diff options
author | 2017-11-08 08:30:10 -0500 | |
---|---|---|
committer | 2017-11-08 08:30:10 -0500 | |
commit | b1b1e774a175fe2ee35aa22d02c097e13873a5a9 (patch) | |
tree | 22e3fda2f21723e05a2299ef30668aa5af1119af /src/firejail/fs_lib.c | |
parent | Merge pull request #1637 from soredake/keepassxc (diff) | |
download | firejail-b1b1e774a175fe2ee35aa22d02c097e13873a5a9.tar.gz firejail-b1b1e774a175fe2ee35aa22d02c097e13873a5a9.tar.zst firejail-b1b1e774a175fe2ee35aa22d02c097e13873a5a9.zip |
private-bin and private-lib fixes
Diffstat (limited to 'src/firejail/fs_lib.c')
-rw-r--r-- | src/firejail/fs_lib.c | 19 |
1 files changed, 8 insertions, 11 deletions
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c index 59c0c5261..23fdb8a6a 100644 --- a/src/firejail/fs_lib.c +++ b/src/firejail/fs_lib.c | |||
@@ -23,7 +23,6 @@ | |||
23 | #include <sys/types.h> | 23 | #include <sys/types.h> |
24 | #include <unistd.h> | 24 | #include <unistd.h> |
25 | #include <dirent.h> | 25 | #include <dirent.h> |
26 | |||
27 | #define MAXBUF 4096 | 26 | #define MAXBUF 4096 |
28 | 27 | ||
29 | static const char * const lib_paths[] = { | 28 | static const char * const lib_paths[] = { |
@@ -69,8 +68,6 @@ static char *build_dest_dir(const char *full_path) { | |||
69 | // copy fname in private_run_dir | 68 | // copy fname in private_run_dir |
70 | void fslib_duplicate(const char *full_path) { | 69 | void fslib_duplicate(const char *full_path) { |
71 | assert(full_path); | 70 | assert(full_path); |
72 | if (arg_debug) | ||
73 | printf("fslib_duplicate %s\n", full_path); | ||
74 | 71 | ||
75 | struct stat s; | 72 | struct stat s; |
76 | if (stat(full_path, &s) != 0 || s.st_uid != 0 || access(full_path, R_OK)) | 73 | if (stat(full_path, &s) != 0 || s.st_uid != 0 || access(full_path, R_OK)) |
@@ -95,7 +92,7 @@ void fslib_duplicate(const char *full_path) { | |||
95 | } | 92 | } |
96 | free(name); | 93 | free(name); |
97 | 94 | ||
98 | if (arg_debug) | 95 | if (arg_debug || arg_debug_private_lib) |
99 | printf("copying %s to private %s\n", full_path, dest_dir); | 96 | printf("copying %s to private %s\n", full_path, dest_dir); |
100 | 97 | ||
101 | sbox_run(SBOX_ROOT| SBOX_SECCOMP, 4, PATH_FCOPY, "--follow-link", full_path, dest_dir); | 98 | sbox_run(SBOX_ROOT| SBOX_SECCOMP, 4, PATH_FCOPY, "--follow-link", full_path, dest_dir); |
@@ -109,13 +106,13 @@ void fslib_duplicate(const char *full_path) { | |||
109 | // lib is not copied, only libraries used by it | 106 | // lib is not copied, only libraries used by it |
110 | void fslib_copy_libs(const char *full_path) { | 107 | void fslib_copy_libs(const char *full_path) { |
111 | assert(full_path); | 108 | assert(full_path); |
112 | if (arg_debug) | 109 | if (arg_debug || arg_debug_private_lib) |
113 | printf("fslib_copy_libs %s\n", full_path); | 110 | printf("fslib_copy_libs %s\n", full_path); |
114 | 111 | ||
115 | // if library/executable does not exist or the user does not have read access to it | 112 | // if library/executable does not exist or the user does not have read access to it |
116 | // print a warning and exit the function. | 113 | // print a warning and exit the function. |
117 | if (access(full_path, R_OK)) { | 114 | if (access(full_path, R_OK)) { |
118 | if (arg_debug) | 115 | if (arg_debug || arg_debug_private_lib) |
119 | printf("cannot find %s for private-lib, skipping...\n", full_path); | 116 | printf("cannot find %s for private-lib, skipping...\n", full_path); |
120 | return; | 117 | return; |
121 | } | 118 | } |
@@ -127,7 +124,7 @@ void fslib_copy_libs(const char *full_path) { | |||
127 | errExit("chown"); | 124 | errExit("chown"); |
128 | 125 | ||
129 | // run fldd to extact the list of files | 126 | // run fldd to extact the list of files |
130 | if (arg_debug) | 127 | if (arg_debug || arg_debug_private_lib) |
131 | printf("runing fldd %s\n", full_path); | 128 | printf("runing fldd %s\n", full_path); |
132 | sbox_run(SBOX_USER | SBOX_SECCOMP | SBOX_CAPS_NONE, 3, PATH_FLDD, full_path, RUN_LIB_FILE); | 129 | sbox_run(SBOX_USER | SBOX_SECCOMP | SBOX_CAPS_NONE, 3, PATH_FLDD, full_path, RUN_LIB_FILE); |
133 | 130 | ||
@@ -150,7 +147,7 @@ void fslib_copy_libs(const char *full_path) { | |||
150 | 147 | ||
151 | void fslib_copy_dir(const char *full_path) { | 148 | void fslib_copy_dir(const char *full_path) { |
152 | assert(full_path); | 149 | assert(full_path); |
153 | if (arg_debug) | 150 | if (arg_debug || arg_debug_private_lib) |
154 | printf("fslib_copy_dir %s\n", full_path); | 151 | printf("fslib_copy_dir %s\n", full_path); |
155 | 152 | ||
156 | // do nothing if the directory does not exist or is not owned by root | 153 | // do nothing if the directory does not exist or is not owned by root |
@@ -216,7 +213,7 @@ static char *valid_file(const char *lib) { | |||
216 | 213 | ||
217 | 214 | ||
218 | static void mount_directories(void) { | 215 | static void mount_directories(void) { |
219 | if (arg_debug) | 216 | if (arg_debug || arg_debug_private_lib) |
220 | printf("Mount-bind %s on top of /lib /lib64 /usr/lib\n", RUN_LIB_DIR); | 217 | printf("Mount-bind %s on top of /lib /lib64 /usr/lib\n", RUN_LIB_DIR); |
221 | 218 | ||
222 | if (is_dir("/lib")) { | 219 | if (is_dir("/lib")) { |
@@ -262,7 +259,7 @@ void fs_private_lib(void) { | |||
262 | return; | 259 | return; |
263 | #endif | 260 | #endif |
264 | char *private_list = cfg.lib_private_keep; | 261 | char *private_list = cfg.lib_private_keep; |
265 | if (arg_debug) | 262 | if (arg_debug || arg_debug_private_lib) |
266 | printf("Starting private-lib processing: program %s, shell %s\n", | 263 | printf("Starting private-lib processing: program %s, shell %s\n", |
267 | (cfg.original_program_index > 0)? cfg.original_argv[cfg.original_program_index]: "none", | 264 | (cfg.original_program_index > 0)? cfg.original_argv[cfg.original_program_index]: "none", |
268 | (arg_shell_none)? "none": cfg.shell); | 265 | (arg_shell_none)? "none": cfg.shell); |
@@ -288,7 +285,7 @@ void fs_private_lib(void) { | |||
288 | 285 | ||
289 | // for the listed libs | 286 | // for the listed libs |
290 | if (private_list && *private_list != '\0') { | 287 | if (private_list && *private_list != '\0') { |
291 | if (arg_debug) | 288 | if (arg_debug || arg_debug_private_lib) |
292 | printf("Copying extra files (%s) in the new lib directory\n", private_list); | 289 | printf("Copying extra files (%s) in the new lib directory\n", private_list); |
293 | 290 | ||
294 | char *dlist = strdup(private_list); | 291 | char *dlist = strdup(private_list); |