diff options
author | netblue30 <netblue30@yahoo.com> | 2015-08-28 11:27:19 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-08-28 11:27:19 -0400 |
commit | eb08fa57fe7a34ab2b0f7be2cf8ee63d1edd6ede (patch) | |
tree | 11ecf96c4e7ae089f452e42d3502a3a86835920a /src | |
parent | cleanup unfinished features (diff) | |
download | firejail-eb08fa57fe7a34ab2b0f7be2cf8ee63d1edd6ede.tar.gz firejail-eb08fa57fe7a34ab2b0f7be2cf8ee63d1edd6ede.tar.zst firejail-eb08fa57fe7a34ab2b0f7be2cf8ee63d1edd6ede.zip |
fix firejail-in-firejail again
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/bandwidth.c | 6 | ||||
-rw-r--r-- | src/firejail/firejail.h | 3 | ||||
-rw-r--r-- | src/firejail/fs.c | 6 | ||||
-rw-r--r-- | src/firejail/main.c | 26 |
4 files changed, 13 insertions, 28 deletions
diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c index 61d0acd4a..e0be1f06a 100644 --- a/src/firejail/bandwidth.c +++ b/src/firejail/bandwidth.c | |||
@@ -125,10 +125,8 @@ void shm_create_firejail_dir(void) { | |||
125 | } | 125 | } |
126 | else { // check /dev/shm/firejail directory belongs to root end exit if doesn't! | 126 | else { // check /dev/shm/firejail directory belongs to root end exit if doesn't! |
127 | if (s.st_uid != 0 || s.st_gid != 0) { | 127 | if (s.st_uid != 0 || s.st_gid != 0) { |
128 | if (firejail_in_firejail == 0) { | 128 | fprintf(stderr, "Error: non-root %s directory, exiting...\n", "/dev/shm/firejail"); |
129 | fprintf(stderr, "Error: non-root %s directory, exiting...\n", "/dev/shm/firejail"); | 129 | exit(1); |
130 | exit(1); | ||
131 | } | ||
132 | } | 130 | } |
133 | } | 131 | } |
134 | } | 132 | } |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index ce2b0e7a5..cb841cc59 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -149,9 +149,6 @@ extern int arg_scan; // arp-scan all interfaces | |||
149 | extern int parent_to_child_fds[2]; | 149 | extern int parent_to_child_fds[2]; |
150 | extern int child_to_parent_fds[2]; | 150 | extern int child_to_parent_fds[2]; |
151 | extern pid_t sandbox_pid; | 151 | extern pid_t sandbox_pid; |
152 | extern int firejail_in_firejail; | ||
153 | |||
154 | |||
155 | 152 | ||
156 | #define MAX_ARGS 128 // maximum number of command arguments (argc) | 153 | #define MAX_ARGS 128 // maximum number of command arguments (argc) |
157 | extern char *fullargv[MAX_ARGS]; | 154 | extern char *fullargv[MAX_ARGS]; |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 3f8f7176c..f4384faf7 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -44,10 +44,8 @@ void fs_build_firejail_dir(void) { | |||
44 | } | 44 | } |
45 | else { // check /tmp/firejail directory belongs to root end exit if doesn't! | 45 | else { // check /tmp/firejail directory belongs to root end exit if doesn't! |
46 | if (s.st_uid != 0 || s.st_gid != 0) { | 46 | if (s.st_uid != 0 || s.st_gid != 0) { |
47 | if (firejail_in_firejail == 0) { | 47 | fprintf(stderr, "Error: non-root %s directory, exiting...\n", FIREJAIL_DIR); |
48 | fprintf(stderr, "Error: non-root %s directory, exiting...\n", FIREJAIL_DIR); | 48 | exit(1); |
49 | exit(1); | ||
50 | } | ||
51 | } | 49 | } |
52 | } | 50 | } |
53 | } | 51 | } |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 3a5a21cad..a1e67c298 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -90,7 +90,6 @@ char *fullargv[MAX_ARGS]; // expanded argv for restricted shell | |||
90 | int fullargc = 0; | 90 | int fullargc = 0; |
91 | static pid_t child = 0; | 91 | static pid_t child = 0; |
92 | pid_t sandbox_pid; | 92 | pid_t sandbox_pid; |
93 | int firejail_in_firejail = 0; // firejail started in a firejail sandbox | ||
94 | 93 | ||
95 | static void myexit(int rv) { | 94 | static void myexit(int rv) { |
96 | logmsg("exiting..."); | 95 | logmsg("exiting..."); |
@@ -114,10 +113,8 @@ static void my_handler(int s){ | |||
114 | static void extract_user_data(void) { | 113 | static void extract_user_data(void) { |
115 | // check suid | 114 | // check suid |
116 | if (geteuid()) { | 115 | if (geteuid()) { |
117 | if (firejail_in_firejail == 0) { | 116 | fprintf(stderr, "Error: the sandbox is not setuid root\n"); |
118 | fprintf(stderr, "Error: the sandbox is not setuid root\n"); | 117 | exit(1); |
119 | exit(1); | ||
120 | } | ||
121 | } | 118 | } |
122 | 119 | ||
123 | struct passwd *pw = getpwuid(getuid()); | 120 | struct passwd *pw = getpwuid(getuid()); |
@@ -392,12 +389,13 @@ int main(int argc, char **argv) { | |||
392 | 389 | ||
393 | // check if we already have a sandbox running | 390 | // check if we already have a sandbox running |
394 | int rv = check_kernel_procs(); | 391 | int rv = check_kernel_procs(); |
395 | if (rv == 0) | 392 | if (rv == 0) { |
396 | firejail_in_firejail = 1; | 393 | // start the program directly without sandboxing |
397 | 394 | run_no_sandbox(argc, argv); | |
398 | 395 | // it will never get here! | |
396 | assert(0); | ||
397 | } | ||
399 | 398 | ||
400 | |||
401 | // initialize globals | 399 | // initialize globals |
402 | init_cfg(); | 400 | init_cfg(); |
403 | cfg.original_argv = argv; | 401 | cfg.original_argv = argv; |
@@ -697,6 +695,7 @@ int main(int argc, char **argv) { | |||
697 | } | 695 | } |
698 | 696 | ||
699 | // extract private home dirname | 697 | // extract private home dirname |
698 | printf("here %s:%d\n", __FILE__, __LINE__); | ||
700 | cfg.home_private = argv[i] + 10; | 699 | cfg.home_private = argv[i] + 10; |
701 | fs_check_private_dir(); | 700 | fs_check_private_dir(); |
702 | arg_private = 1; | 701 | arg_private = 1; |
@@ -974,13 +973,6 @@ int main(int argc, char **argv) { | |||
974 | } | 973 | } |
975 | } | 974 | } |
976 | 975 | ||
977 | // if a sandbox is already running, start the program directly without sandboxing | ||
978 | if (firejail_in_firejail) { | ||
979 | run_no_sandbox(argc, argv); | ||
980 | // it will never get here! | ||
981 | assert(0); | ||
982 | } | ||
983 | |||
984 | // check network configuration options - it will exit if anything went wrong | 976 | // check network configuration options - it will exit if anything went wrong |
985 | net_check_cfg(); | 977 | net_check_cfg(); |
986 | 978 | ||