diff options
author | netblue30 <netblue30@yahoo.com> | 2016-11-20 07:45:50 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-11-20 07:45:50 -0500 |
commit | 64431c712ffb5d4805b61ea740bc9be98cf1b48f (patch) | |
tree | b0ef6c3b653192a427de181bafd70702a15d43bd /src/firejail/preproc.c | |
parent | qemu profile (diff) | |
download | firejail-64431c712ffb5d4805b61ea740bc9be98cf1b48f.tar.gz firejail-64431c712ffb5d4805b61ea740bc9be98cf1b48f.tar.zst firejail-64431c712ffb5d4805b61ea740bc9be98cf1b48f.zip |
seccomp work 1
Diffstat (limited to 'src/firejail/preproc.c')
-rw-r--r-- | src/firejail/preproc.c | 58 |
1 files changed, 12 insertions, 46 deletions
diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c index ea4e6743f..d2db7d3dd 100644 --- a/src/firejail/preproc.c +++ b/src/firejail/preproc.c | |||
@@ -56,9 +56,9 @@ void preproc_build_firejail_dir(void) { | |||
56 | create_empty_dir_as_root(RUN_FIREJAIL_APPIMAGE_DIR, 0755); | 56 | create_empty_dir_as_root(RUN_FIREJAIL_APPIMAGE_DIR, 0755); |
57 | } | 57 | } |
58 | 58 | ||
59 | if (stat(RUN_MNT_DIR, &s)) { | 59 | if (stat(RUN_MNT_DIR, &s)) { |
60 | create_empty_dir_as_root(RUN_MNT_DIR, 0755); | 60 | create_empty_dir_as_root(RUN_MNT_DIR, 0755); |
61 | } | 61 | } |
62 | 62 | ||
63 | create_empty_file_as_root(RUN_RO_FILE, S_IRUSR); | 63 | create_empty_file_as_root(RUN_RO_FILE, S_IRUSR); |
64 | create_empty_dir_as_root(RUN_RO_DIR, S_IRUSR); | 64 | create_empty_dir_as_root(RUN_RO_DIR, S_IRUSR); |
@@ -75,51 +75,17 @@ void preproc_mount_mnt_dir(void) { | |||
75 | tmpfs_mounted = 1; | 75 | tmpfs_mounted = 1; |
76 | fs_logger2("tmpfs", RUN_MNT_DIR); | 76 | fs_logger2("tmpfs", RUN_MNT_DIR); |
77 | 77 | ||
78 | // create all seccomp files | 78 | //copy defaultl seccomp files |
79 | // as root, create RUN_SECCOMP_I386 file | 79 | copy_file(PATH_SECCOMP_I386, RUN_SECCOMP_I386, getuid(), getgid(), 0644); |
80 | create_empty_file_as_root(RUN_SECCOMP_I386, 0644); | 80 | copy_file(PATH_SECCOMP_AMD64, RUN_SECCOMP_AMD64, getuid(), getgid(), 0644); |
81 | if (set_perms(RUN_SECCOMP_I386, getuid(), getgid(), 0644)) | 81 | if (arg_allow_debuggers) |
82 | errExit("set_perms"); | 82 | copy_file(PATH_SECCOMP_DEFAULT_DEBUG, RUN_SECCOMP_CFG, getuid(), getgid(), 0644); |
83 | 83 | else | |
84 | // as root, create RUN_SECCOMP_AMD64 file | 84 | copy_file(PATH_SECCOMP_DEFAULT, RUN_SECCOMP_CFG, getuid(), getgid(), 0644); |
85 | create_empty_file_as_root(RUN_SECCOMP_AMD64, 0644); | 85 | |
86 | if (set_perms(RUN_SECCOMP_AMD64, getuid(), getgid(), 0644)) | 86 | // as root, create an empty RUN_SECCOMP_PROTOCOL file |
87 | errExit("set_perms"); | ||
88 | |||
89 | // as root, create RUN_SECCOMP file | ||
90 | create_empty_file_as_root(RUN_SECCOMP_CFG, 0644); | ||
91 | if (set_perms(RUN_SECCOMP_CFG, getuid(), getgid(), 0644)) | ||
92 | errExit("set_perms"); | ||
93 | |||
94 | // as root, create RUN_SECCOMP_PROTOCOL file | ||
95 | create_empty_file_as_root(RUN_SECCOMP_PROTOCOL, 0644); | 87 | create_empty_file_as_root(RUN_SECCOMP_PROTOCOL, 0644); |
96 | if (set_perms(RUN_SECCOMP_PROTOCOL, getuid(), getgid(), 0644)) | 88 | if (set_perms(RUN_SECCOMP_PROTOCOL, getuid(), getgid(), 0644)) |
97 | errExit("set_perms"); | 89 | errExit("set_perms"); |
98 | } | 90 | } |
99 | } | 91 | } |
100 | |||
101 | // grab a copy of cp command | ||
102 | void preproc_build_cp_command(void) { | ||
103 | struct stat s; | ||
104 | preproc_mount_mnt_dir(); | ||
105 | if (stat(RUN_CP_COMMAND, &s)) { | ||
106 | char* fname = realpath("/bin/cp", NULL); | ||
107 | if (fname == NULL || stat(fname, &s) || is_link(fname)) { | ||
108 | fprintf(stderr, "Error: invalid /bin/cp\n"); | ||
109 | exit(1); | ||
110 | } | ||
111 | int rv = copy_file(fname, RUN_CP_COMMAND, 0, 0, 0755); | ||
112 | if (rv) { | ||
113 | fprintf(stderr, "Error: cannot access /bin/cp\n"); | ||
114 | exit(1); | ||
115 | } | ||
116 | ASSERT_PERMS(RUN_CP_COMMAND, 0, 0, 0755); | ||
117 | |||
118 | free(fname); | ||
119 | } | ||
120 | } | ||
121 | |||
122 | // delete the temporary cp command | ||
123 | void preproc_delete_cp_command(void) { | ||
124 | unlink(RUN_CP_COMMAND); | ||
125 | } | ||