diff options
author | netblue30 <netblue30@yahoo.com> | 2016-09-28 09:07:00 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-09-28 09:07:00 -0400 |
commit | 28c2ace5fd2dbf8b44f88470ba817d0b0449e8cc (patch) | |
tree | ace60ee7f4000def469f57f817e101e8fd5214ba /src | |
parent | debug (diff) | |
download | firejail-28c2ace5fd2dbf8b44f88470ba817d0b0449e8cc.tar.gz firejail-28c2ace5fd2dbf8b44f88470ba817d0b0449e8cc.tar.zst firejail-28c2ace5fd2dbf8b44f88470ba817d0b0449e8cc.zip |
private-dev fix
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs_dev.c | 31 |
1 files changed, 25 insertions, 6 deletions
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c index c21aed6c4..6f5385f79 100644 --- a/src/firejail/fs_dev.c +++ b/src/firejail/fs_dev.c | |||
@@ -59,13 +59,32 @@ static void deventry_mount(void) { | |||
59 | while (dev[i].dev_fname != NULL) { | 59 | while (dev[i].dev_fname != NULL) { |
60 | struct stat s; | 60 | struct stat s; |
61 | if (stat(dev[i].run_fname, &s) == 0) { | 61 | if (stat(dev[i].run_fname, &s) == 0) { |
62 | int dir = is_dir(dev[i].run_fname); | ||
62 | if (arg_debug) | 63 | if (arg_debug) |
63 | printf("mounting %s\n", dev[i].run_fname); | 64 | printf("mounting %s %s\n", dev[i].run_fname, (dir)? "directory": "file"); |
64 | if (mkdir(dev[i].dev_fname, 0755) == -1) | 65 | if (dir) { |
65 | errExit("mkdir"); | 66 | if (mkdir(dev[i].dev_fname, 0755) == -1) |
66 | if (chmod(dev[i].dev_fname, 0755) == -1) | 67 | errExit("mkdir"); |
67 | errExit("chmod"); | 68 | if (chmod(dev[i].dev_fname, 0755) == -1) |
68 | ASSERT_PERMS(dev[i].dev_fname, 0, 0, 0755); | 69 | errExit("chmod"); |
70 | ASSERT_PERMS(dev[i].dev_fname, 0, 0, 0755); | ||
71 | } | ||
72 | else { | ||
73 | struct stat s; | ||
74 | if (stat(dev[i].run_fname, &s) == -1) { | ||
75 | if (arg_debug) | ||
76 | printf("Warning: cannot stat %s file\n", dev[i].run_fname); | ||
77 | i++; | ||
78 | continue; | ||
79 | } | ||
80 | FILE *fp = fopen(dev[i].dev_fname, "w"); | ||
81 | if (fp) { | ||
82 | fprintf(fp, "\n"); | ||
83 | SET_PERMS_STREAM(fp, s.st_uid, s.st_gid, s.st_mode); | ||
84 | fclose(fp); | ||
85 | } | ||
86 | } | ||
87 | |||
69 | if (mount(dev[i].run_fname, dev[i].dev_fname, NULL, MS_BIND|MS_REC, NULL) < 0) | 88 | if (mount(dev[i].run_fname, dev[i].dev_fname, NULL, MS_BIND|MS_REC, NULL) < 0) |
70 | errExit("mounting dev file"); | 89 | errExit("mounting dev file"); |
71 | fs_logger2("whitelist", dev[i].dev_fname); | 90 | fs_logger2("whitelist", dev[i].dev_fname); |