suport mkdir and mkfile for /run/user/<PID> directory (#3346)

author: netblue30 <netblue30@yahoo.com> 2020-04-13 10:07:13 -0400
committer: netblue30 <netblue30@yahoo.com> 2020-04-13 10:07:13 -0400
commit: 4911e36ca55d1061a47b68e54ba2229d4c2c6c1a (patch)
tree: f25c2b8a262168715d77dff1fbfc99ceea7ba198 /src/firejail/fs_mkdir.c
parent: Merge pull request #3347 from aerusso/pulls/documentation-globbing (diff)
download: firejail-4911e36ca55d1061a47b68e54ba2229d4c2c6c1a.tar.gz
firejail-4911e36ca55d1061a47b68e54ba2229d4c2c6c1a.tar.zst
firejail-4911e36ca55d1061a47b68e54ba2229d4c2c6c1a.zip
1 files changed, 18 insertions, 10 deletions
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c
index eb660df90..0e213f2f8 100644
--- a/src/firejail/fs_mkdir.c
+++ b/src/firejail/fs_mkdir.c
@@ -25,6 +25,22 @@
 #include <sys/wait.h>
 #include <string.h>
+static void check(const char *fname) {
+        // manufacture /run/user directory
+        char *runuser;
+        if (asprintf(&runuser, "/run/user/%d/", getuid()) == -1)
+                errExit("asprintf");
+        if (strncmp(fname, cfg.homedir, strlen(cfg.homedir)) != 0 &&
+            strncmp(fname, "/tmp", 4) != 0 &&
+            strncmp(fname, runuser, strlen(runuser)) != 0) {
+                fprintf(stderr, "Error: only files or directories in user home, /tmp, or /run/user/<UID> are supported by mkdir\n");
+                exit(1);
+        }
+        free(runuser);
+}
 static void mkdir_recursive(char *path) {
        char *subdir = NULL;
        struct stat s;
@@ -61,11 +77,7 @@ void fs_mkdir(const char *name) {
        // check directory name
        invalid_filename(name, 0); // no globbing
        char *expanded = expand_macros(name);
-        if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0 &&
+        check(expanded); // will exit if wrong path
-            strncmp(expanded, "/tmp", 4) != 0) {
-                fprintf(stderr, "Error: only directories in user home or /tmp are supported by mkdir\n");
-                exit(1);
-        }
        struct stat s;
        if (stat(expanded, &s) == 0) {
@@ -101,11 +113,7 @@ void fs_mkfile(const char *name) {
        // check file name
        invalid_filename(name, 0); // no globbing
        char *expanded = expand_macros(name);
-        if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0 &&
+        check(expanded); // will exit if wrong path
-            strncmp(expanded, "/tmp", 4) != 0) {
-                fprintf(stderr, "Error: only files in user home or /tmp are supported by mkfile\n");
-                exit(1);
-        }
        struct stat s;
        if (stat(expanded, &s) == 0) {
author	netblue30 <netblue30@yahoo.com>	2020-04-13 10:07:13 -0400
committer	netblue30 <netblue30@yahoo.com>	2020-04-13 10:07:13 -0400
commit	4911e36ca55d1061a47b68e54ba2229d4c2c6c1a (patch)
tree	f25c2b8a262168715d77dff1fbfc99ceea7ba198 /src/firejail/fs_mkdir.c
parent	Merge pull request #3347 from aerusso/pulls/documentation-globbing (diff)
download	firejail-4911e36ca55d1061a47b68e54ba2229d4c2c6c1a.tar.gz firejail-4911e36ca55d1061a47b68e54ba2229d4c2c6c1a.tar.zst firejail-4911e36ca55d1061a47b68e54ba2229d4c2c6c1a.zip