diff options
author | netblue30 <netblue30@yahoo.com> | 2018-04-23 07:00:43 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-04-23 07:00:43 -0500 |
commit | da5b63dfd2af71006688c56820862b54e9ef728c (patch) | |
tree | 6053fec6131ddb510b9c066687effb0187634db0 /src | |
parent | Merge pull request #1903 from smitsohu/master (diff) | |
parent | Re-enable join-or-start (diff) | |
download | firejail-da5b63dfd2af71006688c56820862b54e9ef728c.tar.gz firejail-da5b63dfd2af71006688c56820862b54e9ef728c.tar.zst firejail-da5b63dfd2af71006688c56820862b54e9ef728c.zip |
Merge pull request #1906 from aerusso/pulls/join-or-start
Re-enable join-or-start
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 76 |
1 files changed, 42 insertions, 34 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 909b5441e..1a37aca2f 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -161,37 +161,47 @@ static void my_handler(int s){ | |||
161 | myexit(1); | 161 | myexit(1); |
162 | } | 162 | } |
163 | 163 | ||
164 | static pid_t extract_pid(const char *name) { | 164 | // return 1 if error, 0 if a valid pid was found |
165 | static int extract_pid(const char *name, pid_t *pid) { | ||
166 | int retval = 0; | ||
165 | EUID_ASSERT(); | 167 | EUID_ASSERT(); |
166 | if (!name || strlen(name) == 0) { | 168 | if (!name || strlen(name) == 0) { |
167 | fprintf(stderr, "Error: invalid sandbox name\n"); | 169 | fprintf(stderr, "Error: invalid sandbox name\n"); |
168 | exit(1); | 170 | exit(1); |
169 | } | 171 | } |
170 | 172 | ||
171 | pid_t pid; | ||
172 | EUID_ROOT(); | 173 | EUID_ROOT(); |
173 | if (name2pid(name, &pid)) { | 174 | if (name2pid(name, pid)) { |
174 | fprintf(stderr, "Error: cannot find sandbox %s\n", name); | 175 | retval = 1; |
175 | exit(1); | ||
176 | } | 176 | } |
177 | EUID_USER(); | 177 | EUID_USER(); |
178 | return pid; | 178 | return retval; |
179 | } | 179 | } |
180 | 180 | ||
181 | 181 | // return 1 if error, 0 if a valid pid was found | |
182 | static pid_t read_pid(const char *str) { | 182 | static int read_pid(const char *name, pid_t *pid) { |
183 | char *endptr; | 183 | char *endptr; |
184 | errno = 0; | 184 | errno = 0; |
185 | long int pidtmp = strtol(str, &endptr, 10); | 185 | long int pidtmp = strtol(name, &endptr, 10); |
186 | if ((errno == ERANGE && (pidtmp == LONG_MAX || pidtmp == LONG_MIN)) | 186 | if ((errno == ERANGE && (pidtmp == LONG_MAX || pidtmp == LONG_MIN)) |
187 | || (errno != 0 && pidtmp == 0)) { | 187 | || (errno != 0 && pidtmp == 0)) { |
188 | return extract_pid(str); | 188 | return extract_pid(name,pid); |
189 | } | 189 | } |
190 | // endptr points to '\0' char in str if the entire string is valid | 190 | // endptr points to '\0' char in name if the entire string is valid |
191 | if (endptr == NULL || endptr[0]!='\0') { | 191 | if (endptr == NULL || endptr[0]!='\0') { |
192 | return extract_pid(str); | 192 | return extract_pid(name,pid); |
193 | } | ||
194 | *pid =(pid_t)pidtmp; | ||
195 | return 0; | ||
196 | } | ||
197 | |||
198 | static pid_t require_pid(const char *name) { | ||
199 | pid_t pid; | ||
200 | if (read_pid(name,&pid)) { | ||
201 | fprintf(stderr, "Error: cannot find sandbox %s\n", name); | ||
202 | exit(1); | ||
193 | } | 203 | } |
194 | return (pid_t)pidtmp; | 204 | return pid; |
195 | } | 205 | } |
196 | 206 | ||
197 | // init configuration | 207 | // init configuration |
@@ -411,7 +421,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
411 | } | 421 | } |
412 | 422 | ||
413 | // extract pid or sandbox name | 423 | // extract pid or sandbox name |
414 | pid_t pid = read_pid(argv[i] + 12); | 424 | pid_t pid = require_pid(argv[i] + 12); |
415 | bandwidth_pid(pid, cmd, dev, down, up); | 425 | bandwidth_pid(pid, cmd, dev, down, up); |
416 | } | 426 | } |
417 | else | 427 | else |
@@ -420,13 +430,13 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
420 | } | 430 | } |
421 | else if (strncmp(argv[i], "--netfilter.print=", 18) == 0) { | 431 | else if (strncmp(argv[i], "--netfilter.print=", 18) == 0) { |
422 | // extract pid or sandbox name | 432 | // extract pid or sandbox name |
423 | pid_t pid = read_pid(argv[i] + 18); | 433 | pid_t pid = require_pid(argv[i] + 18); |
424 | netfilter_print(pid, 0); | 434 | netfilter_print(pid, 0); |
425 | exit(0); | 435 | exit(0); |
426 | } | 436 | } |
427 | else if (strncmp(argv[i], "--netfilter6.print=", 19) == 0) { | 437 | else if (strncmp(argv[i], "--netfilter6.print=", 19) == 0) { |
428 | // extract pid or sandbox name | 438 | // extract pid or sandbox name |
429 | pid_t pid = read_pid(argv[i] + 19); | 439 | pid_t pid = require_pid(argv[i] + 19); |
430 | netfilter_print(pid, 1); | 440 | netfilter_print(pid, 1); |
431 | exit(0); | 441 | exit(0); |
432 | } | 442 | } |
@@ -455,7 +465,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
455 | else if (strncmp(argv[i], "--seccomp.print=", 16) == 0) { | 465 | else if (strncmp(argv[i], "--seccomp.print=", 16) == 0) { |
456 | if (checkcfg(CFG_SECCOMP)) { | 466 | if (checkcfg(CFG_SECCOMP)) { |
457 | // print seccomp filter for a sandbox specified by pid or by name | 467 | // print seccomp filter for a sandbox specified by pid or by name |
458 | pid_t pid = read_pid(argv[i] + 16); | 468 | pid_t pid = require_pid(argv[i] + 16); |
459 | seccomp_print_filter(pid); | 469 | seccomp_print_filter(pid); |
460 | } | 470 | } |
461 | else | 471 | else |
@@ -469,7 +479,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
469 | else if (strncmp(argv[i], "--protocol.print=", 17) == 0) { | 479 | else if (strncmp(argv[i], "--protocol.print=", 17) == 0) { |
470 | if (checkcfg(CFG_SECCOMP)) { | 480 | if (checkcfg(CFG_SECCOMP)) { |
471 | // print seccomp filter for a sandbox specified by pid or by name | 481 | // print seccomp filter for a sandbox specified by pid or by name |
472 | pid_t pid = read_pid(argv[i] + 17); | 482 | pid_t pid = require_pid(argv[i] + 17); |
473 | protocol_print_filter(pid); | 483 | protocol_print_filter(pid); |
474 | } | 484 | } |
475 | else | 485 | else |
@@ -478,7 +488,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
478 | } | 488 | } |
479 | #endif | 489 | #endif |
480 | else if (strncmp(argv[i], "--profile.print=", 16) == 0) { | 490 | else if (strncmp(argv[i], "--profile.print=", 16) == 0) { |
481 | pid_t pid = read_pid(argv[i] + 16); | 491 | pid_t pid = require_pid(argv[i] + 16); |
482 | 492 | ||
483 | // print /run/firejail/profile/<PID> file | 493 | // print /run/firejail/profile/<PID> file |
484 | char *fname; | 494 | char *fname; |
@@ -499,13 +509,13 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
499 | } | 509 | } |
500 | else if (strncmp(argv[i], "--cpu.print=", 12) == 0) { | 510 | else if (strncmp(argv[i], "--cpu.print=", 12) == 0) { |
501 | // join sandbox by pid or by name | 511 | // join sandbox by pid or by name |
502 | pid_t pid = read_pid(argv[i] + 12); | 512 | pid_t pid = require_pid(argv[i] + 12); |
503 | cpu_print_filter(pid); | 513 | cpu_print_filter(pid); |
504 | exit(0); | 514 | exit(0); |
505 | } | 515 | } |
506 | else if (strncmp(argv[i], "--apparmor.print=", 12) == 0) { | 516 | else if (strncmp(argv[i], "--apparmor.print=", 12) == 0) { |
507 | // join sandbox by pid or by name | 517 | // join sandbox by pid or by name |
508 | pid_t pid = read_pid(argv[i] + 17); | 518 | pid_t pid = require_pid(argv[i] + 17); |
509 | char *pidstr; | 519 | char *pidstr; |
510 | if (asprintf(&pidstr, "%u", pid) == -1) | 520 | if (asprintf(&pidstr, "%u", pid) == -1) |
511 | errExit("asprintf"); | 521 | errExit("asprintf"); |
@@ -515,19 +525,19 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
515 | } | 525 | } |
516 | else if (strncmp(argv[i], "--caps.print=", 13) == 0) { | 526 | else if (strncmp(argv[i], "--caps.print=", 13) == 0) { |
517 | // join sandbox by pid or by name | 527 | // join sandbox by pid or by name |
518 | pid_t pid = read_pid(argv[i] + 13); | 528 | pid_t pid = require_pid(argv[i] + 13); |
519 | caps_print_filter(pid); | 529 | caps_print_filter(pid); |
520 | exit(0); | 530 | exit(0); |
521 | } | 531 | } |
522 | else if (strncmp(argv[i], "--fs.print=", 11) == 0) { | 532 | else if (strncmp(argv[i], "--fs.print=", 11) == 0) { |
523 | // join sandbox by pid or by name | 533 | // join sandbox by pid or by name |
524 | pid_t pid = read_pid(argv[i] + 11); | 534 | pid_t pid = require_pid(argv[i] + 11); |
525 | fs_logger_print_log(pid); | 535 | fs_logger_print_log(pid); |
526 | exit(0); | 536 | exit(0); |
527 | } | 537 | } |
528 | else if (strncmp(argv[i], "--dns.print=", 12) == 0) { | 538 | else if (strncmp(argv[i], "--dns.print=", 12) == 0) { |
529 | // join sandbox by pid or by name | 539 | // join sandbox by pid or by name |
530 | pid_t pid = read_pid(argv[i] + 12); | 540 | pid_t pid = require_pid(argv[i] + 12); |
531 | net_dns_print(pid); | 541 | net_dns_print(pid); |
532 | exit(0); | 542 | exit(0); |
533 | } | 543 | } |
@@ -592,7 +602,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
592 | } | 602 | } |
593 | 603 | ||
594 | // get file | 604 | // get file |
595 | pid_t pid = read_pid(argv[i] + 6); | 605 | pid_t pid = require_pid(argv[i] + 6); |
596 | sandboxfs(SANDBOX_FS_GET, pid, path, NULL); | 606 | sandboxfs(SANDBOX_FS_GET, pid, path, NULL); |
597 | exit(0); | 607 | exit(0); |
598 | } | 608 | } |
@@ -622,7 +632,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
622 | } | 632 | } |
623 | 633 | ||
624 | // get file | 634 | // get file |
625 | pid_t pid = read_pid(argv[i] + 6); | 635 | pid_t pid = require_pid(argv[i] + 6); |
626 | sandboxfs(SANDBOX_FS_PUT, pid, path1, path2); | 636 | sandboxfs(SANDBOX_FS_PUT, pid, path1, path2); |
627 | exit(0); | 637 | exit(0); |
628 | } | 638 | } |
@@ -646,7 +656,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
646 | } | 656 | } |
647 | 657 | ||
648 | // list directory contents | 658 | // list directory contents |
649 | pid_t pid = read_pid(argv[i] + 5); | 659 | pid_t pid = require_pid(argv[i] + 5); |
650 | sandboxfs(SANDBOX_FS_LS, pid, path, NULL); | 660 | sandboxfs(SANDBOX_FS_LS, pid, path, NULL); |
651 | exit(0); | 661 | exit(0); |
652 | } | 662 | } |
@@ -670,7 +680,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
670 | cfg.shell = guess_shell(); | 680 | cfg.shell = guess_shell(); |
671 | 681 | ||
672 | // join sandbox by pid or by name | 682 | // join sandbox by pid or by name |
673 | pid_t pid = read_pid(argv[i] + 7); | 683 | pid_t pid = require_pid(argv[i] + 7); |
674 | join(pid, argc, argv, i + 1); | 684 | join(pid, argc, argv, i + 1); |
675 | exit(0); | 685 | exit(0); |
676 | } | 686 | } |
@@ -691,17 +701,15 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
691 | cfg.original_program_index = i + 1; | 701 | cfg.original_program_index = i + 1; |
692 | } | 702 | } |
693 | 703 | ||
694 | #if 0 // todo: redo it | ||
695 | // try to join by name only | 704 | // try to join by name only |
696 | pid_t pid; | 705 | pid_t pid; |
697 | if (!name2pid(argv[i] + 16, &pid)) { | 706 | if (!read_pid(argv[i] + 16, &pid)) { |
698 | if (!cfg.shell && !arg_shell_none) | 707 | if (!cfg.shell && !arg_shell_none) |
699 | cfg.shell = guess_shell(); | 708 | cfg.shell = guess_shell(); |
700 | 709 | ||
701 | join(pid, argc, argv, i + 1); | 710 | join(pid, argc, argv, i + 1); |
702 | exit(0); | 711 | exit(0); |
703 | } | 712 | } |
704 | #endif | ||
705 | // if there no such sandbox continue argument processing | 713 | // if there no such sandbox continue argument processing |
706 | } | 714 | } |
707 | #ifdef HAVE_NETWORK | 715 | #ifdef HAVE_NETWORK |
@@ -718,7 +726,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
718 | cfg.shell = guess_shell(); | 726 | cfg.shell = guess_shell(); |
719 | 727 | ||
720 | // join sandbox by pid or by name | 728 | // join sandbox by pid or by name |
721 | pid_t pid = read_pid(argv[i] + 15); | 729 | pid_t pid = require_pid(argv[i] + 15); |
722 | join(pid, argc, argv, i + 1); | 730 | join(pid, argc, argv, i + 1); |
723 | } | 731 | } |
724 | else | 732 | else |
@@ -738,7 +746,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
738 | cfg.shell = guess_shell(); | 746 | cfg.shell = guess_shell(); |
739 | 747 | ||
740 | // join sandbox by pid or by name | 748 | // join sandbox by pid or by name |
741 | pid_t pid = read_pid(argv[i] + 18); | 749 | pid_t pid = require_pid(argv[i] + 18); |
742 | join(pid, argc, argv, i + 1); | 750 | join(pid, argc, argv, i + 1); |
743 | exit(0); | 751 | exit(0); |
744 | } | 752 | } |
@@ -746,7 +754,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
746 | logargs(argc, argv); | 754 | logargs(argc, argv); |
747 | 755 | ||
748 | // shutdown sandbox by pid or by name | 756 | // shutdown sandbox by pid or by name |
749 | pid_t pid = read_pid(argv[i] + 11); | 757 | pid_t pid = require_pid(argv[i] + 11); |
750 | shut(pid); | 758 | shut(pid); |
751 | exit(0); | 759 | exit(0); |
752 | } | 760 | } |