diff options
author | Kristóf Marussy <kris7topher@gmail.com> | 2019-12-27 21:13:34 +0100 |
---|---|---|
committer | Kristóf Marussy <kris7topher@gmail.com> | 2019-12-30 02:38:59 +0100 |
commit | 8dd73b29fd99aedf9000e9e0c3278de8cf89ac5d (patch) | |
tree | e1ee4f761d6a51ee3da7aef5851042d53b4af1db /src | |
parent | Allow resolv.conf be written by dhclient (diff) | |
download | firejail-8dd73b29fd99aedf9000e9e0c3278de8cf89ac5d.tar.gz firejail-8dd73b29fd99aedf9000e9e0c3278de8cf89ac5d.tar.zst firejail-8dd73b29fd99aedf9000e9e0c3278de8cf89ac5d.zip |
Add sbox_run_v to run programs with explicit argument lists
Refactored sbox_run to pass the varargs argument list as an array to an
auxiliary function.
The auxiliary function allows running programs with dynamically built
argument lists.
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/sbox.c | 23 |
2 files changed, 18 insertions, 6 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index bfe680d24..0311968c3 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -815,6 +815,7 @@ void build_appimage_cmdline(char **command_line, char **window_title, int argc, | |||
815 | 815 | ||
816 | // run sbox | 816 | // run sbox |
817 | int sbox_run(unsigned filter, int num, ...); | 817 | int sbox_run(unsigned filter, int num, ...); |
818 | int sbox_run_v(unsigned filter, char * const arg[]); | ||
818 | 819 | ||
819 | // run_files.c | 820 | // run_files.c |
820 | void delete_run_files(pid_t pid); | 821 | void delete_run_files(pid_t pid); |
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c index e5739ecb5..a90cb7668 100644 --- a/src/firejail/sbox.c +++ b/src/firejail/sbox.c | |||
@@ -105,23 +105,34 @@ static struct sock_fprog prog = { | |||
105 | }; | 105 | }; |
106 | 106 | ||
107 | int sbox_run(unsigned filtermask, int num, ...) { | 107 | int sbox_run(unsigned filtermask, int num, ...) { |
108 | EUID_ROOT(); | ||
109 | |||
110 | int i; | ||
111 | va_list valist; | 108 | va_list valist; |
112 | va_start(valist, num); | 109 | va_start(valist, num); |
113 | 110 | ||
114 | // build argument list | 111 | // build argument list |
115 | char *arg[num + 1]; | 112 | char **arg = malloc((num + 1) * sizeof(char *)); |
113 | int i; | ||
116 | for (i = 0; i < num; i++) | 114 | for (i = 0; i < num; i++) |
117 | arg[i] = va_arg(valist, char*); | 115 | arg[i] = va_arg(valist, char*); |
118 | arg[i] = NULL; | 116 | arg[i] = NULL; |
119 | va_end(valist); | 117 | va_end(valist); |
120 | 118 | ||
119 | int status = sbox_run_v(filtermask, arg); | ||
120 | |||
121 | free(arg); | ||
122 | |||
123 | return status; | ||
124 | } | ||
125 | |||
126 | int sbox_run_v(unsigned filtermask, char * const arg[]) { | ||
127 | EUID_ROOT(); | ||
128 | |||
121 | if (arg_debug) { | 129 | if (arg_debug) { |
122 | printf("sbox run: "); | 130 | printf("sbox run: "); |
123 | for (i = 0; i <= num; i++) | 131 | int i = 0; |
132 | while (arg[i]) { | ||
124 | printf("%s ", arg[i]); | 133 | printf("%s ", arg[i]); |
134 | i++; | ||
135 | } | ||
125 | printf("\n"); | 136 | printf("\n"); |
126 | } | 137 | } |
127 | 138 | ||
@@ -171,7 +182,7 @@ int sbox_run(unsigned filtermask, int num, ...) { | |||
171 | 182 | ||
172 | // close all other file descriptors | 183 | // close all other file descriptors |
173 | int max = 20; // getdtablesize() is overkill for a firejail process | 184 | int max = 20; // getdtablesize() is overkill for a firejail process |
174 | for (i = 3; i < max; i++) | 185 | for (int i = 3; i < max; i++) |
175 | close(i); // close open files | 186 | close(i); // close open files |
176 | 187 | ||
177 | umask(027); | 188 | umask(027); |