misc cleanup

removing the branches checking for "." has no effect, as calling openat on this just reopens the previous path element.
author: smitsohu <smitsohu@gmail.com> 2019-02-22 18:41:38 +0100
committer: smitsohu <smitsohu@gmail.com> 2019-02-22 18:45:07 +0100
commit: 5cabd894a9d700bd4457d6e6dbd9472629a6dbfe (patch)
tree: 5deb5581385d0cc33898462c35257be3b2503b07 /src
parent: Harden gnome-recipes.profile (#2444) (diff)
download: firejail-5cabd894a9d700bd4457d6e6dbd9472629a6dbfe.tar.gz
firejail-5cabd894a9d700bd4457d6e6dbd9472629a6dbfe.tar.zst
firejail-5cabd894a9d700bd4457d6e6dbd9472629a6dbfe.zip
3 files changed, 2 insertions, 15 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 6cd445433..913fc71ba 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -33,7 +33,6 @@
 //#define TEST_MOUNTINFO
 #define EMPTY_STRING ("")
-#define MAXBUF 4098
 static size_t homedir_len; // cache length of homedir string
@@ -68,11 +67,6 @@ static int mkpath(const char* path, mode_t mode) {
        char *tok = strtok(dup, "/");
        assert(tok); // path is no top level directory
        while (tok) {
-                // skip all instances of "/./"
-                if (strcmp(tok, ".") == 0) {
-                        tok = strtok(NULL, "/");
-                        continue;
-                }
                // create the directory if necessary
                if (mkdirat(parentfd, tok, mode) == -1) {
                        if (errno != EEXIST) {
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index c163133c3..53947d889 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -241,9 +241,6 @@ error:
 // return 1 if the command is to be added to the linked list of profile commands
 // return 0 if the command was already executed inside the function
 int profile_check_line(char *ptr, int lineno, const char *fname) {
-#ifdef HAVE_WHITELIST
-        static int whitelist_warning_printed = 0;
-#endif
        EUID_ASSERT();
        // check and process conditional profile lines
@@ -1314,6 +1311,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                        ptr += 10;
                }
                else {
+                        static int whitelist_warning_printed = 0;
                        if (!whitelist_warning_printed) {
                                warning_feature_disabled("whitelist");
                                whitelist_warning_printed = 1;
diff --git a/src/firejail/util.c b/src/firejail/util.c
index 0e869ef7a..dd298a31a 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -1163,11 +1163,6 @@ int safe_fd(const char *path, int flags) {
        char *tok = strtok(dup, "/");
        assert(tok);
        while (tok) {
-                // skip all "/./"
-                if (strcmp(tok, ".") == 0) {
-                        tok = strtok(NULL, "/");
-                        continue;
-                }
                // open the element, assuming it is a directory; this fails with ENOTDIR if it is a symbolic link
                fd = openat(parentfd, tok, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC);
                if (fd == -1) {
@@ -1267,7 +1262,7 @@ int invalid_sandbox(const pid_t pid) {
 }
 int has_handler(pid_t pid, int signal) {
-        if (signal > 0) {
+        if (signal > 0 && signal <= SIGRTMAX) {
                char *fname;
                if (asprintf(&fname, "/proc/%d/status", pid) == -1)
                        errExit("asprintf");
author	smitsohu <smitsohu@gmail.com>	2019-02-22 18:41:38 +0100
committer	smitsohu <smitsohu@gmail.com>	2019-02-22 18:45:07 +0100
commit	5cabd894a9d700bd4457d6e6dbd9472629a6dbfe (patch)
tree	5deb5581385d0cc33898462c35257be3b2503b07 /src
parent	Harden gnome-recipes.profile (#2444) (diff)
download	firejail-5cabd894a9d700bd4457d6e6dbd9472629a6dbfe.tar.gz firejail-5cabd894a9d700bd4457d6e6dbd9472629a6dbfe.tar.zst firejail-5cabd894a9d700bd4457d6e6dbd9472629a6dbfe.zip