diff options
author | 2016-02-17 12:13:19 -0500 | |
---|---|---|
committer | 2016-02-17 12:13:19 -0500 | |
commit | 97a9d0186863f6afe1a003e7e390b1b369167531 (patch) | |
tree | 68b5d03aa5c88e96651516e628ce296935716014 /src/firejail/fs_mkdir.c | |
parent | cherrytree profile (diff) | |
download | firejail-97a9d0186863f6afe1a003e7e390b1b369167531.tar.gz firejail-97a9d0186863f6afe1a003e7e390b1b369167531.tar.zst firejail-97a9d0186863f6afe1a003e7e390b1b369167531.zip |
mkdir support in profile files
Diffstat (limited to 'src/firejail/fs_mkdir.c')
-rw-r--r-- | src/firejail/fs_mkdir.c | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c new file mode 100644 index 000000000..7c2b108c6 --- /dev/null +++ b/src/firejail/fs_mkdir.c | |||
@@ -0,0 +1,70 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014-2016 Firejail Authors | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | #include "firejail.h" | ||
21 | #include <sys/types.h> | ||
22 | #include <sys/stat.h> | ||
23 | #include <unistd.h> | ||
24 | #include <grp.h> | ||
25 | #include <sys/wait.h> | ||
26 | |||
27 | void fs_mkdir(const char *name) { | ||
28 | // check directory name | ||
29 | invalid_filename(name); | ||
30 | char *expanded = expand_home(name, cfg.homedir); | ||
31 | if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0) { | ||
32 | fprintf(stderr, "Error: only directories in user home are supported by mkdir\n"); | ||
33 | exit(1); | ||
34 | } | ||
35 | |||
36 | struct stat s; | ||
37 | if (stat(expanded, &s) == 0) { | ||
38 | // file exists, do nothing | ||
39 | goto doexit; | ||
40 | } | ||
41 | |||
42 | // fork a process, drop privileges, and create the directory | ||
43 | // no error recovery will be attempted | ||
44 | pid_t child = fork(); | ||
45 | if (child < 0) | ||
46 | errExit("fork"); | ||
47 | if (child == 0) { | ||
48 | if (arg_debug) | ||
49 | printf("Create %s directory\n", expanded); | ||
50 | |||
51 | // drop privileges | ||
52 | if (setgroups(0, NULL) < 0) | ||
53 | errExit("setgroups"); | ||
54 | if (setgid(getgid()) < 0) | ||
55 | errExit("setgid/getgid"); | ||
56 | if (setuid(getuid()) < 0) | ||
57 | errExit("setuid/getuid"); | ||
58 | |||
59 | // create directory | ||
60 | if (mkdir(expanded, 0755) == -1) | ||
61 | fprintf(stderr, "Warning: cannot create %s directory\n", expanded); | ||
62 | exit(0); | ||
63 | } | ||
64 | |||
65 | // wait for the child to finish | ||
66 | waitpid(child, NULL, 0); | ||
67 | |||
68 | doexit: | ||
69 | free(expanded); | ||
70 | } | ||