diff options
author | smitsohu <smitsohu@gmail.com> | 2021-10-28 15:19:15 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2021-10-28 15:19:15 +0200 |
commit | e1d230828ce2900e71538bdaaa7a6a16338f1e69 (patch) | |
tree | d9d44fb761ebda84e3d878d27e50bffee3188c52 /src | |
parent | Add disable-proc to firefox-common (diff) | |
download | firejail-e1d230828ce2900e71538bdaaa7a6a16338f1e69.tar.gz firejail-e1d230828ce2900e71538bdaaa7a6a16338f1e69.tar.zst firejail-e1d230828ce2900e71538bdaaa7a6a16338f1e69.zip |
more cleanup
possible because selinux_relabel_path
now raises privs itself where necessary
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs_home.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 8d8530d81..230e9186c 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -380,12 +380,14 @@ void fs_private(void) { | |||
380 | selinux_relabel_path("/home", "/home"); | 380 | selinux_relabel_path("/home", "/home"); |
381 | fs_logger("tmpfs /home"); | 381 | fs_logger("tmpfs /home"); |
382 | } | 382 | } |
383 | EUID_USER(); | ||
383 | 384 | ||
384 | if (u != 0) { | 385 | if (u != 0) { |
385 | if (!arg_allusers && strncmp(homedir, "/home/", 6) == 0) { | 386 | if (!arg_allusers && strncmp(homedir, "/home/", 6) == 0) { |
386 | // create new empty /home/user directory | 387 | // create new empty /home/user directory |
387 | if (arg_debug) | 388 | if (arg_debug) |
388 | printf("Create a new user directory\n"); | 389 | printf("Create a new user directory\n"); |
390 | EUID_ROOT(); | ||
389 | if (mkdir(homedir, S_IRWXU) == -1) { | 391 | if (mkdir(homedir, S_IRWXU) == -1) { |
390 | if (mkpath_as_root(homedir) == -1) | 392 | if (mkpath_as_root(homedir) == -1) |
391 | errExit("mkpath"); | 393 | errExit("mkpath"); |
@@ -394,20 +396,17 @@ void fs_private(void) { | |||
394 | } | 396 | } |
395 | if (chown(homedir, u, g) < 0) | 397 | if (chown(homedir, u, g) < 0) |
396 | errExit("chown"); | 398 | errExit("chown"); |
399 | EUID_USER(); | ||
397 | fs_logger2("mkdir", homedir); | 400 | fs_logger2("mkdir", homedir); |
398 | fs_logger2("tmpfs", homedir); | 401 | fs_logger2("tmpfs", homedir); |
399 | } | 402 | } |
400 | else { | 403 | else |
401 | // mask user home directory | 404 | // mask user home directory |
402 | // the directory should be owned by the current user | 405 | // the directory should be owned by the current user |
403 | EUID_USER(); | ||
404 | fs_tmpfs(homedir, 1); | 406 | fs_tmpfs(homedir, 1); |
405 | EUID_ROOT(); | ||
406 | } | ||
407 | 407 | ||
408 | selinux_relabel_path(homedir, homedir); | 408 | selinux_relabel_path(homedir, homedir); |
409 | } | 409 | } |
410 | EUID_USER(); | ||
411 | 410 | ||
412 | skel(homedir); | 411 | skel(homedir); |
413 | if (xflag) | 412 | if (xflag) |