diff options
author | 2017-05-24 14:13:52 -0500 | |
---|---|---|
committer | 2017-05-24 14:13:52 -0500 | |
commit | 96c920e166b40bbe50f216e294f2efac154a1cb2 (patch) | |
tree | fa80a34e81863ab897f2f2b8ec4124b10d023516 /src/firejail/restrict_users.c | |
parent | remove trailing whitespace from etc/ (diff) | |
download | firejail-96c920e166b40bbe50f216e294f2efac154a1cb2.tar.gz firejail-96c920e166b40bbe50f216e294f2efac154a1cb2.tar.zst firejail-96c920e166b40bbe50f216e294f2efac154a1cb2.zip |
Remove trailing whitespace from src/
Diffstat (limited to 'src/firejail/restrict_users.c')
-rw-r--r-- | src/firejail/restrict_users.c | 42 |
1 files changed, 21 insertions, 21 deletions
diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c index 086af48b0..87ee513af 100644 --- a/src/firejail/restrict_users.c +++ b/src/firejail/restrict_users.c | |||
@@ -56,23 +56,23 @@ static USER_LIST *ulist_find(const char *user) { | |||
56 | return ptr; | 56 | return ptr; |
57 | ptr = ptr->next; | 57 | ptr = ptr->next; |
58 | } | 58 | } |
59 | 59 | ||
60 | return NULL; | 60 | return NULL; |
61 | } | 61 | } |
62 | 62 | ||
63 | static void sanitize_home(void) { | 63 | static void sanitize_home(void) { |
64 | assert(getuid() != 0); // this code works only for regular users | 64 | assert(getuid() != 0); // this code works only for regular users |
65 | 65 | ||
66 | if (arg_debug) | 66 | if (arg_debug) |
67 | printf("Cleaning /home directory\n"); | 67 | printf("Cleaning /home directory\n"); |
68 | 68 | ||
69 | struct stat s; | 69 | struct stat s; |
70 | if (stat(cfg.homedir, &s) == -1) { | 70 | if (stat(cfg.homedir, &s) == -1) { |
71 | // cannot find home directory, just return | 71 | // cannot find home directory, just return |
72 | fwarning("cannot find home directory\n"); | 72 | fwarning("cannot find home directory\n"); |
73 | return; | 73 | return; |
74 | } | 74 | } |
75 | 75 | ||
76 | if (mkdir(RUN_WHITELIST_HOME_DIR, 0755) == -1) | 76 | if (mkdir(RUN_WHITELIST_HOME_DIR, 0755) == -1) |
77 | errExit("mkdir"); | 77 | errExit("mkdir"); |
78 | 78 | ||
@@ -93,7 +93,7 @@ static void sanitize_home(void) { | |||
93 | errExit("mkdir"); | 93 | errExit("mkdir"); |
94 | } | 94 | } |
95 | fs_logger2("mkdir", cfg.homedir); | 95 | fs_logger2("mkdir", cfg.homedir); |
96 | 96 | ||
97 | // set mode and ownership | 97 | // set mode and ownership |
98 | if (set_perms(cfg.homedir, s.st_uid, s.st_gid, s.st_mode)) | 98 | if (set_perms(cfg.homedir, s.st_uid, s.st_gid, s.st_mode)) |
99 | errExit("set_perms"); | 99 | errExit("set_perms"); |
@@ -108,7 +108,7 @@ static void sanitize_home(void) { | |||
108 | fs_logger2("tmpfs", RUN_WHITELIST_HOME_DIR); | 108 | fs_logger2("tmpfs", RUN_WHITELIST_HOME_DIR); |
109 | if (!arg_private) | 109 | if (!arg_private) |
110 | fs_logger2("whitelist", cfg.homedir); | 110 | fs_logger2("whitelist", cfg.homedir); |
111 | 111 | ||
112 | } | 112 | } |
113 | 113 | ||
114 | static void sanitize_passwd(void) { | 114 | static void sanitize_passwd(void) { |
@@ -133,7 +133,7 @@ static void sanitize_passwd(void) { | |||
133 | fpout = fopen(RUN_PASSWD_FILE, "w"); | 133 | fpout = fopen(RUN_PASSWD_FILE, "w"); |
134 | if (!fpout) | 134 | if (!fpout) |
135 | goto errout; | 135 | goto errout; |
136 | 136 | ||
137 | // read the file line by line | 137 | // read the file line by line |
138 | char buf[MAXBUF]; | 138 | char buf[MAXBUF]; |
139 | uid_t myuid = getuid(); | 139 | uid_t myuid = getuid(); |
@@ -141,12 +141,12 @@ static void sanitize_passwd(void) { | |||
141 | // comments and empty lines | 141 | // comments and empty lines |
142 | if (*buf == '\0' || *buf == '#') | 142 | if (*buf == '\0' || *buf == '#') |
143 | continue; | 143 | continue; |
144 | 144 | ||
145 | // sample line: | 145 | // sample line: |
146 | // www-data:x:33:33:www-data:/var/www:/bin/sh | 146 | // www-data:x:33:33:www-data:/var/www:/bin/sh |
147 | // drop lines with uid > 1000 and not the current user | 147 | // drop lines with uid > 1000 and not the current user |
148 | char *ptr = buf; | 148 | char *ptr = buf; |
149 | 149 | ||
150 | // advance to uid | 150 | // advance to uid |
151 | while (*ptr != ':' && *ptr != '\0') | 151 | while (*ptr != ':' && *ptr != '\0') |
152 | ptr++; | 152 | ptr++; |
@@ -190,9 +190,9 @@ static void sanitize_passwd(void) { | |||
190 | if (mount(RUN_PASSWD_FILE, "/etc/passwd", "none", MS_BIND, "mode=400,gid=0") < 0) | 190 | if (mount(RUN_PASSWD_FILE, "/etc/passwd", "none", MS_BIND, "mode=400,gid=0") < 0) |
191 | errExit("mount"); | 191 | errExit("mount"); |
192 | fs_logger("create /etc/passwd"); | 192 | fs_logger("create /etc/passwd"); |
193 | 193 | ||
194 | return; | 194 | return; |
195 | 195 | ||
196 | errout: | 196 | errout: |
197 | fwarning("failed to clean up /etc/passwd\n"); | 197 | fwarning("failed to clean up /etc/passwd\n"); |
198 | if (fpin) | 198 | if (fpin) |
@@ -206,7 +206,7 @@ static int copy_line(FILE *fpout, char *buf, char *ptr) { | |||
206 | // fpout: GROUP_FILE | 206 | // fpout: GROUP_FILE |
207 | // buf: pulse:x:115:netblue,bingo | 207 | // buf: pulse:x:115:netblue,bingo |
208 | // ptr: 115:neblue,bingo | 208 | // ptr: 115:neblue,bingo |
209 | 209 | ||
210 | while (*ptr != ':' && *ptr != '\0') | 210 | while (*ptr != ':' && *ptr != '\0') |
211 | ptr++; | 211 | ptr++; |
212 | if (*ptr == '\0') | 212 | if (*ptr == '\0') |
@@ -217,7 +217,7 @@ static int copy_line(FILE *fpout, char *buf, char *ptr) { | |||
217 | fprintf(fpout, "%s", buf); | 217 | fprintf(fpout, "%s", buf); |
218 | return 0; | 218 | return 0; |
219 | } | 219 | } |
220 | 220 | ||
221 | // print what we have so far | 221 | // print what we have so far |
222 | char tmp = *ptr; | 222 | char tmp = *ptr; |
223 | *ptr = '\0'; | 223 | *ptr = '\0'; |
@@ -266,7 +266,7 @@ static void sanitize_group(void) { | |||
266 | fpout = fopen(RUN_GROUP_FILE, "w"); | 266 | fpout = fopen(RUN_GROUP_FILE, "w"); |
267 | if (!fpout) | 267 | if (!fpout) |
268 | goto errout; | 268 | goto errout; |
269 | 269 | ||
270 | // read the file line by line | 270 | // read the file line by line |
271 | char buf[MAXBUF]; | 271 | char buf[MAXBUF]; |
272 | gid_t mygid = getgid(); | 272 | gid_t mygid = getgid(); |
@@ -274,12 +274,12 @@ static void sanitize_group(void) { | |||
274 | // comments and empty lines | 274 | // comments and empty lines |
275 | if (*buf == '\0' || *buf == '#') | 275 | if (*buf == '\0' || *buf == '#') |
276 | continue; | 276 | continue; |
277 | 277 | ||
278 | // sample line: | 278 | // sample line: |
279 | // pulse:x:115:netblue,bingo | 279 | // pulse:x:115:netblue,bingo |
280 | // drop lines with uid > 1000 and not the current user group | 280 | // drop lines with uid > 1000 and not the current user group |
281 | char *ptr = buf; | 281 | char *ptr = buf; |
282 | 282 | ||
283 | // advance to uid | 283 | // advance to uid |
284 | while (*ptr != ':' && *ptr != '\0') | 284 | while (*ptr != ':' && *ptr != '\0') |
285 | ptr++; | 285 | ptr++; |
@@ -318,9 +318,9 @@ static void sanitize_group(void) { | |||
318 | if (mount(RUN_GROUP_FILE, "/etc/group", "none", MS_BIND, "mode=400,gid=0") < 0) | 318 | if (mount(RUN_GROUP_FILE, "/etc/group", "none", MS_BIND, "mode=400,gid=0") < 0) |
319 | errExit("mount"); | 319 | errExit("mount"); |
320 | fs_logger("create /etc/group"); | 320 | fs_logger("create /etc/group"); |
321 | 321 | ||
322 | return; | 322 | return; |
323 | 323 | ||
324 | errout: | 324 | errout: |
325 | fwarning("failed to clean up /etc/group\n"); | 325 | fwarning("failed to clean up /etc/group\n"); |
326 | if (fpin) | 326 | if (fpin) |
@@ -332,7 +332,7 @@ errout: | |||
332 | void restrict_users(void) { | 332 | void restrict_users(void) { |
333 | if (arg_allusers) | 333 | if (arg_allusers) |
334 | return; | 334 | return; |
335 | 335 | ||
336 | // only in user mode | 336 | // only in user mode |
337 | if (getuid()) { | 337 | if (getuid()) { |
338 | if (strncmp(cfg.homedir, "/home/", 6) == 0) { | 338 | if (strncmp(cfg.homedir, "/home/", 6) == 0) { |