diff options
author | smitsohu <smitsohu@gmail.com> | 2018-10-26 22:47:48 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2018-10-26 22:47:48 +0200 |
commit | 922c4a10abe52d9f2c1e1b1c932a43076822920f (patch) | |
tree | d22523938f1a78eb06d7713c12301c7a91c368b6 /src | |
parent | Merge pull request #2218 from smitsohu/mounts2 (diff) | |
download | firejail-922c4a10abe52d9f2c1e1b1c932a43076822920f.tar.gz firejail-922c4a10abe52d9f2c1e1b1c932a43076822920f.tar.zst firejail-922c4a10abe52d9f2c1e1b1c932a43076822920f.zip |
little tweaks, cosmetic changes
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/firejail.h | 2 | ||||
-rw-r--r-- | src/firejail/fs.c | 17 | ||||
-rw-r--r-- | src/firejail/mountinfo.c | 40 |
3 files changed, 28 insertions, 31 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index d5733e678..2d96863c5 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -561,7 +561,7 @@ typedef struct { | |||
561 | // mountinfo.c | 561 | // mountinfo.c |
562 | MountData *get_last_mount(void); | 562 | MountData *get_last_mount(void); |
563 | int get_mount_id(const char *path); | 563 | int get_mount_id(const char *path); |
564 | char **get_all_mounts(const int mountid, const char *path); | 564 | char **build_mount_array(const int mountid, const char *path); |
565 | 565 | ||
566 | // fs_var.c | 566 | // fs_var.c |
567 | void fs_var_log(void); // mounting /var/log | 567 | void fs_var_log(void); // mounting /var/log |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 6fe9d56aa..eda46d127 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -485,12 +485,12 @@ void fs_rdonly_rec(const char *dir) { | |||
485 | EUID_USER(); | 485 | EUID_USER(); |
486 | // get mount point of the directory | 486 | // get mount point of the directory |
487 | int mountid = get_mount_id(dir); | 487 | int mountid = get_mount_id(dir); |
488 | if (mountid == 0) { | 488 | if (mountid == -1) { |
489 | EUID_ROOT(); | 489 | EUID_ROOT(); |
490 | return; | 490 | return; |
491 | } | 491 | } |
492 | // build array with all mount points that need to get remounted | 492 | // build array with all mount points that need to get remounted |
493 | char **arr = get_all_mounts(mountid, dir); | 493 | char **arr = build_mount_array(mountid, dir); |
494 | assert(arr); | 494 | assert(arr); |
495 | // remount | 495 | // remount |
496 | EUID_ROOT(); | 496 | EUID_ROOT(); |
@@ -543,12 +543,12 @@ static void fs_rdwr_rec(const char *dir) { | |||
543 | EUID_USER(); | 543 | EUID_USER(); |
544 | // get mount point of the directory | 544 | // get mount point of the directory |
545 | int mountid = get_mount_id(dir); | 545 | int mountid = get_mount_id(dir); |
546 | if (mountid == 0) { | 546 | if (mountid == -1) { |
547 | EUID_ROOT(); | 547 | EUID_ROOT(); |
548 | return; | 548 | return; |
549 | } | 549 | } |
550 | // build array with all mount points that need to get remounted | 550 | // build array with all mount points that need to get remounted |
551 | char **arr = get_all_mounts(mountid, dir); | 551 | char **arr = build_mount_array(mountid, dir); |
552 | assert(arr); | 552 | assert(arr); |
553 | // remount | 553 | // remount |
554 | EUID_ROOT(); | 554 | EUID_ROOT(); |
@@ -589,12 +589,12 @@ void fs_noexec_rec(const char *dir) { | |||
589 | EUID_USER(); | 589 | EUID_USER(); |
590 | // get mount point of the directory | 590 | // get mount point of the directory |
591 | int mountid = get_mount_id(dir); | 591 | int mountid = get_mount_id(dir); |
592 | if (mountid == 0) { | 592 | if (mountid == -1) { |
593 | EUID_ROOT(); | 593 | EUID_ROOT(); |
594 | return; | 594 | return; |
595 | } | 595 | } |
596 | // build array with all mount points that need to get remounted | 596 | // build array with all mount points that need to get remounted |
597 | char **arr = get_all_mounts(mountid, dir); | 597 | char **arr = build_mount_array(mountid, dir); |
598 | assert(arr); | 598 | assert(arr); |
599 | // remount | 599 | // remount |
600 | EUID_ROOT(); | 600 | EUID_ROOT(); |
@@ -809,20 +809,17 @@ void fs_basic_fs(void) { | |||
809 | uid_t uid = getuid(); | 809 | uid_t uid = getuid(); |
810 | 810 | ||
811 | if (arg_debug) | 811 | if (arg_debug) |
812 | printf("Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr"); | 812 | printf("Basic read-only filesystem:\n"); |
813 | if (!arg_writable_etc) { | 813 | if (!arg_writable_etc) { |
814 | fs_rdonly("/etc"); | 814 | fs_rdonly("/etc"); |
815 | if (uid) | 815 | if (uid) |
816 | fs_noexec("/etc"); | 816 | fs_noexec("/etc"); |
817 | if (arg_debug) printf(", /etc"); | ||
818 | } | 817 | } |
819 | if (!arg_writable_var) { | 818 | if (!arg_writable_var) { |
820 | fs_rdonly("/var"); | 819 | fs_rdonly("/var"); |
821 | if (uid) | 820 | if (uid) |
822 | fs_noexec("/var"); | 821 | fs_noexec("/var"); |
823 | if (arg_debug) printf(", /var"); | ||
824 | } | 822 | } |
825 | if (arg_debug) printf("\n"); | ||
826 | fs_rdonly("/bin"); | 823 | fs_rdonly("/bin"); |
827 | fs_rdonly("/sbin"); | 824 | fs_rdonly("/sbin"); |
828 | fs_rdonly("/lib"); | 825 | fs_rdonly("/lib"); |
diff --git a/src/firejail/mountinfo.c b/src/firejail/mountinfo.c index b7760ba67..b7e6c6fdd 100644 --- a/src/firejail/mountinfo.c +++ b/src/firejail/mountinfo.c | |||
@@ -67,7 +67,7 @@ static void unmangle_path(char *path) { | |||
67 | // Parse a line from /proc/self/mountinfo, | 67 | // Parse a line from /proc/self/mountinfo, |
68 | // the function does an exit(1) if anything goes wrong. | 68 | // the function does an exit(1) if anything goes wrong. |
69 | static void parse_line(char *line, MountData *output) { | 69 | static void parse_line(char *line, MountData *output) { |
70 | assert(line && *line); | 70 | assert(line && output); |
71 | memset(output, 0, sizeof(*output)); | 71 | memset(output, 0, sizeof(*output)); |
72 | // extract filesystem name, directory and filesystem types | 72 | // extract filesystem name, directory and filesystem types |
73 | // examples: | 73 | // examples: |
@@ -156,7 +156,7 @@ int get_mount_id(const char *path) { | |||
156 | EUID_ASSERT(); | 156 | EUID_ASSERT(); |
157 | int fd = open(path, O_PATH|O_CLOEXEC); | 157 | int fd = open(path, O_PATH|O_CLOEXEC); |
158 | if (fd == -1) | 158 | if (fd == -1) |
159 | return 0; | 159 | return -1; |
160 | 160 | ||
161 | char *fdinfo; | 161 | char *fdinfo; |
162 | if (asprintf(&fdinfo, "/proc/self/fdinfo/%d", fd) == -1) | 162 | if (asprintf(&fdinfo, "/proc/self/fdinfo/%d", fd) == -1) |
@@ -166,31 +166,31 @@ int get_mount_id(const char *path) { | |||
166 | EUID_USER(); | 166 | EUID_USER(); |
167 | if (!fp) | 167 | if (!fp) |
168 | goto errexit; | 168 | goto errexit; |
169 | // go to the last line | 169 | |
170 | // read the file | ||
170 | char buf[MAX_BUF]; | 171 | char buf[MAX_BUF]; |
171 | while (fgets(buf, MAX_BUF, fp)); | 172 | while (fgets(buf, MAX_BUF, fp)) { |
172 | fclose(fp); | 173 | if (strncmp(buf, "mnt_id:", 7) == 0) { |
173 | close(fd); | 174 | char *ptr = buf + 7; |
174 | // go to the mount id | 175 | while (*ptr != '\0' && (*ptr == ' ' || *ptr == '\t')) { |
175 | if (strncmp(buf, "mnt_id:", 7) != 0) | 176 | ptr++; |
176 | goto errexit; | 177 | } |
177 | char *ptr = buf + 7; | 178 | if (*ptr == '\0') |
178 | while (*ptr != '\0' && (*ptr == ' ' || *ptr == '\t')) { | 179 | goto errexit; |
179 | ptr++; | 180 | fclose(fp); |
181 | close(fd); | ||
182 | free(fdinfo); | ||
183 | return atoi(ptr); | ||
184 | } | ||
180 | } | 185 | } |
181 | if (*ptr == '\0') | ||
182 | goto errexit; | ||
183 | free(fdinfo); | ||
184 | |||
185 | return atoi(ptr); | ||
186 | 186 | ||
187 | errexit: | 187 | errexit: |
188 | fprintf(stderr, "Error: cannot read file in /proc/self/fdinfo\n"); | 188 | fprintf(stderr, "Error: cannot read %s\n", fdinfo); |
189 | exit(1); | 189 | exit(1); |
190 | } | 190 | } |
191 | 191 | ||
192 | // Return array with all paths that might need a remount. | 192 | // Return array with all paths that might need a remount. |
193 | char **get_all_mounts(const int mountid, const char *path) { | 193 | char **build_mount_array(const int mountid, const char *path) { |
194 | // open /proc/self/mountinfo | 194 | // open /proc/self/mountinfo |
195 | FILE *fp = fopen("/proc/self/mountinfo", "re"); | 195 | FILE *fp = fopen("/proc/self/mountinfo", "re"); |
196 | if (!fp) { | 196 | if (!fp) { |
@@ -244,7 +244,7 @@ char **get_all_mounts(const int mountid, const char *path) { | |||
244 | errExit("realloc"); | 244 | errExit("realloc"); |
245 | } | 245 | } |
246 | rv[cnt] = strdup(mdata.dir); | 246 | rv[cnt] = strdup(mdata.dir); |
247 | if (!rv[cnt]) | 247 | if (rv[cnt] == NULL) |
248 | errExit("strdup"); | 248 | errExit("strdup"); |
249 | cnt++; | 249 | cnt++; |
250 | } | 250 | } |