diff options
author | Glenn Washburn <development@efficientek.com> | 2019-08-29 22:42:05 -0500 |
---|---|---|
committer | Glenn Washburn <development@efficientek.com> | 2019-08-29 22:42:05 -0500 |
commit | 742d2a26ca5281b9d1b161011d92164a4f3dc90e (patch) | |
tree | 8d0fb2e9715aa606150054796ef30dd4f3cafae0 /src | |
parent | When running builder trace output should go to separate file because (1) trac... (diff) | |
download | firejail-742d2a26ca5281b9d1b161011d92164a4f3dc90e.tar.gz firejail-742d2a26ca5281b9d1b161011d92164a4f3dc90e.tar.zst firejail-742d2a26ca5281b9d1b161011d92164a4f3dc90e.zip |
Make sure that we are unprivileged before creating the trace log file.
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs_trace.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c index eac73a074..2a7c83049 100644 --- a/src/firejail/fs_trace.c +++ b/src/firejail/fs_trace.c | |||
@@ -45,14 +45,16 @@ void fs_trace_preload(void) { | |||
45 | if (arg_debug) | 45 | if (arg_debug) |
46 | printf("Creating an empty trace log file: %s\n", arg_tracefile); | 46 | printf("Creating an empty trace log file: %s\n", arg_tracefile); |
47 | // create a bind mounted trace logfile that the sandbox can see | 47 | // create a bind mounted trace logfile that the sandbox can see |
48 | EUID_USER(); | ||
48 | FILE *fp = fopen(arg_tracefile, "w"); | 49 | FILE *fp = fopen(arg_tracefile, "w"); |
49 | if (!fp) | 50 | if (!fp) |
50 | errExit("fopen"); | 51 | errExit("fopen"); |
51 | SET_PERMS_STREAM(fp, firejail_uid, firejail_gid, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 52 | SET_PERMS_STREAM(fp, firejail_uid, firejail_gid, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); |
52 | fclose(fp); | 53 | fclose(fp); |
54 | EUID_ROOT(); | ||
53 | fp = fopen(RUN_TRACE_FILE, "w"); | 55 | fp = fopen(RUN_TRACE_FILE, "w"); |
54 | if (!fp) | 56 | if (!fp) |
55 | errExit("fopen"); | 57 | errExit("fopen " RUN_TRACE_FILE); |
56 | fclose(fp); | 58 | fclose(fp); |
57 | fs_logger2("touch ", arg_tracefile); | 59 | fs_logger2("touch ", arg_tracefile); |
58 | if (mount(arg_tracefile, RUN_TRACE_FILE, NULL, MS_BIND|MS_REC, NULL) < 0) | 60 | if (mount(arg_tracefile, RUN_TRACE_FILE, NULL, MS_BIND|MS_REC, NULL) < 0) |