diff options
author | netblue30 <netblue30@yahoo.com> | 2016-07-08 09:39:18 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-07-08 09:39:18 -0400 |
commit | 0838606e623fc11fac5fd8db8b197d63f3e21f32 (patch) | |
tree | afbe78890c684230e5269ed49bf2aef1b757d73b /src/firejail | |
parent | private-dev (diff) | |
download | firejail-0838606e623fc11fac5fd8db8b197d63f3e21f32.tar.gz firejail-0838606e623fc11fac5fd8db8b197d63f3e21f32.tar.zst firejail-0838606e623fc11fac5fd8db8b197d63f3e21f32.zip |
added mkfile profile command
Diffstat (limited to 'src/firejail')
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/fs_mkdir.c | 33 | ||||
-rw-r--r-- | src/firejail/profile.c | 5 |
3 files changed, 39 insertions, 0 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 24af41192..3d0e9a51b 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -548,6 +548,7 @@ char **build_paths(void); | |||
548 | 548 | ||
549 | // fs_mkdir.c | 549 | // fs_mkdir.c |
550 | void fs_mkdir(const char *name); | 550 | void fs_mkdir(const char *name); |
551 | void fs_mkfile(const char *name); | ||
551 | 552 | ||
552 | // x11.c | 553 | // x11.c |
553 | void fs_x11(void); | 554 | void fs_x11(void); |
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c index 398c534bf..c4ce52079 100644 --- a/src/firejail/fs_mkdir.c +++ b/src/firejail/fs_mkdir.c | |||
@@ -48,3 +48,36 @@ void fs_mkdir(const char *name) { | |||
48 | doexit: | 48 | doexit: |
49 | free(expanded); | 49 | free(expanded); |
50 | } | 50 | } |
51 | |||
52 | void fs_mkfile(const char *name) { | ||
53 | EUID_ASSERT(); | ||
54 | |||
55 | // check file name | ||
56 | invalid_filename(name); | ||
57 | char *expanded = expand_home(name, cfg.homedir); | ||
58 | if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0) { | ||
59 | fprintf(stderr, "Error: only files in user home are supported by mkfile\n"); | ||
60 | exit(1); | ||
61 | } | ||
62 | |||
63 | struct stat s; | ||
64 | if (stat(expanded, &s) == 0) { | ||
65 | // file exists, do nothing | ||
66 | goto doexit; | ||
67 | } | ||
68 | |||
69 | // create file | ||
70 | FILE *fp = fopen(expanded, "w"); | ||
71 | if (!fp) | ||
72 | fprintf(stderr, "Warning: cannot create %s file\n", expanded); | ||
73 | else { | ||
74 | fclose(fp); | ||
75 | int rv = chown(expanded, getuid(), getgid()); | ||
76 | (void) rv; | ||
77 | rv = chmod(expanded, 0600); | ||
78 | (void) rv; | ||
79 | } | ||
80 | |||
81 | doexit: | ||
82 | free(expanded); | ||
83 | } \ No newline at end of file | ||
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 040efea74..bb834bf19 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -107,6 +107,11 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
107 | fs_mkdir(ptr + 6); | 107 | fs_mkdir(ptr + 6); |
108 | return 0; | 108 | return 0; |
109 | } | 109 | } |
110 | // mkfile | ||
111 | if (strncmp(ptr, "mkfile ", 7) == 0) { | ||
112 | fs_mkfile(ptr + 7); | ||
113 | return 0; | ||
114 | } | ||
110 | // sandbox name | 115 | // sandbox name |
111 | else if (strncmp(ptr, "name ", 5) == 0) { | 116 | else if (strncmp(ptr, "name ", 5) == 0) { |
112 | cfg.name = ptr + 5; | 117 | cfg.name = ptr + 5; |