diff options
author | Glenn Washburn <development@efficientek.com> | 2018-10-09 04:39:22 -0500 |
---|---|---|
committer | Glenn Washburn <development@efficientek.com> | 2018-10-15 23:39:34 -0500 |
commit | fd79cb3be6aa2e62d5a7ec45eee39dcd07a9d4f3 (patch) | |
tree | 0d22e973c1c2e51cccc0be9481873a056127a9fe /src | |
parent | tentative fix: automatically mount libdir in chroot - #2176 (diff) | |
download | firejail-fd79cb3be6aa2e62d5a7ec45eee39dcd07a9d4f3.tar.gz firejail-fd79cb3be6aa2e62d5a7ec45eee39dcd07a9d4f3.tar.zst firejail-fd79cb3be6aa2e62d5a7ec45eee39dcd07a9d4f3.zip |
rename expand_home -> expand_macros to better reflect usage and remove unneeded homedir argument.
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/firejail.h | 2 | ||||
-rw-r--r-- | src/firejail/fs.c | 6 | ||||
-rw-r--r-- | src/firejail/fs_home.c | 4 | ||||
-rw-r--r-- | src/firejail/fs_hostname.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_mkdir.c | 4 | ||||
-rw-r--r-- | src/firejail/fs_whitelist.c | 2 | ||||
-rw-r--r-- | src/firejail/macros.c | 7 | ||||
-rw-r--r-- | src/firejail/main.c | 3 | ||||
-rw-r--r-- | src/firejail/profile.c | 2 |
9 files changed, 15 insertions, 17 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 441042233..85a4fbddb 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -496,7 +496,7 @@ int arp_check(const char *dev, uint32_t destaddr); | |||
496 | uint32_t arp_assign(const char *dev, Bridge *br); | 496 | uint32_t arp_assign(const char *dev, Bridge *br); |
497 | 497 | ||
498 | // macros.c | 498 | // macros.c |
499 | char *expand_home(const char *path, const char *homedir); | 499 | char *expand_macros(const char *path); |
500 | char *resolve_macro(const char *name); | 500 | char *resolve_macro(const char *name); |
501 | void invalid_filename(const char *fname, int globbing); | 501 | void invalid_filename(const char *fname, int globbing); |
502 | int is_macro(const char *name); | 502 | int is_macro(const char *name); |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 9f0dac4e0..f70c5ac8a 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -257,8 +257,6 @@ static void globbing(OPERATION op, const char *pattern, const char *noblacklist[ | |||
257 | 257 | ||
258 | // blacklist files or directories by mounting empty files on top of them | 258 | // blacklist files or directories by mounting empty files on top of them |
259 | void fs_blacklist(void) { | 259 | void fs_blacklist(void) { |
260 | char *homedir = cfg.homedir; | ||
261 | assert(homedir); | ||
262 | ProfileEntry *entry = cfg.profile; | 260 | ProfileEntry *entry = cfg.profile; |
263 | if (!entry) | 261 | if (!entry) |
264 | return; | 262 | return; |
@@ -335,7 +333,7 @@ void fs_blacklist(void) { | |||
335 | enames = calloc(2, sizeof(char *)); | 333 | enames = calloc(2, sizeof(char *)); |
336 | if (!enames) | 334 | if (!enames) |
337 | errExit("calloc"); | 335 | errExit("calloc"); |
338 | enames[0] = expand_home(entry->data + 12, homedir); | 336 | enames[0] = expand_macros(entry->data + 12); |
339 | assert(enames[1] == 0); | 337 | assert(enames[1] == 0); |
340 | } | 338 | } |
341 | 339 | ||
@@ -401,7 +399,7 @@ void fs_blacklist(void) { | |||
401 | } | 399 | } |
402 | 400 | ||
403 | // replace home macro in blacklist array | 401 | // replace home macro in blacklist array |
404 | char *new_name = expand_home(ptr, homedir); | 402 | char *new_name = expand_macros(ptr); |
405 | ptr = new_name; | 403 | ptr = new_name; |
406 | 404 | ||
407 | // expand path macro - look for the file in /usr/local/bin, /usr/local/sbin, /bin, /usr/bin, /sbin and /usr/sbin directories | 405 | // expand path macro - look for the file in /usr/local/bin, /usr/local/sbin, /bin, /usr/bin, /sbin and /usr/sbin directories |
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 42c67452c..47261d7c1 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -355,7 +355,7 @@ void fs_check_private_dir(void) { | |||
355 | invalid_filename(cfg.home_private, 0); // no globbing | 355 | invalid_filename(cfg.home_private, 0); // no globbing |
356 | 356 | ||
357 | // Expand the home directory | 357 | // Expand the home directory |
358 | char *tmp = expand_home(cfg.home_private, cfg.homedir); | 358 | char *tmp = expand_macros(cfg.home_private); |
359 | cfg.home_private = realpath(tmp, NULL); | 359 | cfg.home_private = realpath(tmp, NULL); |
360 | free(tmp); | 360 | free(tmp); |
361 | 361 | ||
@@ -378,7 +378,7 @@ static char *check_dir_or_file(const char *name) { | |||
378 | printf("Private home: checking %s\n", name); | 378 | printf("Private home: checking %s\n", name); |
379 | 379 | ||
380 | // expand home directory | 380 | // expand home directory |
381 | char *fname = expand_home(name, cfg.homedir); | 381 | char *fname = expand_macros(name); |
382 | assert(fname); | 382 | assert(fname); |
383 | 383 | ||
384 | // If it doesn't start with '/', it must be relative to homedir | 384 | // If it doesn't start with '/', it must be relative to homedir |
diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c index 1884f6597..1fbb073f4 100644 --- a/src/firejail/fs_hostname.c +++ b/src/firejail/fs_hostname.c | |||
@@ -189,7 +189,7 @@ void fs_resolvconf(void) { | |||
189 | char *fs_check_hosts_file(const char *fname) { | 189 | char *fs_check_hosts_file(const char *fname) { |
190 | assert(fname); | 190 | assert(fname); |
191 | invalid_filename(fname, 0); // no globbing | 191 | invalid_filename(fname, 0); // no globbing |
192 | char *rv = expand_home(fname, cfg.homedir); | 192 | char *rv = expand_macros(fname); |
193 | 193 | ||
194 | // no a link | 194 | // no a link |
195 | if (is_link(rv)) | 195 | if (is_link(rv)) |
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c index b66068a95..913f7502d 100644 --- a/src/firejail/fs_mkdir.c +++ b/src/firejail/fs_mkdir.c | |||
@@ -60,7 +60,7 @@ void fs_mkdir(const char *name) { | |||
60 | 60 | ||
61 | // check directory name | 61 | // check directory name |
62 | invalid_filename(name, 0); // no globbing | 62 | invalid_filename(name, 0); // no globbing |
63 | char *expanded = expand_home(name, cfg.homedir); | 63 | char *expanded = expand_macros(name); |
64 | if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0 && | 64 | if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0 && |
65 | strncmp(expanded, "/tmp", 4) != 0) { | 65 | strncmp(expanded, "/tmp", 4) != 0) { |
66 | fprintf(stderr, "Error: only directories in user home or /tmp are supported by mkdir\n"); | 66 | fprintf(stderr, "Error: only directories in user home or /tmp are supported by mkdir\n"); |
@@ -100,7 +100,7 @@ void fs_mkfile(const char *name) { | |||
100 | 100 | ||
101 | // check file name | 101 | // check file name |
102 | invalid_filename(name, 0); // no globbing | 102 | invalid_filename(name, 0); // no globbing |
103 | char *expanded = expand_home(name, cfg.homedir); | 103 | char *expanded = expand_macros(name); |
104 | if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0 && | 104 | if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0 && |
105 | strncmp(expanded, "/tmp", 4) != 0) { | 105 | strncmp(expanded, "/tmp", 4) != 0) { |
106 | fprintf(stderr, "Error: only files in user home or /tmp are supported by mkfile\n"); | 106 | fprintf(stderr, "Error: only files in user home or /tmp are supported by mkfile\n"); |
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 454715a71..8ef948239 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -368,7 +368,7 @@ void fs_whitelist(void) { | |||
368 | char *dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; | 368 | char *dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; |
369 | 369 | ||
370 | // replace ~/ or ${HOME} into /home/username or resolve macro | 370 | // replace ~/ or ${HOME} into /home/username or resolve macro |
371 | new_name = expand_home(dataptr, cfg.homedir); | 371 | new_name = expand_macros(dataptr); |
372 | assert(new_name); | 372 | assert(new_name); |
373 | 373 | ||
374 | // mount empty home directory if resolving the macro was not successful | 374 | // mount empty home directory if resolving the macro was not successful |
diff --git a/src/firejail/macros.c b/src/firejail/macros.c index 4bf3d3589..59b5db3d8 100644 --- a/src/firejail/macros.c +++ b/src/firejail/macros.c | |||
@@ -192,9 +192,8 @@ char *resolve_macro(const char *name) { | |||
192 | // directory (supplied). | 192 | // directory (supplied). |
193 | // The return value is allocated using malloc and must be freed by the caller. | 193 | // The return value is allocated using malloc and must be freed by the caller. |
194 | // The function returns NULL if there are any errors. | 194 | // The function returns NULL if there are any errors. |
195 | char *expand_home(const char *path, const char *homedir) { | 195 | char *expand_macros(const char *path) { |
196 | assert(path); | 196 | assert(path); |
197 | assert(homedir); | ||
198 | 197 | ||
199 | int called_as_root = 0; | 198 | int called_as_root = 0; |
200 | 199 | ||
@@ -210,14 +209,14 @@ char *expand_home(const char *path, const char *homedir) { | |||
210 | // Replace home macro | 209 | // Replace home macro |
211 | char *new_name = NULL; | 210 | char *new_name = NULL; |
212 | if (strncmp(path, "${HOME}", 7) == 0) { | 211 | if (strncmp(path, "${HOME}", 7) == 0) { |
213 | if (asprintf(&new_name, "%s%s", homedir, path + 7) == -1) | 212 | if (asprintf(&new_name, "%s%s", cfg.homedir, path + 7) == -1) |
214 | errExit("asprintf"); | 213 | errExit("asprintf"); |
215 | if(called_as_root) | 214 | if(called_as_root) |
216 | EUID_ROOT(); | 215 | EUID_ROOT(); |
217 | return new_name; | 216 | return new_name; |
218 | } | 217 | } |
219 | else if (*path == '~') { | 218 | else if (*path == '~') { |
220 | if (asprintf(&new_name, "%s%s", homedir, path + 1) == -1) | 219 | if (asprintf(&new_name, "%s%s", cfg.homedir, path + 1) == -1) |
221 | errExit("asprintf"); | 220 | errExit("asprintf"); |
222 | if(called_as_root) | 221 | if(called_as_root) |
223 | EUID_ROOT(); | 222 | EUID_ROOT(); |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 315a7260a..e0a149085 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -868,6 +868,7 @@ int main(int argc, char **argv) { | |||
868 | 868 | ||
869 | // check if the user is allowed to use firejail | 869 | // check if the user is allowed to use firejail |
870 | init_cfg(argc, argv); | 870 | init_cfg(argc, argv); |
871 | assert(cfg.homedir); | ||
871 | 872 | ||
872 | // get starting timestamp, process --quiet | 873 | // get starting timestamp, process --quiet |
873 | start_timestamp = getticks(); | 874 | start_timestamp = getticks(); |
@@ -1480,7 +1481,7 @@ int main(int argc, char **argv) { | |||
1480 | exit(1); | 1481 | exit(1); |
1481 | } | 1482 | } |
1482 | 1483 | ||
1483 | char *ppath = expand_home(argv[i] + 10, cfg.homedir); | 1484 | char *ppath = expand_macros(argv[i] + 10); |
1484 | if (!ppath) | 1485 | if (!ppath) |
1485 | errExit("strdup"); | 1486 | errExit("strdup"); |
1486 | 1487 | ||
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index db58d2e0b..f70c0c9d1 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -1327,7 +1327,7 @@ void profile_read(const char *fname) { | |||
1327 | char *newprofile = ptr + 8; // profile name | 1327 | char *newprofile = ptr + 8; // profile name |
1328 | 1328 | ||
1329 | // expand ${HOME}/ in front of the new profile file | 1329 | // expand ${HOME}/ in front of the new profile file |
1330 | char *newprofile2 = expand_home(newprofile, cfg.homedir); | 1330 | char *newprofile2 = expand_macros(newprofile); |
1331 | 1331 | ||
1332 | // recursivity | 1332 | // recursivity |
1333 | profile_read((newprofile2)? newprofile2:newprofile); | 1333 | profile_read((newprofile2)? newprofile2:newprofile); |