diff options
author | netblue30 <netblue30@yahoo.com> | 2016-07-08 09:39:18 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-07-08 09:39:18 -0400 |
commit | 0838606e623fc11fac5fd8db8b197d63f3e21f32 (patch) | |
tree | afbe78890c684230e5269ed49bf2aef1b757d73b /src | |
parent | private-dev (diff) | |
download | firejail-0838606e623fc11fac5fd8db8b197d63f3e21f32.tar.gz firejail-0838606e623fc11fac5fd8db8b197d63f3e21f32.tar.zst firejail-0838606e623fc11fac5fd8db8b197d63f3e21f32.zip |
added mkfile profile command
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/fs_mkdir.c | 33 | ||||
-rw-r--r-- | src/firejail/profile.c | 5 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 4 |
4 files changed, 43 insertions, 0 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 24af41192..3d0e9a51b 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -548,6 +548,7 @@ char **build_paths(void); | |||
548 | 548 | ||
549 | // fs_mkdir.c | 549 | // fs_mkdir.c |
550 | void fs_mkdir(const char *name); | 550 | void fs_mkdir(const char *name); |
551 | void fs_mkfile(const char *name); | ||
551 | 552 | ||
552 | // x11.c | 553 | // x11.c |
553 | void fs_x11(void); | 554 | void fs_x11(void); |
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c index 398c534bf..c4ce52079 100644 --- a/src/firejail/fs_mkdir.c +++ b/src/firejail/fs_mkdir.c | |||
@@ -48,3 +48,36 @@ void fs_mkdir(const char *name) { | |||
48 | doexit: | 48 | doexit: |
49 | free(expanded); | 49 | free(expanded); |
50 | } | 50 | } |
51 | |||
52 | void fs_mkfile(const char *name) { | ||
53 | EUID_ASSERT(); | ||
54 | |||
55 | // check file name | ||
56 | invalid_filename(name); | ||
57 | char *expanded = expand_home(name, cfg.homedir); | ||
58 | if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0) { | ||
59 | fprintf(stderr, "Error: only files in user home are supported by mkfile\n"); | ||
60 | exit(1); | ||
61 | } | ||
62 | |||
63 | struct stat s; | ||
64 | if (stat(expanded, &s) == 0) { | ||
65 | // file exists, do nothing | ||
66 | goto doexit; | ||
67 | } | ||
68 | |||
69 | // create file | ||
70 | FILE *fp = fopen(expanded, "w"); | ||
71 | if (!fp) | ||
72 | fprintf(stderr, "Warning: cannot create %s file\n", expanded); | ||
73 | else { | ||
74 | fclose(fp); | ||
75 | int rv = chown(expanded, getuid(), getgid()); | ||
76 | (void) rv; | ||
77 | rv = chmod(expanded, 0600); | ||
78 | (void) rv; | ||
79 | } | ||
80 | |||
81 | doexit: | ||
82 | free(expanded); | ||
83 | } \ No newline at end of file | ||
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 040efea74..bb834bf19 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -107,6 +107,11 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
107 | fs_mkdir(ptr + 6); | 107 | fs_mkdir(ptr + 6); |
108 | return 0; | 108 | return 0; |
109 | } | 109 | } |
110 | // mkfile | ||
111 | if (strncmp(ptr, "mkfile ", 7) == 0) { | ||
112 | fs_mkfile(ptr + 7); | ||
113 | return 0; | ||
114 | } | ||
110 | // sandbox name | 115 | // sandbox name |
111 | else if (strncmp(ptr, "name ", 5) == 0) { | 116 | else if (strncmp(ptr, "name ", 5) == 0) { |
112 | cfg.name = ptr + 5; | 117 | cfg.name = ptr + 5; |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index c2d5e7955..9c416b0f3 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -153,6 +153,10 @@ mkdir ~/.cache/mozilla/firefox | |||
153 | .br | 153 | .br |
154 | whitelist ~/.cache/mozilla/firefox | 154 | whitelist ~/.cache/mozilla/firefox |
155 | .TP | 155 | .TP |
156 | \fBmkfile file | ||
157 | Similar to mkdir, this command creates a file in user home before the sandbox is started. | ||
158 | The file is created if it doesn't already exist. | ||
159 | .TP | ||
156 | \fBprivate | 160 | \fBprivate |
157 | Mount new /root and /home/user directories in temporary | 161 | Mount new /root and /home/user directories in temporary |
158 | filesystems. All modifications are discarded when the sandbox is | 162 | filesystems. All modifications are discarded when the sandbox is |