diff options
author | netblue30 <netblue30@yahoo.com> | 2016-04-12 13:22:39 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-04-12 13:22:39 -0400 |
commit | 75b80b445d01ee34f105ff0d8a47d1b09f2c7898 (patch) | |
tree | 49486c97863659112979a4fab4fbcb3646c0cd19 /src | |
parent | Merge pull request #427 from avoidr/paths_fix (diff) | |
download | firejail-75b80b445d01ee34f105ff0d8a47d1b09f2c7898.tar.gz firejail-75b80b445d01ee34f105ff0d8a47d1b09f2c7898.tar.zst firejail-75b80b445d01ee34f105ff0d8a47d1b09f2c7898.zip |
--private-bin fixes
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_bin.c | 35 | ||||
-rw-r--r-- | src/firejail/paths.c | 5 |
3 files changed, 26 insertions, 16 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index b4eb708d8..b3fafa0c2 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -506,7 +506,7 @@ void fs_blacklist(void) { | |||
506 | if (strncmp(ptr, "${PATH}", 7) == 0) { | 506 | if (strncmp(ptr, "${PATH}", 7) == 0) { |
507 | char *fname = ptr + 7; | 507 | char *fname = ptr + 7; |
508 | size_t fname_len = strlen(fname); | 508 | size_t fname_len = strlen(fname); |
509 | char **paths = build_paths(); //{"/usr/local/bin", "/bin", "/usr/bin/", "/sbin", "/usr/sbin", NULL}; | 509 | char **paths = build_paths(); //{"/usr/local/bin", "/usr/local/sbin", "/bin", "/usr/bin/", "/sbin", "/usr/sbin", NULL}; |
510 | int i = 0; | 510 | int i = 0; |
511 | while (paths[i] != NULL) { | 511 | while (paths[i] != NULL) { |
512 | char *path = paths[i]; | 512 | char *path = paths[i]; |
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c index 87d63c6e6..c3d24aaac 100644 --- a/src/firejail/fs_bin.c +++ b/src/firejail/fs_bin.c | |||
@@ -26,10 +26,11 @@ | |||
26 | 26 | ||
27 | static char *paths[] = { | 27 | static char *paths[] = { |
28 | "/usr/local/bin", | 28 | "/usr/local/bin", |
29 | "/bin", | ||
30 | "/usr/bin", | 29 | "/usr/bin", |
31 | "/sbin", | 30 | "/bin", |
31 | "/usr/local/sbin", | ||
32 | "/usr/sbin", | 32 | "/usr/sbin", |
33 | "/sbin", | ||
33 | NULL | 34 | NULL |
34 | }; | 35 | }; |
35 | 36 | ||
@@ -173,6 +174,7 @@ void fs_private_bin_list(void) { | |||
173 | 174 | ||
174 | // check bin paths | 175 | // check bin paths |
175 | int i = 0; | 176 | int i = 0; |
177 | #if 0 | ||
176 | while (paths[i]) { | 178 | while (paths[i]) { |
177 | struct stat s; | 179 | struct stat s; |
178 | if (stat(paths[i], &s) == -1) { | 180 | if (stat(paths[i], &s) == -1) { |
@@ -181,6 +183,7 @@ void fs_private_bin_list(void) { | |||
181 | } | 183 | } |
182 | i++; | 184 | i++; |
183 | } | 185 | } |
186 | #endif | ||
184 | 187 | ||
185 | // create /tmp/firejail/mnt/bin directory | 188 | // create /tmp/firejail/mnt/bin directory |
186 | fs_build_mnt_dir(); | 189 | fs_build_mnt_dir(); |
@@ -230,12 +233,15 @@ void fs_private_bin_list(void) { | |||
230 | // mount-bind | 233 | // mount-bind |
231 | i = 0; | 234 | i = 0; |
232 | while (paths[i]) { | 235 | while (paths[i]) { |
233 | if (arg_debug) | 236 | struct stat s; |
234 | printf("Mount-bind %s on top of %s\n", RUN_BIN_DIR, paths[i]); | 237 | if (stat(paths[i], &s) == 0) { |
235 | if (mount(RUN_BIN_DIR, paths[i], NULL, MS_BIND|MS_REC, NULL) < 0) | 238 | if (arg_debug) |
236 | errExit("mount bind"); | 239 | printf("Mount-bind %s on top of %s\n", RUN_BIN_DIR, paths[i]); |
237 | fs_logger2("tmpfs", paths[i]); | 240 | if (mount(RUN_BIN_DIR, paths[i], NULL, MS_BIND|MS_REC, NULL) < 0) |
238 | fs_logger2("mount", paths[i]); | 241 | errExit("mount bind"); |
242 | fs_logger2("tmpfs", paths[i]); | ||
243 | fs_logger2("mount", paths[i]); | ||
244 | } | ||
239 | i++; | 245 | i++; |
240 | } | 246 | } |
241 | 247 | ||
@@ -249,11 +255,14 @@ void fs_private_bin_list(void) { | |||
249 | while (ptr) { | 255 | while (ptr) { |
250 | i = 0; | 256 | i = 0; |
251 | while (paths[i]) { | 257 | while (paths[i]) { |
252 | char *fname; | 258 | struct stat s; |
253 | if (asprintf(&fname, "%s/%s", paths[i], ptr) == -1) | 259 | if (stat(paths[i], &s) == 0) { |
254 | errExit("asprintf"); | 260 | char *fname; |
255 | fs_logger2("clone", fname); | 261 | if (asprintf(&fname, "%s/%s", paths[i], ptr) == -1) |
256 | free(fname); | 262 | errExit("asprintf"); |
263 | fs_logger2("clone", fname); | ||
264 | free(fname); | ||
265 | } | ||
257 | i++; | 266 | i++; |
258 | } | 267 | } |
259 | ptr = strtok(NULL, ","); | 268 | ptr = strtok(NULL, ","); |
diff --git a/src/firejail/paths.c b/src/firejail/paths.c index 74b8dfe55..97a1d5a98 100644 --- a/src/firejail/paths.c +++ b/src/firejail/paths.c | |||
@@ -76,10 +76,11 @@ char **build_paths(void) { | |||
76 | 76 | ||
77 | // add default paths | 77 | // add default paths |
78 | add_path("/usr/local/bin"); | 78 | add_path("/usr/local/bin"); |
79 | add_path("/bin"); | ||
80 | add_path("/usr/bin"); | 79 | add_path("/usr/bin"); |
81 | add_path("/sbin"); | 80 | add_path("/bin"); |
81 | add_path("/usr/local/sbin"); | ||
82 | add_path("/usr/sbin"); | 82 | add_path("/usr/sbin"); |
83 | add_path("/sbin"); | ||
83 | 84 | ||
84 | path2 = strdup(path1); | 85 | path2 = strdup(path1); |
85 | if (!path2) | 86 | if (!path2) |