diff options
author | smitsohu <smitsohu@gmail.com> | 2021-10-13 19:44:03 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2021-10-13 19:44:03 +0200 |
commit | ec38ea1abbc0ea29775c7887e817581ce13abd83 (patch) | |
tree | b8d009c170cb01ecfa97b5620695580478b6ff87 /src/firejail/util.c | |
parent | Merge pull request #4599 from rusty-snake/use-allow-tray (diff) | |
download | firejail-ec38ea1abbc0ea29775c7887e817581ce13abd83.tar.gz firejail-ec38ea1abbc0ea29775c7887e817581ce13abd83.tar.zst firejail-ec38ea1abbc0ea29775c7887e817581ce13abd83.zip |
cleanup: move overlayfs code in separate module
Diffstat (limited to 'src/firejail/util.c')
-rw-r--r-- | src/firejail/util.c | 87 |
1 files changed, 0 insertions, 87 deletions
diff --git a/src/firejail/util.c b/src/firejail/util.c index f0df45eb2..8749f79cc 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -20,8 +20,6 @@ | |||
20 | #define _XOPEN_SOURCE 500 | 20 | #define _XOPEN_SOURCE 500 |
21 | #include "firejail.h" | 21 | #include "firejail.h" |
22 | #include "../include/gcov_wrapper.h" | 22 | #include "../include/gcov_wrapper.h" |
23 | #include <ftw.h> | ||
24 | #include <sys/stat.h> | ||
25 | #include <sys/mount.h> | 23 | #include <sys/mount.h> |
26 | #include <syslog.h> | 24 | #include <syslog.h> |
27 | #include <errno.h> | 25 | #include <errno.h> |
@@ -32,9 +30,6 @@ | |||
32 | #include <sys/wait.h> | 30 | #include <sys/wait.h> |
33 | #include <limits.h> | 31 | #include <limits.h> |
34 | 32 | ||
35 | #include <string.h> | ||
36 | #include <ctype.h> | ||
37 | |||
38 | #include <fcntl.h> | 33 | #include <fcntl.h> |
39 | #ifndef O_PATH | 34 | #ifndef O_PATH |
40 | #define O_PATH 010000000 | 35 | #define O_PATH 010000000 |
@@ -964,8 +959,6 @@ uid_t pid_get_uid(pid_t pid) { | |||
964 | } | 959 | } |
965 | 960 | ||
966 | 961 | ||
967 | |||
968 | |||
969 | uid_t get_group_id(const char *group) { | 962 | uid_t get_group_id(const char *group) { |
970 | // find tty group id | 963 | // find tty group id |
971 | gid_t gid = 0; | 964 | gid_t gid = 0; |
@@ -977,86 +970,6 @@ uid_t get_group_id(const char *group) { | |||
977 | } | 970 | } |
978 | 971 | ||
979 | 972 | ||
980 | static int remove_callback(const char *fpath, const struct stat *sb, int typeflag, struct FTW *ftwbuf) { | ||
981 | (void) sb; | ||
982 | (void) typeflag; | ||
983 | (void) ftwbuf; | ||
984 | assert(fpath); | ||
985 | |||
986 | if (strcmp(fpath, ".") == 0) | ||
987 | return 0; | ||
988 | |||
989 | if (remove(fpath)) { // removes the link not the actual file | ||
990 | perror("remove"); | ||
991 | fprintf(stderr, "Error: cannot remove file from user .firejail directory: %s\n", fpath); | ||
992 | exit(1); | ||
993 | } | ||
994 | |||
995 | return 0; | ||
996 | } | ||
997 | |||
998 | |||
999 | int remove_overlay_directory(void) { | ||
1000 | EUID_ASSERT(); | ||
1001 | sleep(1); | ||
1002 | |||
1003 | char *path; | ||
1004 | if (asprintf(&path, "%s/.firejail", cfg.homedir) == -1) | ||
1005 | errExit("asprintf"); | ||
1006 | |||
1007 | if (access(path, F_OK) == 0) { | ||
1008 | pid_t child = fork(); | ||
1009 | if (child < 0) | ||
1010 | errExit("fork"); | ||
1011 | if (child == 0) { | ||
1012 | // open ~/.firejail | ||
1013 | int fd = safer_openat(-1, path, O_PATH|O_NOFOLLOW|O_CLOEXEC); | ||
1014 | if (fd == -1) { | ||
1015 | fprintf(stderr, "Error: cannot open %s\n", path); | ||
1016 | exit(1); | ||
1017 | } | ||
1018 | struct stat s; | ||
1019 | if (fstat(fd, &s) == -1) | ||
1020 | errExit("fstat"); | ||
1021 | if (!S_ISDIR(s.st_mode)) { | ||
1022 | if (S_ISLNK(s.st_mode)) | ||
1023 | fprintf(stderr, "Error: %s is a symbolic link\n", path); | ||
1024 | else | ||
1025 | fprintf(stderr, "Error: %s is not a directory\n", path); | ||
1026 | exit(1); | ||
1027 | } | ||
1028 | if (s.st_uid != getuid()) { | ||
1029 | fprintf(stderr, "Error: %s is not owned by the current user\n", path); | ||
1030 | exit(1); | ||
1031 | } | ||
1032 | // chdir to ~/.firejail | ||
1033 | if (fchdir(fd) == -1) | ||
1034 | errExit("fchdir"); | ||
1035 | close(fd); | ||
1036 | |||
1037 | EUID_ROOT(); | ||
1038 | // FTW_PHYS - do not follow symbolic links | ||
1039 | if (nftw(".", remove_callback, 64, FTW_DEPTH | FTW_PHYS) == -1) | ||
1040 | errExit("nftw"); | ||
1041 | |||
1042 | EUID_USER(); | ||
1043 | // remove ~/.firejail | ||
1044 | if (rmdir(path) == -1) | ||
1045 | errExit("rmdir"); | ||
1046 | |||
1047 | __gcov_flush(); | ||
1048 | |||
1049 | _exit(0); | ||
1050 | } | ||
1051 | // wait for the child to finish | ||
1052 | waitpid(child, NULL, 0); | ||
1053 | // check if ~/.firejail was deleted | ||
1054 | if (access(path, F_OK) == 0) | ||
1055 | return 1; | ||
1056 | } | ||
1057 | return 0; | ||
1058 | } | ||
1059 | |||
1060 | // flush stdin if it is connected to a tty and has input | 973 | // flush stdin if it is connected to a tty and has input |
1061 | void flush_stdin(void) { | 974 | void flush_stdin(void) { |
1062 | if (!isatty(STDIN_FILENO)) | 975 | if (!isatty(STDIN_FILENO)) |