mkdir support in profile files

author: netblue30 <netblue30@yahoo.com> 2016-02-17 12:13:19 -0500
committer: netblue30 <netblue30@yahoo.com> 2016-02-17 12:13:19 -0500
commit: 97a9d0186863f6afe1a003e7e390b1b369167531 (patch)
tree: 68b5d03aa5c88e96651516e628ce296935716014 /src/firejail/fs_mkdir.c
parent: cherrytree profile (diff)
download: firejail-97a9d0186863f6afe1a003e7e390b1b369167531.tar.gz
firejail-97a9d0186863f6afe1a003e7e390b1b369167531.tar.zst
firejail-97a9d0186863f6afe1a003e7e390b1b369167531.zip
1 files changed, 70 insertions, 0 deletions
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c
new file mode 100644
index 000000000..7c2b108c6
--- /dev/null
+++ b/src/firejail/fs_mkdir.c
@@ -0,0 +1,70 @@
+/*
+ * Copyright (C) 2014-2016 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#include "firejail.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <grp.h>
+ #include <sys/wait.h>
+ 
+void fs_mkdir(const char *name) {
+        // check directory name
+        invalid_filename(name);
+        char *expanded = expand_home(name, cfg.homedir);
+        if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0) {
+                fprintf(stderr, "Error: only directories in user home are supported by mkdir\n");
+                exit(1);
+        }
+        struct stat s;
+        if (stat(expanded, &s) == 0) {
+                // file exists, do nothing
+                goto doexit;
+        }
+        // fork a process, drop privileges, and create the directory
+        // no error recovery will be attempted
+        pid_t child = fork();
+        if (child < 0)
+                errExit("fork");
+        if (child == 0) {
+                if (arg_debug)
+                        printf("Create %s directory\n", expanded);
+                
+                // drop privileges
+                if (setgroups(0, NULL) < 0)
+                        errExit("setgroups");
+                if (setgid(getgid()) < 0)
+                        errExit("setgid/getgid");
+                if (setuid(getuid()) < 0)
+                        errExit("setuid/getuid");
+                
+                // create directory
+                if (mkdir(expanded, 0755) == -1)
+                        fprintf(stderr, "Warning: cannot create %s directory\n", expanded);
+                exit(0);
+        }
+        
+        // wait for the child to finish
+        waitpid(child, NULL, 0);
+doexit:
+        free(expanded);
+}
author	netblue30 <netblue30@yahoo.com>	2016-02-17 12:13:19 -0500
committer	netblue30 <netblue30@yahoo.com>	2016-02-17 12:13:19 -0500
commit	97a9d0186863f6afe1a003e7e390b1b369167531 (patch)
tree	68b5d03aa5c88e96651516e628ce296935716014 /src/firejail/fs_mkdir.c
parent	cherrytree profile (diff)
download	firejail-97a9d0186863f6afe1a003e7e390b1b369167531.tar.gz firejail-97a9d0186863f6afe1a003e7e390b1b369167531.tar.zst firejail-97a9d0186863f6afe1a003e7e390b1b369167531.zip

diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c new file mode 100644 index 000000000..7c2b108c6 --- /dev/null +++ b/src/firejail/fs_mkdir.c
@@ -0,0 +1,70 @@
	1	/*
	2	* Copyright (C) 2014-2016 Firejail Authors
	3	*
	4	* This file is part of firejail project
	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License as published by
	8	* the Free Software Foundation; either version 2 of the License, or
	9	* (at your option) any later version.
	10	*
	11	* This program is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	* GNU General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU General Public License along
	17	* with this program; if not, write to the Free Software Foundation, Inc.,
	18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	19	*/
	20	#include "firejail.h"
	21	#include <sys/types.h>
	22	#include <sys/stat.h>
	23	#include <unistd.h>
	24	#include <grp.h>
	25	#include <sys/wait.h>
	26
	27	void fs_mkdir(const char *name) {
	28	// check directory name
	29	invalid_filename(name);
	30	char *expanded = expand_home(name, cfg.homedir);
	31	if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0) {
	32	fprintf(stderr, "Error: only directories in user home are supported by mkdir\n");
	33	exit(1);
	34	}
	35
	36	struct stat s;
	37	if (stat(expanded, &s) == 0) {
	38	// file exists, do nothing
	39	goto doexit;
	40	}
	41
	42	// fork a process, drop privileges, and create the directory
	43	// no error recovery will be attempted
	44	pid_t child = fork();
	45	if (child < 0)
	46	errExit("fork");
	47	if (child == 0) {
	48	if (arg_debug)
	49	printf("Create %s directory\n", expanded);
	50
	51	// drop privileges
	52	if (setgroups(0, NULL) < 0)
	53	errExit("setgroups");
	54	if (setgid(getgid()) < 0)
	55	errExit("setgid/getgid");
	56	if (setuid(getuid()) < 0)
	57	errExit("setuid/getuid");
	58
	59	// create directory
	60	if (mkdir(expanded, 0755) == -1)
	61	fprintf(stderr, "Warning: cannot create %s directory\n", expanded);
	62	exit(0);
	63	}
	64
	65	// wait for the child to finish
	66	waitpid(child, NULL, 0);
	67
	68	doexit:
	69	free(expanded);
	70	}