usr/lib/locale", "locale", RUN_LIB_DIR); | ||
160 | 239 | ||
161 | // copy the libs in the new lib directory for the main exe | 240 | // copy the libs in the new lib directory for the main exe |
162 | if (cfg.original_program_index > 0) | 241 | if (cfg.original_program_index > 0) |