diff options
author | nextime <franco@unixmedia.it> | 2016-08-04 02:15:43 +0200 |
---|---|---|
committer | nextime <franco@unixmedia.it> | 2016-08-04 02:15:43 +0200 |
commit | 8f512407ddb2abc3e2b7ae71f848916e7e3fc64d (patch) | |
tree | 50ebfd6aed46a44b9d80f9ee05576fc65c5f3bc9 /src | |
parent | Fix minor bugs (diff) | |
download | firejail-8f512407ddb2abc3e2b7ae71f848916e7e3fc64d.tar.gz firejail-8f512407ddb2abc3e2b7ae71f848916e7e3fc64d.tar.zst firejail-8f512407ddb2abc3e2b7ae71f848916e7e3fc64d.zip |
Make copydir work as expected
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs_home.c | 23 | ||||
-rw-r--r-- | src/firejail/main.c | 13 | ||||
-rw-r--r-- | src/firejail/usage.c | 3 | ||||
-rw-r--r-- | src/man/firejail.txt | 12 |
4 files changed, 44 insertions, 7 deletions
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 3cb410569..604bba0e4 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -355,11 +355,22 @@ int fs_copydir(const char *path, const struct stat *st, int ftype, struct FTW *s | |||
355 | struct stat s; | 355 | struct stat s; |
356 | // don't copy it if we already have the file | 356 | // don't copy it if we already have the file |
357 | if (stat(dest, &s) == 0) | 357 | if (stat(dest, &s) == 0) |
358 | return 0; | 358 | return(0); |
359 | if (stat(path, &s) == 0) { | 359 | if (stat(path, &s) == 0) { |
360 | if (copy_file(path, dest) == 0) { | 360 | if(ftype == FTW_F) { |
361 | if (chown(dest, u, g) == -1) | 361 | if (copy_file(path, dest) == 0) { |
362 | errExit("chown"); | 362 | if (arg_debug) |
363 | printf("copy from %s to %s\n", path, dest); | ||
364 | if (chown(dest, u, g) == -1) | ||
365 | errExit("chown"); | ||
366 | fs_logger2("clone", path); | ||
367 | } | ||
368 | } | ||
369 | else if(ftype == FTW_D) { | ||
370 | if (mkdir(dest, s.st_mode) == -1) | ||
371 | errExit("mkdir"); | ||
372 | if (arg_debug) | ||
373 | printf("copy from %s to %s\n", path, dest); | ||
363 | fs_logger2("clone", path); | 374 | fs_logger2("clone", path); |
364 | } | 375 | } |
365 | } | 376 | } |
@@ -369,11 +380,13 @@ int fs_copydir(const char *path, const struct stat *st, int ftype, struct FTW *s | |||
369 | } | 380 | } |
370 | 381 | ||
371 | void fs_private_template(void) { | 382 | void fs_private_template(void) { |
383 | |||
372 | fs_private(); | 384 | fs_private(); |
373 | if(!nftw(cfg.private_template, fs_copydir, 1, FTW_PHYS)) { | 385 | if(nftw(cfg.private_template, fs_copydir, 1, FTW_PHYS) != 0) { |
374 | fprintf(stderr, "Error: unable to copy template dir\n"); | 386 | fprintf(stderr, "Error: unable to copy template dir\n"); |
375 | exit(1); | 387 | exit(1); |
376 | } | 388 | } |
389 | |||
377 | } | 390 | } |
378 | 391 | ||
379 | // check new private home directory (--private= option) - exit if it fails | 392 | // check new private home directory (--private= option) - exit if it fails |
diff --git a/src/firejail/main.c b/src/firejail/main.c index a6c96f956..9f6fa5142 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1349,9 +1349,18 @@ int main(int argc, char **argv) { | |||
1349 | else if (strcmp(argv[i], "--writable-var") == 0) { | 1349 | else if (strcmp(argv[i], "--writable-var") == 0) { |
1350 | arg_writable_var = 1; | 1350 | arg_writable_var = 1; |
1351 | } | 1351 | } |
1352 | else if (strcmp(argv[i], "--private") == 0) | 1352 | else if (strcmp(argv[i], "--private") == 0) { |
1353 | if (arg_private_template) { | ||
1354 | fprintf(stderr, "Error: --private and --private-template are mutually exclusive\n"); | ||
1355 | exit(1); | ||
1356 | } | ||
1353 | arg_private = 1; | 1357 | arg_private = 1; |
1358 | } | ||
1354 | else if (strncmp(argv[i], "--private=", 10) == 0) { | 1359 | else if (strncmp(argv[i], "--private=", 10) == 0) { |
1360 | if (arg_private_template) { | ||
1361 | fprintf(stderr, "Error: --private and --private-template are mutually exclusive\n"); | ||
1362 | exit(1); | ||
1363 | } | ||
1355 | // extract private home dirname | 1364 | // extract private home dirname |
1356 | cfg.home_private = argv[i] + 10; | 1365 | cfg.home_private = argv[i] + 10; |
1357 | if (*cfg.home_private == '\0') { | 1366 | if (*cfg.home_private == '\0') { |
@@ -1362,7 +1371,7 @@ int main(int argc, char **argv) { | |||
1362 | arg_private = 1; | 1371 | arg_private = 1; |
1363 | } | 1372 | } |
1364 | else if (strncmp(argv[i], "--private-template=", 19) == 0) { | 1373 | else if (strncmp(argv[i], "--private-template=", 19) == 0) { |
1365 | cfg.private_template = argv[i] + 14; | 1374 | cfg.private_template = argv[i] + 19; |
1366 | if (arg_private) { | 1375 | if (arg_private) { |
1367 | fprintf(stderr, "Error: --private and --private-template are mutually exclusive\n"); | 1376 | fprintf(stderr, "Error: --private and --private-template are mutually exclusive\n"); |
1368 | exit(1); | 1377 | exit(1); |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 958a16da7..baba93791 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -189,6 +189,9 @@ void usage(void) { | |||
189 | printf("\tclosed.\n\n"); | 189 | printf("\tclosed.\n\n"); |
190 | printf(" --private=directory - use directory as user home.\n\n"); | 190 | printf(" --private=directory - use directory as user home.\n\n"); |
191 | 191 | ||
192 | printf(" --private-template=directory - same as --private but copy the\n"); | ||
193 | printf("\ttemplatedirectory in the tmpfs mounted user home.\n\n"); | ||
194 | |||
192 | printf(" --private-bin=file,file - build a new /bin in a temporary filesystem,\n"); | 195 | printf(" --private-bin=file,file - build a new /bin in a temporary filesystem,\n"); |
193 | printf("\tand copy the programs in the list.\n\n"); | 196 | printf("\tand copy the programs in the list.\n\n"); |
194 | 197 | ||
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 9e6916534..c6b73f428 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1045,6 +1045,18 @@ Example: | |||
1045 | $ firejail \-\-private=/home/netblue/firefox-home firefox | 1045 | $ firejail \-\-private=/home/netblue/firefox-home firefox |
1046 | 1046 | ||
1047 | .TP | 1047 | .TP |
1048 | \fB\-\-private-template=templatedir | ||
1049 | Mount new /root and /home/user directories in temporary | ||
1050 | filesystems, and copy all files in templatedir. All modifications are discarded when the sandbox is | ||
1051 | closed. | ||
1052 | .br | ||
1053 | |||
1054 | .br | ||
1055 | Example: | ||
1056 | .br | ||
1057 | $ firejail \-\-private-template=/home/netblue/.config/mozilla firefox | ||
1058 | |||
1059 | .TP | ||
1048 | \fB\-\-private-bin=file,file | 1060 | \fB\-\-private-bin=file,file |
1049 | Build a new /bin in a temporary filesystem, and copy the programs in the list. | 1061 | Build a new /bin in a temporary filesystem, and copy the programs in the list. |
1050 | If no listed file is found, /bin directory will be empty. | 1062 | If no listed file is found, /bin directory will be empty. |