diff options
author | netblue30 <netblue30@yahoo.com> | 2017-11-05 15:08:24 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-11-05 15:08:24 -0500 |
commit | 1a61182e9fe4561e1ebf36eb3bc725aaae0c26b0 (patch) | |
tree | 6fd6bdd5cbf95321c1aa320d8c7c0a17d51402c7 /src | |
parent | fix disable-programs.inc (diff) | |
download | firejail-1a61182e9fe4561e1ebf36eb3bc725aaae0c26b0.tar.gz firejail-1a61182e9fe4561e1ebf36eb3bc725aaae0c26b0.tar.zst firejail-1a61182e9fe4561e1ebf36eb3bc725aaae0c26b0.zip |
private-lib fix
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs_lib.c | 31 | ||||
-rw-r--r-- | src/firejail/fs_lib2.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_trace.c | 2 |
3 files changed, 23 insertions, 12 deletions
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c index 56a66742a..59c0c5261 100644 --- a/src/firejail/fs_lib.c +++ b/src/firejail/fs_lib.c | |||
@@ -69,6 +69,9 @@ static char *build_dest_dir(const char *full_path) { | |||
69 | // copy fname in private_run_dir | 69 | // copy fname in private_run_dir |
70 | void fslib_duplicate(const char *full_path) { | 70 | void fslib_duplicate(const char *full_path) { |
71 | assert(full_path); | 71 | assert(full_path); |
72 | if (arg_debug) | ||
73 | printf("fslib_duplicate %s\n", full_path); | ||
74 | |||
72 | struct stat s; | 75 | struct stat s; |
73 | if (stat(full_path, &s) != 0 || s.st_uid != 0 || access(full_path, R_OK)) | 76 | if (stat(full_path, &s) != 0 || s.st_uid != 0 || access(full_path, R_OK)) |
74 | return; | 77 | return; |
@@ -105,6 +108,10 @@ void fslib_duplicate(const char *full_path) { | |||
105 | // it could be a library or an executable | 108 | // it could be a library or an executable |
106 | // lib is not copied, only libraries used by it | 109 | // lib is not copied, only libraries used by it |
107 | void fslib_copy_libs(const char *full_path) { | 110 | void fslib_copy_libs(const char *full_path) { |
111 | assert(full_path); | ||
112 | if (arg_debug) | ||
113 | printf("fslib_copy_libs %s\n", full_path); | ||
114 | |||
108 | // if library/executable does not exist or the user does not have read access to it | 115 | // if library/executable does not exist or the user does not have read access to it |
109 | // print a warning and exit the function. | 116 | // print a warning and exit the function. |
110 | if (access(full_path, R_OK)) { | 117 | if (access(full_path, R_OK)) { |
@@ -120,6 +127,8 @@ void fslib_copy_libs(const char *full_path) { | |||
120 | errExit("chown"); | 127 | errExit("chown"); |
121 | 128 | ||
122 | // run fldd to extact the list of files | 129 | // run fldd to extact the list of files |
130 | if (arg_debug) | ||
131 | printf("runing fldd %s\n", full_path); | ||
123 | sbox_run(SBOX_USER | SBOX_SECCOMP | SBOX_CAPS_NONE, 3, PATH_FLDD, full_path, RUN_LIB_FILE); | 132 | sbox_run(SBOX_USER | SBOX_SECCOMP | SBOX_CAPS_NONE, 3, PATH_FLDD, full_path, RUN_LIB_FILE); |
124 | 133 | ||
125 | // open the list of libraries and install them on by one | 134 | // open the list of libraries and install them on by one |
@@ -141,6 +150,9 @@ void fslib_copy_libs(const char *full_path) { | |||
141 | 150 | ||
142 | void fslib_copy_dir(const char *full_path) { | 151 | void fslib_copy_dir(const char *full_path) { |
143 | assert(full_path); | 152 | assert(full_path); |
153 | if (arg_debug) | ||
154 | printf("fslib_copy_dir %s\n", full_path); | ||
155 | |||
144 | // do nothing if the directory does not exist or is not owned by root | 156 | // do nothing if the directory does not exist or is not owned by root |
145 | struct stat s; | 157 | struct stat s; |
146 | if (stat(full_path, &s) != 0 || s.st_uid != 0 || !S_ISDIR(s.st_mode) || access(full_path, R_OK)) | 158 | if (stat(full_path, &s) != 0 || s.st_uid != 0 || !S_ISDIR(s.st_mode) || access(full_path, R_OK)) |
@@ -151,8 +163,6 @@ void fslib_copy_dir(const char *full_path) { | |||
151 | dir_name++; | 163 | dir_name++; |
152 | assert(*dir_name != '\0'); | 164 | assert(*dir_name != '\0'); |
153 | 165 | ||
154 | |||
155 | |||
156 | // do nothing if the directory is already there | 166 | // do nothing if the directory is already there |
157 | char *dest; | 167 | char *dest; |
158 | if (asprintf(&dest, "%s/%s", build_dest_dir(full_path), dir_name) == -1) | 168 | if (asprintf(&dest, "%s/%s", build_dest_dir(full_path), dir_name) == -1) |
@@ -371,12 +381,17 @@ void fs_private_lib(void) { | |||
371 | if (!arg_quiet) | 381 | if (!arg_quiet) |
372 | fprintf(stderr, "Installed %d libraries and %d directories\n", lib_cnt, dir_cnt); | 382 | fprintf(stderr, "Installed %d libraries and %d directories\n", lib_cnt, dir_cnt); |
373 | 383 | ||
374 | // for our trace and tracelog libs | 384 | // bring in firejail directory for --trace options |
375 | if (arg_trace) | 385 | fslib_copy_dir(LIBDIR "/firejail"); |
376 | fslib_duplicate(LIBDIR "/firejail/libtrace.so"); | 386 | |
377 | else if (arg_tracelog) | 387 | // ... and for sandbox in sandbox functionality |
378 | fslib_duplicate(LIBDIR "/firejail/libtracelog.so"); | 388 | fslib_copy_libs(LIBDIR "/firejail/faudit"); |
379 | 389 | fslib_copy_libs(LIBDIR "/firejail/fbuilder"); | |
390 | fslib_copy_libs(LIBDIR "/firejail/fcopy"); | ||
391 | fslib_copy_libs(LIBDIR "/firejail/fldd"); | ||
392 | fslib_copy_libs(LIBDIR "/firejail/fnet"); | ||
393 | fslib_copy_libs(LIBDIR "/firejail/fseccomp"); | ||
394 | fslib_copy_libs(LIBDIR "/firejail/ftee"); | ||
380 | // mount lib filesystem | 395 | // mount lib filesystem |
381 | mount_directories(); | 396 | mount_directories(); |
382 | } | 397 | } |
diff --git a/src/firejail/fs_lib2.c b/src/firejail/fs_lib2.c index 86e7c0ba7..e5c6bdaed 100644 --- a/src/firejail/fs_lib2.c +++ b/src/firejail/fs_lib2.c | |||
@@ -122,8 +122,6 @@ void fslib_install_stdc(void) { | |||
122 | fprintf(stderr, "Standard C library installed in %0.2f ms\n", timetrace_end()); | 122 | fprintf(stderr, "Standard C library installed in %0.2f ms\n", timetrace_end()); |
123 | } | 123 | } |
124 | 124 | ||
125 | void fslib_install_locale(void); | ||
126 | |||
127 | 125 | ||
128 | //*************************************************************** | 126 | //*************************************************************** |
129 | // various system libraries | 127 | // various system libraries |
diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c index c87d29b5c..496c2aa4e 100644 --- a/src/firejail/fs_trace.c +++ b/src/firejail/fs_trace.c | |||
@@ -52,8 +52,6 @@ void fs_trace(void) { | |||
52 | if (!fp) | 52 | if (!fp) |
53 | errExit("fopen"); | 53 | errExit("fopen"); |
54 | const char *prefix = LIBDIR "/firejail"; | 54 | const char *prefix = LIBDIR "/firejail"; |
55 | if (arg_private_lib) | ||
56 | prefix = RUN_LIB_DIR; | ||
57 | 55 | ||
58 | if (arg_trace) { | 56 | if (arg_trace) { |
59 | fprintf(fp, "%s/libtrace.so\n", prefix); | 57 | fprintf(fp, "%s/libtrace.so\n", prefix); |