diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-11-14 16:25:56 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-12-05 11:41:13 -0300 |
commit | aa87789ad38e9017908fd1cfae6cc79c8db59eb7 (patch) | |
tree | c4b9a2fa87fff936626aaf2330d325665ed91b8d /src | |
parent | landlock: simplify variables in ll_add_profile (diff) | |
download | firejail-aa87789ad38e9017908fd1cfae6cc79c8db59eb7.tar.gz firejail-aa87789ad38e9017908fd1cfae6cc79c8db59eb7.tar.zst firejail-aa87789ad38e9017908fd1cfae6cc79c8db59eb7.zip |
landlock: fix profile entries processed in reverse
When a new landlock entry is parsed from a profile, the first entry in
the `cfg.lprofile` list is being set as the next/second entry and the
new entry is being set as the first entry in the list, so all entries
are being processed from last to first.
This commit makes the behavior of ll_add_profile() match the one from
profile_add() in src/firejail/profile.c so that the entries are
processed in the same order that they are parsed.
This amends commit b94cc754a ("landlock: apply rules in sandbox before
app start", 2023-10-26) / PR #6078.
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/landlock.c | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/src/firejail/landlock.c b/src/firejail/landlock.c index 163804053..d89b031a8 100644 --- a/src/firejail/landlock.c +++ b/src/firejail/landlock.c | |||
@@ -345,16 +345,24 @@ void ll_add_profile(int type, const char *data) { | |||
345 | while (*data == ' ' || *data == '\t') | 345 | while (*data == ' ' || *data == '\t') |
346 | data++; | 346 | data++; |
347 | 347 | ||
348 | LandlockEntry *ptr = malloc(sizeof(LandlockEntry)); | 348 | LandlockEntry *entry = malloc(sizeof(LandlockEntry)); |
349 | if (!ptr) | 349 | if (!entry) |
350 | errExit("malloc"); | 350 | errExit("malloc"); |
351 | memset(ptr, 0, sizeof(LandlockEntry)); | 351 | memset(entry, 0, sizeof(LandlockEntry)); |
352 | ptr->type = type; | 352 | entry->type = type; |
353 | ptr->data = strdup(data); | 353 | entry->data = strdup(data); |
354 | if (!ptr->data) | 354 | if (!entry->data) |
355 | errExit("strdup"); | 355 | errExit("strdup"); |
356 | ptr->next = cfg.lprofile; | 356 | |
357 | cfg.lprofile = ptr; | 357 | // add entry to the list |
358 | if (cfg.lprofile == NULL) { | ||
359 | cfg.lprofile = entry; | ||
360 | return; | ||
361 | } | ||
362 | LandlockEntry *ptr = cfg.lprofile; | ||
363 | while (ptr->next != NULL) | ||
364 | ptr = ptr->next; | ||
365 | ptr->next = entry; | ||
358 | } | 366 | } |
359 | 367 | ||
360 | #endif /* HAVE_LANDLOCK */ | 368 | #endif /* HAVE_LANDLOCK */ |