diff options
| author |  smitsohu <smitsohu@gmail.com> | 2021-03-04 14:33:58 +0100 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2021-03-06 15:28:10 +0100 |
| commit | eb70910ba6fecf59c193d40c94ba6bbcfa3806f0 (patch) | |
| tree | 165523dada7a8cdbbcccc9e0646f6b818fca9760 /src/firejail/fs_lib2.c | |
| parent | Merge pull request #4048 from tredondo/patch-1 (diff) | |
| download | firejail-eb70910ba6fecf59c193d40c94ba6bbcfa3806f0.tar.gz firejail-eb70910ba6fecf59c193d40c94ba6bbcfa3806f0.tar.zst firejail-eb70910ba6fecf59c193d40c94ba6bbcfa3806f0.zip | |
private-lib: move from copying to mounting (#3980)
Diffstat (limited to 'src/firejail/fs_lib2.c')
| -rw-r--r-- | src/firejail/fs_lib2.c | 42 |
1 files changed, 20 insertions, 22 deletions
diff --git a/src/firejail/fs_lib2.c b/src/firejail/fs_lib2.c index d46cfed86..c69bf7c98 100644 --- a/src/firejail/fs_lib2.c +++ b/src/firejail/fs_lib2.c | |||
| @@ -21,10 +21,8 @@ | |||
| 21 | #include <dirent.h> | 21 | #include <dirent.h> |
| 22 | #include <sys/stat.h> | 22 | #include <sys/stat.h> |
| 23 | 23 | ||
| 24 | extern void fslib_duplicate(const char *full_path); | 24 | extern void fslib_mount_libs(const char *full_path, unsigned user); |
| 25 | extern void fslib_copy_libs_parse_as_user(const char *full_path); | 25 | extern void fslib_mount(const char *full_path); |
| 26 | extern void fslib_copy_libs_parse_as_root(const char *full_path); | ||
| 27 | extern void fslib_copy_dir(const char *full_path); | ||
| 28 | 26 | ||
| 29 | //*************************************************************** | 27 | //*************************************************************** |
| 30 | // Standard C library | 28 | // Standard C library |
| @@ -98,7 +96,8 @@ static void stdc(const char *dirname) { | |||
| 98 | if (asprintf(&fname, "%s/%s", dirname, entry->d_name) == -1) | 96 | if (asprintf(&fname, "%s/%s", dirname, entry->d_name) == -1) |
| 99 | errExit("asprintf"); | 97 | errExit("asprintf"); |
| 100 | 98 | ||
| 101 | fslib_duplicate(fname); | 99 | fslib_mount(fname); |
| 100 | free(fname); | ||
| 102 | } | 101 | } |
| 103 | } | 102 | } |
| 104 | closedir(dir); | 103 | closedir(dir); |
| @@ -119,7 +118,7 @@ void fslib_install_stdc(void) { | |||
| 119 | 118 | ||
| 120 | // install locale | 119 | // install locale |
| 121 | if (stat("/usr/lib/locale", &s) == 0) | 120 | if (stat("/usr/lib/locale", &s) == 0) |
| 122 | fslib_copy_dir("/usr/lib/locale"); | 121 | fslib_mount("/usr/lib/locale"); |
| 123 | 122 | ||
| 124 | fmessage("Standard C library installed in %0.2f ms\n", timetrace_end()); | 123 | fmessage("Standard C library installed in %0.2f ms\n", timetrace_end()); |
| 125 | } | 124 | } |
| @@ -129,7 +128,8 @@ void fslib_install_stdc(void) { | |||
| 129 | //*************************************************************** | 128 | //*************************************************************** |
| 130 | 129 | ||
| 131 | static void fdir(void) { | 130 | static void fdir(void) { |
| 132 | fslib_copy_dir(LIBDIR "/firejail"); | 131 | // firejail directory itself |
| 132 | fslib_mount(LIBDIR "/firejail"); | ||
| 133 | 133 | ||
| 134 | // executables and libraries from firejail directory | 134 | // executables and libraries from firejail directory |
| 135 | static const char * const fbin[] = { | 135 | static const char * const fbin[] = { |
| @@ -143,30 +143,28 @@ static void fdir(void) { | |||
| 143 | NULL, | 143 | NULL, |
| 144 | }; | 144 | }; |
| 145 | 145 | ||
| 146 | // need to run fldd as root user, unprivileged users have no read permission on executables | 146 | // need to parse as root user, unprivileged users have no read permission on executables |
| 147 | int i; | 147 | int i; |
| 148 | for (i = 0; fbin[i]; i++) | 148 | for (i = 0; fbin[i]; i++) |
| 149 | fslib_copy_libs_parse_as_root(fbin[i]); | 149 | fslib_mount_libs(fbin[i], 0); |
| 150 | } | 150 | } |
| 151 | 151 | ||
| 152 | void fslib_install_firejail(void) { | 152 | void fslib_install_firejail(void) { |
| 153 | timetrace_start(); | 153 | timetrace_start(); |
| 154 | // bring in firejail executable libraries, in case we are redirected here | 154 | // bring in firejail executable libraries, in case we are redirected here |
| 155 | // by a firejail symlink from /usr/local/bin/firejail | 155 | // by a firejail symlink from /usr/local/bin/firejail |
| 156 | fslib_copy_libs_parse_as_user(PATH_FIREJAIL); | 156 | fslib_mount_libs(PATH_FIREJAIL, 1); // parse as user |
| 157 | 157 | ||
| 158 | // bring in firejail directory | 158 | // bring in firejail directory |
| 159 | fdir(); | 159 | fdir(); |
| 160 | 160 | ||
| 161 | // bring in dhclient libraries | 161 | // bring in dhclient libraries |
| 162 | if (any_dhcp()) | 162 | if (any_dhcp()) |
| 163 | fslib_copy_libs_parse_as_user(RUN_MNT_DIR "/dhclient"); | 163 | fslib_mount_libs(RUN_MNT_DIR "/dhclient", 1); // parse as user |
| 164 | 164 | ||
| 165 | #ifdef HAVE_X11 | ||
| 166 | // bring in xauth libraries | 165 | // bring in xauth libraries |
| 167 | if (arg_x11_xorg) | 166 | if (arg_x11_xorg) |
| 168 | fslib_copy_libs_parse_as_user("/usr/bin/xauth"); | 167 | fslib_mount_libs("/usr/bin/xauth", 1); // parse as user |
| 169 | #endif | ||
| 170 | 168 | ||
| 171 | fmessage("Firejail libraries installed in %0.2f ms\n", timetrace_end()); | 169 | fmessage("Firejail libraries installed in %0.2f ms\n", timetrace_end()); |
| 172 | } | 170 | } |
| @@ -315,8 +313,8 @@ void fslib_install_system(void) { | |||
| 315 | if (asprintf(&name, "/usr/lib/x86_64-linux-gnu/%s", ptr->dir1) == -1) | 313 | if (asprintf(&name, "/usr/lib/x86_64-linux-gnu/%s", ptr->dir1) == -1) |
| 316 | errExit("asprintf"); | 314 | errExit("asprintf"); |
| 317 | if (access(name, R_OK) == 0) { | 315 | if (access(name, R_OK) == 0) { |
| 318 | fslib_copy_libs_parse_as_user(name); | 316 | fslib_mount_libs(name, 1); // parse as user |
| 319 | fslib_copy_dir(name); | 317 | fslib_mount(name); |
| 320 | } | 318 | } |
| 321 | else { | 319 | else { |
| 322 | free(name); | 320 | free(name); |
| @@ -324,8 +322,8 @@ void fslib_install_system(void) { | |||
| 324 | if (asprintf(&name, "/usr/lib64/%s", ptr->dir1) == -1) | 322 | if (asprintf(&name, "/usr/lib64/%s", ptr->dir1) == -1) |
| 325 | errExit("asprintf"); | 323 | errExit("asprintf"); |
| 326 | if (access(name, R_OK) == 0) { | 324 | if (access(name, R_OK) == 0) { |
| 327 | fslib_copy_libs_parse_as_user(name); | 325 | fslib_mount_libs(name, 1); // parse as user |
| 328 | fslib_copy_dir(name); | 326 | fslib_mount(name); |
| 329 | } | 327 | } |
| 330 | } | 328 | } |
| 331 | free(name); | 329 | free(name); |
| @@ -335,8 +333,8 @@ void fslib_install_system(void) { | |||
| 335 | if (asprintf(&name, "/usr/lib/x86_64-linux-gnu/%s", ptr->dir2) == -1) | 333 | if (asprintf(&name, "/usr/lib/x86_64-linux-gnu/%s", ptr->dir2) == -1) |
| 336 | errExit("asprintf"); | 334 | errExit("asprintf"); |
| 337 | if (access(name, R_OK) == 0) { | 335 | if (access(name, R_OK) == 0) { |
| 338 | fslib_copy_libs_parse_as_user(name); | 336 | fslib_mount_libs(name, 1); // parse as user |
| 339 | fslib_copy_dir(name); | 337 | fslib_mount(name); |
| 340 | } | 338 | } |
| 341 | else { | 339 | else { |
| 342 | free(name); | 340 | free(name); |
| @@ -344,8 +342,8 @@ void fslib_install_system(void) { | |||
| 344 | if (asprintf(&name, "/usr/lib64/%s", ptr->dir2) == -1) | 342 | if (asprintf(&name, "/usr/lib64/%s", ptr->dir2) == -1) |
| 345 | errExit("asprintf"); | 343 | errExit("asprintf"); |
| 346 | if (access(name, R_OK) == 0) { | 344 | if (access(name, R_OK) == 0) { |
| 347 | fslib_copy_libs_parse_as_user(name); | 345 | fslib_mount_libs(name, 1); // parse as user |
| 348 | fslib_copy_dir(name); | 346 | fslib_mount(name); |
| 349 | } | 347 | } |
| 350 | } | 348 | } |
| 351 | free(name); | 349 | free(name); |