diff options
author | netblue30 <netblue30@yahoo.com> | 2016-01-19 10:29:18 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-01-19 10:29:18 -0500 |
commit | 0430643b36669aeaf4ea3b9ff31eb092c92b48dc (patch) | |
tree | 499cc2e8db4a69f2cc3b69f617ebce6826bc020d /src | |
parent | man firejail-profile fixes (diff) | |
download | firejail-0430643b36669aeaf4ea3b9ff31eb092c92b48dc.tar.gz firejail-0430643b36669aeaf4ea3b9ff31eb092c92b48dc.tar.zst firejail-0430643b36669aeaf4ea3b9ff31eb092c92b48dc.zip |
debug whitelist code
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs_whitelist.c | 43 |
1 files changed, 35 insertions, 8 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 94b2da47e..22fbe2111 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -335,6 +335,8 @@ void fs_whitelist(void) { | |||
335 | // replace ~/ or ${HOME} into /home/username | 335 | // replace ~/ or ${HOME} into /home/username |
336 | new_name = expand_home(entry->data + 10, cfg.homedir); | 336 | new_name = expand_home(entry->data + 10, cfg.homedir); |
337 | assert(new_name); | 337 | assert(new_name); |
338 | if (arg_debug) | ||
339 | fprintf(stderr, "Debug %d: new_name #%s#\n", __LINE__, new_name); | ||
338 | 340 | ||
339 | // extract the absolute path of the file | 341 | // extract the absolute path of the file |
340 | // realpath function will fail with ENOENT if the file is not found | 342 | // realpath function will fail with ENOENT if the file is not found |
@@ -353,8 +355,11 @@ void fs_whitelist(void) { | |||
353 | } | 355 | } |
354 | 356 | ||
355 | // valid path referenced to filesystem root | 357 | // valid path referenced to filesystem root |
356 | if (*new_name != '/') | 358 | if (*new_name != '/') { |
359 | if (arg_debug) | ||
360 | fprintf(stderr, "Debug %d: \n", __LINE__); | ||
357 | goto errexit; | 361 | goto errexit; |
362 | } | ||
358 | 363 | ||
359 | // check for supported directories | 364 | // check for supported directories |
360 | if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0) { | 365 | if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0) { |
@@ -370,46 +375,68 @@ void fs_whitelist(void) { | |||
370 | entry->home_dir = 1; | 375 | entry->home_dir = 1; |
371 | home_dir = 1; | 376 | home_dir = 1; |
372 | // both path and absolute path are under /home | 377 | // both path and absolute path are under /home |
373 | if (strncmp(fname, cfg.homedir, strlen(cfg.homedir)) != 0) | 378 | if (strncmp(fname, cfg.homedir, strlen(cfg.homedir)) != 0) { |
379 | if (arg_debug) | ||
380 | fprintf(stderr, "Debug %d: fname #%s#, cfg.homedir #%s#\n", | ||
381 | __LINE__, fname, cfg.homedir); | ||
374 | goto errexit; | 382 | goto errexit; |
383 | } | ||
375 | } | 384 | } |
376 | else if (strncmp(new_name, "/tmp/", 5) == 0) { | 385 | else if (strncmp(new_name, "/tmp/", 5) == 0) { |
377 | entry->tmp_dir = 1; | 386 | entry->tmp_dir = 1; |
378 | tmp_dir = 1; | 387 | tmp_dir = 1; |
379 | // both path and absolute path are under /tmp | 388 | // both path and absolute path are under /tmp |
380 | if (strncmp(fname, "/tmp/", 5) != 0) | 389 | if (strncmp(fname, "/tmp/", 5) != 0) { |
390 | if (arg_debug) | ||
391 | fprintf(stderr, "Debug %d: fname #%s#\n", __LINE__, fname); | ||
381 | goto errexit; | 392 | goto errexit; |
393 | } | ||
382 | } | 394 | } |
383 | else if (strncmp(new_name, "/media/", 7) == 0) { | 395 | else if (strncmp(new_name, "/media/", 7) == 0) { |
384 | entry->media_dir = 1; | 396 | entry->media_dir = 1; |
385 | media_dir = 1; | 397 | media_dir = 1; |
386 | // both path and absolute path are under /media | 398 | // both path and absolute path are under /media |
387 | if (strncmp(fname, "/media/", 7) != 0) | 399 | if (strncmp(fname, "/media/", 7) != 0) { |
400 | if (arg_debug) | ||
401 | fprintf(stderr, "Debug %d: fname #%s#\n", __LINE__, fname); | ||
388 | goto errexit; | 402 | goto errexit; |
403 | } | ||
389 | } | 404 | } |
390 | else if (strncmp(new_name, "/var/", 5) == 0) { | 405 | else if (strncmp(new_name, "/var/", 5) == 0) { |
391 | entry->var_dir = 1; | 406 | entry->var_dir = 1; |
392 | var_dir = 1; | 407 | var_dir = 1; |
393 | // both path and absolute path are under /var | 408 | // both path and absolute path are under /var |
394 | if (strncmp(fname, "/var/", 5) != 0) | 409 | if (strncmp(fname, "/var/", 5) != 0) { |
410 | if (arg_debug) | ||
411 | fprintf(stderr, "Debug %d: fname #%s#\n", __LINE__, fname); | ||
395 | goto errexit; | 412 | goto errexit; |
413 | } | ||
396 | } | 414 | } |
397 | else if (strncmp(new_name, "/dev/", 5) == 0) { | 415 | else if (strncmp(new_name, "/dev/", 5) == 0) { |
398 | entry->dev_dir = 1; | 416 | entry->dev_dir = 1; |
399 | dev_dir = 1; | 417 | dev_dir = 1; |
400 | // both path and absolute path are under /dev | 418 | // both path and absolute path are under /dev |
401 | if (strncmp(fname, "/dev/", 5) != 0) | 419 | if (strncmp(fname, "/dev/", 5) != 0) { |
420 | if (arg_debug) | ||
421 | fprintf(stderr, "Debug %d: fname #%s#\n", __LINE__, fname); | ||
402 | goto errexit; | 422 | goto errexit; |
423 | } | ||
403 | } | 424 | } |
404 | else if (strncmp(new_name, "/opt/", 5) == 0) { | 425 | else if (strncmp(new_name, "/opt/", 5) == 0) { |
405 | entry->opt_dir = 1; | 426 | entry->opt_dir = 1; |
406 | opt_dir = 1; | 427 | opt_dir = 1; |
407 | // both path and absolute path are under /dev | 428 | // both path and absolute path are under /dev |
408 | if (strncmp(fname, "/opt/", 5) != 0) | 429 | if (strncmp(fname, "/opt/", 5) != 0) { |
430 | if (arg_debug) | ||
431 | fprintf(stderr, "Debug %d: fname #%s#\n", __LINE__, fname); | ||
409 | goto errexit; | 432 | goto errexit; |
433 | } | ||
410 | } | 434 | } |
411 | else | 435 | else { |
436 | if (arg_debug) | ||
437 | fprintf(stderr, "Debug %d: \n", __LINE__); | ||
412 | goto errexit; | 438 | goto errexit; |
439 | } | ||
413 | 440 | ||
414 | // mark symbolic links | 441 | // mark symbolic links |
415 | if (is_link(new_name)) | 442 | if (is_link(new_name)) |