diff options
| author |  smitsohu <smitsohu@gmail.com> | 2021-02-25 00:49:13 +0100 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2021-02-25 00:49:13 +0100 |
| commit | 04cdc12104d093e7f23b92525ff6a8dd768ae0d1 (patch) | |
| tree | dc819f69a6f8ec94cc4c7b211ce8305a7ef832f1 /src | |
| parent | musl fix (#3998) (diff) | |
| download | firejail-04cdc12104d093e7f23b92525ff6a8dd768ae0d1.tar.gz firejail-04cdc12104d093e7f23b92525ff6a8dd768ae0d1.tar.zst firejail-04cdc12104d093e7f23b92525ff6a8dd768ae0d1.zip | |
private-lib: minor simplification
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/fs_lib.c | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c index 9bf17b981..7e9666fc0 100644 --- a/src/firejail/fs_lib.c +++ b/src/firejail/fs_lib.c | |||
| @@ -138,20 +138,10 @@ void fslib_duplicate(const char *full_path) { | |||
| 138 | lib_cnt++; | 138 | lib_cnt++; |
| 139 | } | 139 | } |
| 140 | 140 | ||
| 141 | |||
| 142 | // requires full path for lib | 141 | // requires full path for lib |
| 143 | // it could be a library or an executable | 142 | // it could be a library or an executable |
| 144 | // lib is not copied, only libraries used by it | 143 | // lib is not copied, only libraries used by it |
| 145 | static void fslib_copy_libs(const char *full_path, unsigned mask) { | 144 | static void fslib_copy_libs(const char *full_path, unsigned mask) { |
| 146 | // if library/executable does not exist or the user does not have read access to it | ||
| 147 | // print a warning and exit the function. | ||
| 148 | if (((mask & SBOX_USER) && access(full_path, R_OK)) || | ||
| 149 | ((mask & SBOX_ROOT) && access(full_path, F_OK))) { | ||
| 150 | if (arg_debug || arg_debug_private_lib) | ||
| 151 | printf("cannot find %s for private-lib, skipping...\n", full_path); | ||
| 152 | return; | ||
| 153 | } | ||
| 154 | |||
| 155 | // create an empty RUN_LIB_FILE and allow the user to write to it | 145 | // create an empty RUN_LIB_FILE and allow the user to write to it |
| 156 | unlink(RUN_LIB_FILE); // in case is there | 146 | unlink(RUN_LIB_FILE); // in case is there |
| 157 | create_empty_file_as_root(RUN_LIB_FILE, 0644); | 147 | create_empty_file_as_root(RUN_LIB_FILE, 0644); |
| @@ -186,13 +176,28 @@ void fslib_copy_libs_parse_as_root(const char *full_path) { | |||
| 186 | assert(full_path); | 176 | assert(full_path); |
| 187 | if (arg_debug || arg_debug_private_lib) | 177 | if (arg_debug || arg_debug_private_lib) |
| 188 | printf(" fslib_copy_libs_parse_as_root %s\n", full_path); | 178 | printf(" fslib_copy_libs_parse_as_root %s\n", full_path); |
| 179 | |||
| 180 | struct stat s; | ||
| 181 | if (stat(full_path, &s)) { | ||
| 182 | if (arg_debug || arg_debug_private_lib) | ||
| 183 | printf("cannot find %s for private-lib, skipping...\n", full_path); | ||
| 184 | return; | ||
| 185 | } | ||
| 189 | fslib_copy_libs(full_path, SBOX_ROOT); | 186 | fslib_copy_libs(full_path, SBOX_ROOT); |
| 190 | } | 187 | } |
| 191 | 188 | ||
| 189 | // if library/executable does not exist or the user does not have read access to it | ||
| 190 | // print a warning and exit the function. | ||
| 192 | void fslib_copy_libs_parse_as_user(const char *full_path) { | 191 | void fslib_copy_libs_parse_as_user(const char *full_path) { |
| 193 | assert(full_path); | 192 | assert(full_path); |
| 194 | if (arg_debug || arg_debug_private_lib) | 193 | if (arg_debug || arg_debug_private_lib) |
| 195 | printf(" fslib_copy_libs_parse_as_user %s\n", full_path); | 194 | printf(" fslib_copy_libs_parse_as_user %s\n", full_path); |
| 195 | |||
| 196 | if (access(full_path, R_OK)) { | ||
| 197 | if (arg_debug || arg_debug_private_lib) | ||
| 198 | printf("cannot find %s for private-lib, skipping...\n", full_path); | ||
| 199 | return; | ||
| 200 | } | ||
| 196 | fslib_copy_libs(full_path, SBOX_USER); | 201 | fslib_copy_libs(full_path, SBOX_USER); |
| 197 | } | 202 | } |
| 198 | 203 | ||