diff options
author | netblue30 <netblue30@yahoo.com> | 2016-03-20 13:17:35 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-03-20 13:17:35 -0400 |
commit | 74149d2484c091e1595416731ba208ff7803957b (patch) | |
tree | 23f8fa53f63425103ad9d6d493d49d1fe3cedffd /src | |
parent | fixed symlinks for private-bin (diff) | |
download | firejail-74149d2484c091e1595416731ba208ff7803957b.tar.gz firejail-74149d2484c091e1595416731ba208ff7803957b.tar.zst firejail-74149d2484c091e1595416731ba208ff7803957b.zip |
fixes
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/main.c | 39 | ||||
-rw-r--r-- | src/firejail/util.c | 10 |
3 files changed, 37 insertions, 13 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index f1ddd40ad..0e2ae16c2 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -370,6 +370,7 @@ const char *gnu_basename(const char *path); | |||
370 | uid_t pid_get_uid(pid_t pid); | 370 | uid_t pid_get_uid(pid_t pid); |
371 | void invalid_filename(const char *fname); | 371 | void invalid_filename(const char *fname); |
372 | uid_t get_tty_gid(void); | 372 | uid_t get_tty_gid(void); |
373 | uid_t get_audio_gid(void); | ||
373 | 374 | ||
374 | // fs_var.c | 375 | // fs_var.c |
375 | void fs_var_log(void); // mounting /var/log | 376 | void fs_var_log(void); // mounting /var/log |
diff --git a/src/firejail/main.c b/src/firejail/main.c index b20854b30..612d9c667 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -2007,6 +2007,7 @@ int main(int argc, char **argv) { | |||
2007 | char *map_path; | 2007 | char *map_path; |
2008 | if (asprintf(&map_path, "/proc/%d/uid_map", child) == -1) | 2008 | if (asprintf(&map_path, "/proc/%d/uid_map", child) == -1) |
2009 | errExit("asprintf"); | 2009 | errExit("asprintf"); |
2010 | |||
2010 | char *map; | 2011 | char *map; |
2011 | uid_t uid = getuid(); | 2012 | uid_t uid = getuid(); |
2012 | if (asprintf(&map, "%d %d 1", uid, uid) == -1) | 2013 | if (asprintf(&map, "%d %d 1", uid, uid) == -1) |
@@ -2017,23 +2018,35 @@ int main(int argc, char **argv) { | |||
2017 | free(map); | 2018 | free(map); |
2018 | free(map_path); | 2019 | free(map_path); |
2019 | 2020 | ||
2020 | //gid | 2021 | // gid file |
2021 | if (asprintf(&map_path, "/proc/%d/gid_map", child) == -1) | 2022 | if (asprintf(&map_path, "/proc/%d/gid_map", child) == -1) |
2022 | errExit("asprintf"); | 2023 | errExit("asprintf"); |
2024 | char gidmap[1024]; | ||
2025 | char *ptr = gidmap; | ||
2026 | *ptr = '\0'; | ||
2027 | |||
2028 | // add user group | ||
2023 | gid_t gid = getgid(); | 2029 | gid_t gid = getgid(); |
2030 | sprintf(ptr, "%d %d 1\n", gid, gid); | ||
2031 | ptr += strlen(ptr); | ||
2032 | |||
2033 | // add tty group | ||
2024 | gid_t ttygid = get_tty_gid(); | 2034 | gid_t ttygid = get_tty_gid(); |
2025 | if (ttygid == 0) { | 2035 | if (ttygid) { |
2026 | if (asprintf(&map, "%d %d 1", gid, gid) == -1) | 2036 | sprintf(ptr, "%d %d 1\n", ttygid, ttygid); |
2027 | errExit("asprintf"); | 2037 | ptr += strlen(ptr); |
2028 | } | 2038 | } |
2029 | else { | 2039 | |
2030 | if (asprintf(&map, "%d %d 1\n%d %d 1", gid, gid, ttygid, ttygid) == -1) | 2040 | // add audio group |
2031 | errExit("asprintf"); | 2041 | gid_t audiogid = get_audio_gid(); |
2032 | } | 2042 | if (ttygid) { |
2043 | sprintf(ptr, "%d %d 1\n", audiogid, audiogid); | ||
2044 | ptr += strlen(ptr); | ||
2045 | } | ||
2046 | |||
2033 | EUID_ROOT(); | 2047 | EUID_ROOT(); |
2034 | update_map(map, map_path); | 2048 | update_map(gidmap, map_path); |
2035 | EUID_USER(); | 2049 | EUID_USER(); |
2036 | free(map); | ||
2037 | free(map_path); | 2050 | free(map_path); |
2038 | } | 2051 | } |
2039 | 2052 | ||
diff --git a/src/firejail/util.c b/src/firejail/util.c index 04b564370..1fa60bb4d 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -642,3 +642,13 @@ uid_t get_tty_gid(void) { | |||
642 | 642 | ||
643 | return ttygid; | 643 | return ttygid; |
644 | } | 644 | } |
645 | |||
646 | uid_t get_audio_gid(void) { | ||
647 | // find tty group id | ||
648 | gid_t audiogid = 0; | ||
649 | struct group *g = getgrnam("audio"); | ||
650 | if (g) | ||
651 | audiogid = g->gr_gid; | ||
652 | |||
653 | return audiogid; | ||
654 | } | ||