diff options
author | Aleksey Manevich <manevich.aleksey@gmail.com> | 2016-08-29 23:31:57 +0300 |
---|---|---|
committer | Aleksey Manevich <manevich.aleksey@gmail.com> | 2016-08-29 23:31:57 +0300 |
commit | 18a1ae6609c556aa433dc62fc5cd8685d2d612ea (patch) | |
tree | 9e26767ed777a8575abb9c5d7358e89464cf9e57 /src | |
parent | Merge pull request #751 from reinerh/master (diff) | |
download | firejail-18a1ae6609c556aa433dc62fc5cd8685d2d612ea.tar.gz firejail-18a1ae6609c556aa433dc62fc5cd8685d2d612ea.tar.zst firejail-18a1ae6609c556aa433dc62fc5cd8685d2d612ea.zip |
fix umask problem
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/appimage.c | 2 | ||||
-rw-r--r-- | src/firejail/fs.c | 8 | ||||
-rw-r--r-- | src/firejail/fs_bin.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_dev.c | 10 | ||||
-rw-r--r-- | src/firejail/fs_etc.c | 2 |
5 files changed, 24 insertions, 0 deletions
diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c index 513a5a8a2..eb90a39dd 100644 --- a/src/firejail/appimage.c +++ b/src/firejail/appimage.c | |||
@@ -81,6 +81,8 @@ void appimage_set(const char *appimage_path) { | |||
81 | fprintf(stderr, "Error: cannot create temporary directory\n"); | 81 | fprintf(stderr, "Error: cannot create temporary directory\n"); |
82 | exit(1); | 82 | exit(1); |
83 | } | 83 | } |
84 | if (chmod(mntdir, 0700) == -1) | ||
85 | errExit("chmod"); | ||
84 | ASSERT_PERMS(mntdir, getuid(), getgid(), 0700); | 86 | ASSERT_PERMS(mntdir, getuid(), getgid(), 0700); |
85 | 87 | ||
86 | char *mode; | 88 | char *mode; |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 855ebad7b..e38f128ea 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -36,6 +36,8 @@ static void create_dir_as_root(const char *dir, mode_t mode) { | |||
36 | 36 | ||
37 | if (mkdir(dir, mode) == -1) | 37 | if (mkdir(dir, mode) == -1) |
38 | errExit("mkdir"); | 38 | errExit("mkdir"); |
39 | if (chmod(dir, mode) == -1) | ||
40 | errExit("chmod"); | ||
39 | 41 | ||
40 | ASSERT_PERMS(dir, 0, 0, mode); | 42 | ASSERT_PERMS(dir, 0, 0, mode); |
41 | } | 43 | } |
@@ -47,6 +49,8 @@ static void create_empty_dir(void) { | |||
47 | /* coverity[toctou] */ | 49 | /* coverity[toctou] */ |
48 | if (mkdir(RUN_RO_DIR, S_IRUSR | S_IXUSR) == -1) | 50 | if (mkdir(RUN_RO_DIR, S_IRUSR | S_IXUSR) == -1) |
49 | errExit("mkdir"); | 51 | errExit("mkdir"); |
52 | if (chmod(RUN_RO_DIR, S_IRUSR | S_IXUSR) == -1) | ||
53 | errExit("chmod"); | ||
50 | ASSERT_PERMS(RUN_RO_DIR, 0, 0, S_IRUSR | S_IXUSR); | 54 | ASSERT_PERMS(RUN_RO_DIR, 0, 0, S_IRUSR | S_IXUSR); |
51 | } | 55 | } |
52 | } | 56 | } |
@@ -772,6 +776,8 @@ char *fs_check_overlay_dir(const char *subdirname, int allow_reuse) { | |||
772 | /* coverity[toctou] */ | 776 | /* coverity[toctou] */ |
773 | if (mkdir(dirname, 0700)) | 777 | if (mkdir(dirname, 0700)) |
774 | errExit("mkdir"); | 778 | errExit("mkdir"); |
779 | if (chmod(dirname, 0700) == -1) | ||
780 | errExit("chmod"); | ||
775 | ASSERT_PERMS(dirname, getuid(), getgid(), 0700); | 781 | ASSERT_PERMS(dirname, getuid(), getgid(), 0700); |
776 | } | 782 | } |
777 | else if (is_link(dirname)) { | 783 | else if (is_link(dirname)) { |
@@ -859,6 +865,8 @@ void fs_overlayfs(void) { | |||
859 | errExit("asprintf"); | 865 | errExit("asprintf"); |
860 | if (mkdir(oroot, 0755)) | 866 | if (mkdir(oroot, 0755)) |
861 | errExit("mkdir"); | 867 | errExit("mkdir"); |
868 | if (chmod(oroot, 0755) == -1) | ||
869 | errExit("chmod"); | ||
862 | ASSERT_PERMS(oroot, 0, 0, 0755); | 870 | ASSERT_PERMS(oroot, 0, 0, 0755); |
863 | 871 | ||
864 | struct stat s; | 872 | struct stat s; |
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c index b9d8614d4..6c4db57b4 100644 --- a/src/firejail/fs_bin.c +++ b/src/firejail/fs_bin.c | |||
@@ -205,6 +205,8 @@ void fs_private_bin_list(void) { | |||
205 | fs_build_mnt_dir(); | 205 | fs_build_mnt_dir(); |
206 | if (mkdir(RUN_BIN_DIR, 0755) == -1) | 206 | if (mkdir(RUN_BIN_DIR, 0755) == -1) |
207 | errExit("mkdir"); | 207 | errExit("mkdir"); |
208 | if (chmod(RUN_BIN_DIR, 0755) == -1) | ||
209 | errExit("chmod"); | ||
208 | ASSERT_PERMS(RUN_BIN_DIR, 0, 0, 0755); | 210 | ASSERT_PERMS(RUN_BIN_DIR, 0, 0, 0755); |
209 | 211 | ||
210 | // copy the list of files in the new etc directory | 212 | // copy the list of files in the new etc directory |
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c index 701183ee1..363d3e484 100644 --- a/src/firejail/fs_dev.c +++ b/src/firejail/fs_dev.c | |||
@@ -75,6 +75,8 @@ void fs_private_dev(void){ | |||
75 | if (have_dri) { | 75 | if (have_dri) { |
76 | if (mkdir(RUN_DRI_DIR, 0755) == -1) | 76 | if (mkdir(RUN_DRI_DIR, 0755) == -1) |
77 | errExit("mkdir"); | 77 | errExit("mkdir"); |
78 | if (chmod(RUN_DRI_DIR, 0755) == -1) | ||
79 | errExit("chmod"); | ||
78 | ASSERT_PERMS(RUN_DRI_DIR, 0, 0, 0755); | 80 | ASSERT_PERMS(RUN_DRI_DIR, 0, 0, 0755); |
79 | 81 | ||
80 | // keep a copy of /dev/dri under DRI_DIR | 82 | // keep a copy of /dev/dri under DRI_DIR |
@@ -86,6 +88,8 @@ void fs_private_dev(void){ | |||
86 | if (have_snd) { | 88 | if (have_snd) { |
87 | if (mkdir(RUN_SND_DIR, 0755) == -1) | 89 | if (mkdir(RUN_SND_DIR, 0755) == -1) |
88 | errExit("mkdir"); | 90 | errExit("mkdir"); |
91 | if (chmod(RUN_SND_DIR, 0755) == -1) | ||
92 | errExit("chmod"); | ||
89 | ASSERT_PERMS(RUN_SND_DIR, 0, 0, 0755); | 93 | ASSERT_PERMS(RUN_SND_DIR, 0, 0, 0755); |
90 | 94 | ||
91 | // keep a copy of /dev/dri under DRI_DIR | 95 | // keep a copy of /dev/dri under DRI_DIR |
@@ -130,6 +134,8 @@ void fs_private_dev(void){ | |||
130 | /* coverity[toctou] */ | 134 | /* coverity[toctou] */ |
131 | if (mkdir("/dev/snd", 0755) == -1) | 135 | if (mkdir("/dev/snd", 0755) == -1) |
132 | errExit("mkdir"); | 136 | errExit("mkdir"); |
137 | if (chmod("/dev/snd", 0755) == -1) | ||
138 | errExit("chmod"); | ||
133 | ASSERT_PERMS("/dev/snd", 0, 0, 0755); | 139 | ASSERT_PERMS("/dev/snd", 0, 0, 0755); |
134 | if (mount(RUN_SND_DIR, "/dev/snd", NULL, MS_BIND|MS_REC, NULL) < 0) | 140 | if (mount(RUN_SND_DIR, "/dev/snd", NULL, MS_BIND|MS_REC, NULL) < 0) |
135 | errExit("mounting /dev/snd"); | 141 | errExit("mounting /dev/snd"); |
@@ -140,6 +146,8 @@ void fs_private_dev(void){ | |||
140 | if (have_dri) { | 146 | if (have_dri) { |
141 | if (mkdir("/dev/dri", 0755) == -1) | 147 | if (mkdir("/dev/dri", 0755) == -1) |
142 | errExit("mkdir"); | 148 | errExit("mkdir"); |
149 | if (chmod("/dev/dri", 0755) == -1) | ||
150 | errExit("chmod"); | ||
143 | ASSERT_PERMS("/dev/dri", 0, 0, 0755); | 151 | ASSERT_PERMS("/dev/dri", 0, 0, 0755); |
144 | if (mount(RUN_DRI_DIR, "/dev/dri", NULL, MS_BIND|MS_REC, NULL) < 0) | 152 | if (mount(RUN_DRI_DIR, "/dev/dri", NULL, MS_BIND|MS_REC, NULL) < 0) |
145 | errExit("mounting /dev/dri"); | 153 | errExit("mounting /dev/dri"); |
@@ -178,6 +186,8 @@ void fs_private_dev(void){ | |||
178 | // pseudo-terminal | 186 | // pseudo-terminal |
179 | if (mkdir("/dev/pts", 0755) == -1) | 187 | if (mkdir("/dev/pts", 0755) == -1) |
180 | errExit("mkdir"); | 188 | errExit("mkdir"); |
189 | if (chmod("/dev/pts", 0755) == -1) | ||
190 | errExit("chmod"); | ||
181 | ASSERT_PERMS("/dev/pts", 0, 0, 0755); | 191 | ASSERT_PERMS("/dev/pts", 0, 0, 0755); |
182 | fs_logger("mkdir /dev/pts"); | 192 | fs_logger("mkdir /dev/pts"); |
183 | create_char_dev("/dev/pts/ptmx", 0666, 5, 2); //"mknod -m 666 /dev/pts/ptmx c 5 2"); | 193 | create_char_dev("/dev/pts/ptmx", 0666, 5, 2); //"mknod -m 666 /dev/pts/ptmx c 5 2"); |
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index d5b348ee2..e860bc173 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c | |||
@@ -132,6 +132,8 @@ void fs_private_etc_list(void) { | |||
132 | fs_build_mnt_dir(); | 132 | fs_build_mnt_dir(); |
133 | if (mkdir(RUN_ETC_DIR, 0755) == -1) | 133 | if (mkdir(RUN_ETC_DIR, 0755) == -1) |
134 | errExit("mkdir"); | 134 | errExit("mkdir"); |
135 | if (chmod(RUN_ETC_DIR, 0755) == -1) | ||
136 | errExit("chmod"); | ||
135 | ASSERT_PERMS(RUN_ETC_DIR, 0, 0, 0755); | 137 | ASSERT_PERMS(RUN_ETC_DIR, 0, 0, 0755); |
136 | fs_logger("tmpfs /etc"); | 138 | fs_logger("tmpfs /etc"); |
137 | 139 | ||