break out fs_tracefile function

author: smitsohu <smitsohu@gmail.com> 2019-09-18 17:15:05 +0200
committer: smitsohu <smitsohu@gmail.com> 2019-09-18 17:15:05 +0200
commit: 320ebe08f9039a81b4dcf53bf64ba6fddd383710 (patch)
tree: 74537c45bf73062e3fe2d006543b738142d8f187 /src/firejail/fs_trace.c
parent: fix the fix: tune file copy limit width (diff)
download: firejail-320ebe08f9039a81b4dcf53bf64ba6fddd383710.tar.gz
firejail-320ebe08f9039a81b4dcf53bf64ba6fddd383710.tar.zst
firejail-320ebe08f9039a81b4dcf53bf64ba6fddd383710.zip
1 files changed, 39 insertions, 37 deletions
diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c
index 9ade0bdc3..c1b821cce 100644
--- a/src/firejail/fs_trace.c
+++ b/src/firejail/fs_trace.c
@@ -41,44 +41,46 @@ void fs_trace_preload(void) {
                fclose(fp);
                fs_logger("touch /etc/ld.so.preload");
        }
-        if (arg_tracefile) {
+}
-                if (arg_debug)
-                        printf("Creating an empty trace log file: %s\n", arg_tracefile);
+void fs_tracefile(void) {
-                // create a bind mounted trace logfile that the sandbox can see
+        // create a bind mounted trace logfile that the sandbox can see
-                EUID_USER();
+        if (arg_debug)
-                int fd = open(arg_tracefile, O_CREAT|O_RDWR, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH);
+                printf("Creating an empty trace log file: %s\n", arg_tracefile);
-                if (fd == -1) {
+        EUID_USER();
-                        perror("open");
+        int fd = open(arg_tracefile, O_CREAT|O_WRONLY|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH);
-                        fprintf(stderr, "Error: cannot open trace log file %s\n", arg_tracefile);
+        if (fd == -1) {
-                        exit(1);
+                perror("open");
-                }
+                fprintf(stderr, "Error: cannot open trace log file %s for writing\n", arg_tracefile);
-                if (fstat(fd, &s) == -1)
+                exit(1);
-                        errExit("fstat");
+        }
-                if (!S_ISREG(s.st_mode)) {
+        struct stat s;
-                        fprintf(stderr, "Error: cannot write trace log: %s is no regular file\n", arg_tracefile);
+        if (fstat(fd, &s) == -1)
-                        exit(1);
+                errExit("fstat");
-                }
+        if (!S_ISREG(s.st_mode)) {
-                if (ftruncate(fd, 0) == -1)
+                fprintf(stderr, "Error: cannot write trace log: %s is no regular file\n", arg_tracefile);
-                        errExit("ftruncate");
+                exit(1);
-                EUID_ROOT();
-                FILE *fp = fopen(RUN_TRACE_FILE, "w");
-                if (!fp)
-                        errExit("fopen " RUN_TRACE_FILE);
-                fclose(fp);
-                fs_logger2("touch ", arg_tracefile);
-                // mount using the symbolic link in /proc/self/fd
-                if (arg_debug)
-                        printf("Bind mount %s to %s\n", arg_tracefile, RUN_TRACE_FILE);
-                char *proc;
-                if (asprintf(&proc, "/proc/self/fd/%d", fd) == -1)
-                        errExit("asprintf");
-                if (mount(proc, RUN_TRACE_FILE, NULL, MS_BIND|MS_REC, NULL) < 0)
-                        errExit("mount bind " RUN_TRACE_FILE);
-                free(proc);
-                close(fd);
-                // now that RUN_TRACE_FILE is user-writable, mount it noexec
-                fs_remount(RUN_TRACE_FILE, MOUNT_NOEXEC, 0);
        }
+        if (ftruncate(fd, 0) == -1)
+                errExit("ftruncate");
+        EUID_ROOT();
+        FILE *fp = fopen(RUN_TRACE_FILE, "w");
+        if (!fp)
+                errExit("fopen " RUN_TRACE_FILE);
+        fclose(fp);
+        fs_logger2("touch ", arg_tracefile);
+        // mount using the symbolic link in /proc/self/fd
+        if (arg_debug)
+                printf("Bind mount %s to %s\n", arg_tracefile, RUN_TRACE_FILE);
+        char *proc;
+        if (asprintf(&proc, "/proc/self/fd/%d", fd) == -1)
+                errExit("asprintf");
+        if (mount(proc, RUN_TRACE_FILE, NULL, MS_BIND|MS_REC, NULL) < 0)
+                errExit("mount bind " RUN_TRACE_FILE);
+        free(proc);
+        close(fd);
+        // now that RUN_TRACE_FILE is user-writable, mount it noexec
+        fs_remount(RUN_TRACE_FILE, MOUNT_NOEXEC, 0);
 }
 void fs_trace(void) {
author	smitsohu <smitsohu@gmail.com>	2019-09-18 17:15:05 +0200
committer	smitsohu <smitsohu@gmail.com>	2019-09-18 17:15:05 +0200
commit	320ebe08f9039a81b4dcf53bf64ba6fddd383710 (patch)
tree	74537c45bf73062e3fe2d006543b738142d8f187 /src/firejail/fs_trace.c
parent	fix the fix: tune file copy limit width (diff)
download	firejail-320ebe08f9039a81b4dcf53bf64ba6fddd383710.tar.gz firejail-320ebe08f9039a81b4dcf53bf64ba6fddd383710.tar.zst firejail-320ebe08f9039a81b4dcf53bf64ba6fddd383710.zip

diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c index 9ade0bdc3..c1b821cce 100644 --- a/src/firejail/fs_trace.c +++ b/src/firejail/fs_trace.c
@@ -41,44 +41,46 @@ void fs_trace_preload(void) {
41	fclose(fp);	41	fclose(fp);
42	fs_logger("touch /etc/ld.so.preload");	42	fs_logger("touch /etc/ld.so.preload");
43	}	43	}
44	if (arg_tracefile) {	44	}
45	if (arg_debug)	45
46	printf("Creating an empty trace log file: %s\n", arg_tracefile);	46	void fs_tracefile(void) {
47	// create a bind mounted trace logfile that the sandbox can see	47	// create a bind mounted trace logfile that the sandbox can see
48	EUID_USER();	48	if (arg_debug)
49	int fd = open(arg_tracefile, O_CREAT\|O_RDWR, S_IRUSR \| S_IWRITE \| S_IRGRP \| S_IROTH);	49	printf("Creating an empty trace log file: %s\n", arg_tracefile);
50	if (fd == -1) {	50	EUID_USER();
51	perror("open");	51	int fd = open(arg_tracefile, O_CREAT\|O_WRONLY\|O_CLOEXEC, S_IRUSR \| S_IWRITE \| S_IRGRP \| S_IROTH);
52	fprintf(stderr, "Error: cannot open trace log file %s\n", arg_tracefile);	52	if (fd == -1) {
53	exit(1);	53	perror("open");
54	}	54	fprintf(stderr, "Error: cannot open trace log file %s for writing\n", arg_tracefile);
55	if (fstat(fd, &s) == -1)	55	exit(1);
56	errExit("fstat");	56	}
57	if (!S_ISREG(s.st_mode)) {	57	struct stat s;
58	fprintf(stderr, "Error: cannot write trace log: %s is no regular file\n", arg_tracefile);	58	if (fstat(fd, &s) == -1)
59	exit(1);	59	errExit("fstat");
60	}	60	if (!S_ISREG(s.st_mode)) {
61	if (ftruncate(fd, 0) == -1)	61	fprintf(stderr, "Error: cannot write trace log: %s is no regular file\n", arg_tracefile);
62	errExit("ftruncate");	62	exit(1);
63	EUID_ROOT();
64	FILE *fp = fopen(RUN_TRACE_FILE, "w");
65	if (!fp)
66	errExit("fopen " RUN_TRACE_FILE);
67	fclose(fp);
68	fs_logger2("touch ", arg_tracefile);
69	// mount using the symbolic link in /proc/self/fd
70	if (arg_debug)
71	printf("Bind mount %s to %s\n", arg_tracefile, RUN_TRACE_FILE);
72	char *proc;
73	if (asprintf(&proc, "/proc/self/fd/%d", fd) == -1)
74	errExit("asprintf");
75	if (mount(proc, RUN_TRACE_FILE, NULL, MS_BIND\|MS_REC, NULL) < 0)
76	errExit("mount bind " RUN_TRACE_FILE);
77	free(proc);
78	close(fd);
79	// now that RUN_TRACE_FILE is user-writable, mount it noexec
80	fs_remount(RUN_TRACE_FILE, MOUNT_NOEXEC, 0);
81	}	63	}
		64	if (ftruncate(fd, 0) == -1)
		65	errExit("ftruncate");
		66	EUID_ROOT();
		67	FILE *fp = fopen(RUN_TRACE_FILE, "w");
		68	if (!fp)
		69	errExit("fopen " RUN_TRACE_FILE);
		70	fclose(fp);
		71	fs_logger2("touch ", arg_tracefile);
		72	// mount using the symbolic link in /proc/self/fd
		73	if (arg_debug)
		74	printf("Bind mount %s to %s\n", arg_tracefile, RUN_TRACE_FILE);
		75	char *proc;
		76	if (asprintf(&proc, "/proc/self/fd/%d", fd) == -1)
		77	errExit("asprintf");
		78	if (mount(proc, RUN_TRACE_FILE, NULL, MS_BIND\|MS_REC, NULL) < 0)
		79	errExit("mount bind " RUN_TRACE_FILE);
		80	free(proc);
		81	close(fd);
		82	// now that RUN_TRACE_FILE is user-writable, mount it noexec
		83	fs_remount(RUN_TRACE_FILE, MOUNT_NOEXEC, 0);
82	}	84	}
83		85
84	void fs_trace(void) {	86	void fs_trace(void) {