added mkfile profile command

author: netblue30 <netblue30@yahoo.com> 2016-07-08 09:39:18 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-07-08 09:39:18 -0400
commit: 0838606e623fc11fac5fd8db8b197d63f3e21f32 (patch)
tree: afbe78890c684230e5269ed49bf2aef1b757d73b /src/firejail
parent: private-dev (diff)
download: firejail-0838606e623fc11fac5fd8db8b197d63f3e21f32.tar.gz
firejail-0838606e623fc11fac5fd8db8b197d63f3e21f32.tar.zst
firejail-0838606e623fc11fac5fd8db8b197d63f3e21f32.zip
3 files changed, 39 insertions, 0 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 24af41192..3d0e9a51b 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -548,6 +548,7 @@ char **build_paths(void);
 // fs_mkdir.c
 void fs_mkdir(const char *name);
+void fs_mkfile(const char *name);
 // x11.c
 void fs_x11(void);
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c
index 398c534bf..c4ce52079 100644
--- a/src/firejail/fs_mkdir.c
+++ b/src/firejail/fs_mkdir.c
@@ -48,3 +48,36 @@ void fs_mkdir(const char *name) {
 doexit:
        free(expanded);
 }       
+void fs_mkfile(const char *name) {
+        EUID_ASSERT();
+        
+        // check file name
+        invalid_filename(name);
+        char *expanded = expand_home(name, cfg.homedir);
+        if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0) {
+                fprintf(stderr, "Error: only files in user home are supported by mkfile\n");
+                exit(1);
+        }
+        struct stat s;
+        if (stat(expanded, &s) == 0) {
+                // file exists, do nothing
+                goto doexit;
+        }
+        // create file
+        FILE *fp = fopen(expanded, "w");
+        if (!fp)
+                fprintf(stderr, "Warning: cannot create %s file\n", expanded);
+        else {
+                fclose(fp);
+                int rv = chown(expanded, getuid(), getgid());
+                (void) rv;
+                rv = chmod(expanded, 0600);
+                (void) rv;
+        }
+doexit:
+        free(expanded);
+}
+\ No newline at end of file
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 040efea74..bb834bf19 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -107,6 +107,11 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                fs_mkdir(ptr + 6);
                return 0;
        }
+        // mkfile 
+        if (strncmp(ptr, "mkfile ", 7) == 0) {
+                fs_mkfile(ptr + 7);
+                return 0;
+        }
        // sandbox name
        else if (strncmp(ptr, "name ", 5) == 0) {
                cfg.name = ptr + 5;
author	netblue30 <netblue30@yahoo.com>	2016-07-08 09:39:18 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-07-08 09:39:18 -0400
commit	0838606e623fc11fac5fd8db8b197d63f3e21f32 (patch)
tree	afbe78890c684230e5269ed49bf2aef1b757d73b /src/firejail
parent	private-dev (diff)
download	firejail-0838606e623fc11fac5fd8db8b197d63f3e21f32.tar.gz firejail-0838606e623fc11fac5fd8db8b197d63f3e21f32.tar.zst firejail-0838606e623fc11fac5fd8db8b197d63f3e21f32.zip

diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 24af41192..3d0e9a51b 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h
@@ -548,6 +548,7 @@ char **build_paths(void);
548		548
549	// fs_mkdir.c	549	// fs_mkdir.c
550	void fs_mkdir(const char *name);	550	void fs_mkdir(const char *name);
		551	void fs_mkfile(const char *name);
551		552
552	// x11.c	553	// x11.c
553	void fs_x11(void);	554	void fs_x11(void);


diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c index 398c534bf..c4ce52079 100644 --- a/src/firejail/fs_mkdir.c +++ b/src/firejail/fs_mkdir.c
@@ -48,3 +48,36 @@ void fs_mkdir(const char *name) {
48	doexit:	48	doexit:
49	free(expanded);	49	free(expanded);
50	}	50	}
		51
		52	void fs_mkfile(const char *name) {
		53	EUID_ASSERT();
		54
		55	// check file name
		56	invalid_filename(name);
		57	char *expanded = expand_home(name, cfg.homedir);
		58	if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0) {
		59	fprintf(stderr, "Error: only files in user home are supported by mkfile\n");
		60	exit(1);
		61	}
		62
		63	struct stat s;
		64	if (stat(expanded, &s) == 0) {
		65	// file exists, do nothing
		66	goto doexit;
		67	}
		68
		69	// create file
		70	FILE *fp = fopen(expanded, "w");
		71	if (!fp)
		72	fprintf(stderr, "Warning: cannot create %s file\n", expanded);
		73	else {
		74	fclose(fp);
		75	int rv = chown(expanded, getuid(), getgid());
		76	(void) rv;
		77	rv = chmod(expanded, 0600);
		78	(void) rv;
		79	}
		80
		81	doexit:
		82	free(expanded);
		83	} \ No newline at end of file


diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 040efea74..bb834bf19 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c
@@ -107,6 +107,11 @@ int profile_check_line(char ptr, int lineno, const char fname) {
107	fs_mkdir(ptr + 6);	107	fs_mkdir(ptr + 6);
108	return 0;	108	return 0;
109	}	109	}
		110	// mkfile
		111	if (strncmp(ptr, "mkfile ", 7) == 0) {
		112	fs_mkfile(ptr + 7);
		113	return 0;
		114	}
110	// sandbox name	115	// sandbox name
111	else if (strncmp(ptr, "name ", 5) == 0) {	116	else if (strncmp(ptr, "name ", 5) == 0) {
112	cfg.name = ptr + 5;	117	cfg.name = ptr + 5;