aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2016-11-14 07:53:22 -0500
committerLibravatar netblue30 <netblue30@yahoo.com>2016-11-14 07:53:22 -0500
commit745742f17378cde52591c1aa8e112445022abb2d (patch)
treeefc2e0bd25435a5ba89d6db2d3bd6981270ed6ea /src
parenttesting (diff)
downloadfirejail-745742f17378cde52591c1aa8e112445022abb2d.tar.gz
firejail-745742f17378cde52591c1aa8e112445022abb2d.tar.zst
firejail-745742f17378cde52591c1aa8e112445022abb2d.zip
cleanup
Diffstat (limited to 'src')
-rw-r--r--src/firejail/caps.c13
-rw-r--r--src/firejail/fs_whitelist.c55
2 files changed, 9 insertions, 59 deletions
diff --git a/src/firejail/caps.c b/src/firejail/caps.c
index 3fd8b576e..ba811cada 100644
--- a/src/firejail/caps.c
+++ b/src/firejail/caps.c
@@ -168,17 +168,6 @@ static CapsEntry capslist[] = {
168// 168//
169}; // end of capslist 169}; // end of capslist
170 170
171const char *caps_find_nr(int nr) {
172 int i;
173 int elems = sizeof(capslist) / sizeof(capslist[0]);
174 for (i = 0; i < elems; i++) {
175 if (nr == capslist[i].nr)
176 return capslist[i].name;
177 }
178
179 return "unknown";
180}
181
182// return -1 if error, or syscall number 171// return -1 if error, or syscall number
183static int caps_find_name(const char *name) { 172static int caps_find_name(const char *name) {
184 int i; 173 int i;
@@ -397,7 +386,7 @@ static uint64_t extract_caps(int pid) {
397 } 386 }
398 fclose(fp); 387 fclose(fp);
399 free(file); 388 free(file);
400 printf("Error: cannot read caps configuration\n"); 389 fprintf(stderr, "Error: cannot read caps configuration\n");
401 exit(1); 390 exit(1);
402} 391}
403 392
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 9d8021219..564dc8290 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -530,11 +530,7 @@ void fs_whitelist(void) {
530 // /home/user 530 // /home/user
531 if (home_dir) { 531 if (home_dir) {
532 // keep a copy of real home dir in RUN_WHITELIST_HOME_USER_DIR 532 // keep a copy of real home dir in RUN_WHITELIST_HOME_USER_DIR
533 int rv = mkdir(RUN_WHITELIST_HOME_USER_DIR, 0755); 533 mkdir_attr(RUN_WHITELIST_HOME_USER_DIR, 0755, getuid(), getgid());
534 if (rv == -1)
535 errExit("mkdir");
536 if (set_perms(RUN_WHITELIST_HOME_USER_DIR, getuid(), getgid(), 0755))
537 errExit("set_perms");
538 if (mount(cfg.homedir, RUN_WHITELIST_HOME_USER_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) 534 if (mount(cfg.homedir, RUN_WHITELIST_HOME_USER_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
539 errExit("mount bind"); 535 errExit("mount bind");
540 536
@@ -545,12 +541,7 @@ void fs_whitelist(void) {
545 // /tmp mountpoint 541 // /tmp mountpoint
546 if (tmp_dir) { 542 if (tmp_dir) {
547 // keep a copy of real /tmp directory in 543 // keep a copy of real /tmp directory in
548 int rv = mkdir(RUN_WHITELIST_TMP_DIR, 1777); 544 mkdir_attr(RUN_WHITELIST_TMP_DIR, 1777, 0, 0);
549 if (rv == -1)
550 errExit("mkdir");
551 if (set_perms(RUN_WHITELIST_TMP_DIR, 0, 0, 1777))
552 errExit("set_perms");
553
554 if (mount("/tmp", RUN_WHITELIST_TMP_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) 545 if (mount("/tmp", RUN_WHITELIST_TMP_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
555 errExit("mount bind"); 546 errExit("mount bind");
556 547
@@ -568,12 +559,7 @@ void fs_whitelist(void) {
568 struct stat s; 559 struct stat s;
569 if (stat("/media", &s) == 0) { 560 if (stat("/media", &s) == 0) {
570 // keep a copy of real /media directory in RUN_WHITELIST_MEDIA_DIR 561 // keep a copy of real /media directory in RUN_WHITELIST_MEDIA_DIR
571 int rv = mkdir(RUN_WHITELIST_MEDIA_DIR, 0755); 562 mkdir_attr(RUN_WHITELIST_MEDIA_DIR, 0755, 0, 0);
572 if (rv == -1)
573 errExit("mkdir");
574 if (set_perms(RUN_WHITELIST_MEDIA_DIR, 0, 0, 0755))
575 errExit("set_perms");
576
577 if (mount("/media", RUN_WHITELIST_MEDIA_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) 563 if (mount("/media", RUN_WHITELIST_MEDIA_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
578 errExit("mount bind"); 564 errExit("mount bind");
579 565
@@ -594,12 +580,7 @@ void fs_whitelist(void) {
594 struct stat s; 580 struct stat s;
595 if (stat("/mnt", &s) == 0) { 581 if (stat("/mnt", &s) == 0) {
596 // keep a copy of real /mnt directory in RUN_WHITELIST_MNT_DIR 582 // keep a copy of real /mnt directory in RUN_WHITELIST_MNT_DIR
597 int rv = mkdir(RUN_WHITELIST_MNT_DIR, 0755); 583 mkdir_attr(RUN_WHITELIST_MNT_DIR, 0755, 0, 0);
598 if (rv == -1)
599 errExit("mkdir");
600 if (set_perms(RUN_WHITELIST_MNT_DIR, 0, 0, 0755))
601 errExit("set_perms");
602
603 if (mount("/mnt", RUN_WHITELIST_MNT_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) 584 if (mount("/mnt", RUN_WHITELIST_MNT_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
604 errExit("mount bind"); 585 errExit("mount bind");
605 586
@@ -618,12 +599,7 @@ void fs_whitelist(void) {
618 // /var mountpoint 599 // /var mountpoint
619 if (var_dir) { 600 if (var_dir) {
620 // keep a copy of real /var directory in RUN_WHITELIST_VAR_DIR 601 // keep a copy of real /var directory in RUN_WHITELIST_VAR_DIR
621 int rv = mkdir(RUN_WHITELIST_VAR_DIR, 0755); 602 mkdir_attr(RUN_WHITELIST_VAR_DIR, 0755, 0, 0);
622 if (rv == -1)
623 errExit("mkdir");
624 if (set_perms(RUN_WHITELIST_VAR_DIR, 0, 0, 0755))
625 errExit("set_perms");
626
627 if (mount("/var", RUN_WHITELIST_VAR_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) 603 if (mount("/var", RUN_WHITELIST_VAR_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
628 errExit("mount bind"); 604 errExit("mount bind");
629 605
@@ -638,12 +614,7 @@ void fs_whitelist(void) {
638 // /dev mountpoint 614 // /dev mountpoint
639 if (dev_dir) { 615 if (dev_dir) {
640 // keep a copy of real /dev directory in RUN_WHITELIST_DEV_DIR 616 // keep a copy of real /dev directory in RUN_WHITELIST_DEV_DIR
641 int rv = mkdir(RUN_WHITELIST_DEV_DIR, 0755); 617 mkdir_attr(RUN_WHITELIST_DEV_DIR, 0755, 0, 0);
642 if (rv == -1)
643 errExit("mkdir");
644 if (set_perms(RUN_WHITELIST_DEV_DIR, 0, 0, 0755))
645 errExit("set_perms");
646
647 if (mount("/dev", RUN_WHITELIST_DEV_DIR, NULL, MS_BIND|MS_REC, "mode=755,gid=0") < 0) 618 if (mount("/dev", RUN_WHITELIST_DEV_DIR, NULL, MS_BIND|MS_REC, "mode=755,gid=0") < 0)
648 errExit("mount bind"); 619 errExit("mount bind");
649 620
@@ -658,12 +629,7 @@ void fs_whitelist(void) {
658 // /opt mountpoint 629 // /opt mountpoint
659 if (opt_dir) { 630 if (opt_dir) {
660 // keep a copy of real /opt directory in RUN_WHITELIST_OPT_DIR 631 // keep a copy of real /opt directory in RUN_WHITELIST_OPT_DIR
661 int rv = mkdir(RUN_WHITELIST_OPT_DIR, 0755); 632 mkdir_attr(RUN_WHITELIST_OPT_DIR, 0755, 0, 0);
662 if (rv == -1)
663 errExit("mkdir");
664 if (set_perms(RUN_WHITELIST_OPT_DIR, 0, 0, 0755))
665 errExit("set_perms");
666
667 if (mount("/opt", RUN_WHITELIST_OPT_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) 633 if (mount("/opt", RUN_WHITELIST_OPT_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
668 errExit("mount bind"); 634 errExit("mount bind");
669 635
@@ -681,12 +647,7 @@ void fs_whitelist(void) {
681 struct stat s; 647 struct stat s;
682 if (stat("/srv", &s) == 0) { 648 if (stat("/srv", &s) == 0) {
683 // keep a copy of real /srv directory in RUN_WHITELIST_SRV_DIR 649 // keep a copy of real /srv directory in RUN_WHITELIST_SRV_DIR
684 int rv = mkdir(RUN_WHITELIST_SRV_DIR, 0755); 650 mkdir_attr(RUN_WHITELIST_SRV_DIR, 0755, 0, 0);
685 if (rv == -1)
686 errExit("mkdir");
687 if (set_perms(RUN_WHITELIST_SRV_DIR, 0, 0, 0755))
688 errExit("set_perms");
689
690 if (mount("/srv", RUN_WHITELIST_SRV_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) 651 if (mount("/srv", RUN_WHITELIST_SRV_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
691 errExit("mount bind"); 652 errExit("mount bind");
692 653
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-19 20:40:45 +0000