diff options
author | netblue30 <netblue30@yahoo.com> | 2016-03-10 07:13:57 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-03-10 07:13:57 -0500 |
commit | e8be433033945aeff9dcb8424b6a4b9fc7387557 (patch) | |
tree | 9bdbd19f360c14e4037cfe8ae8b9ec3c8b955077 /src | |
parent | overlay fix (diff) | |
download | firejail-e8be433033945aeff9dcb8424b6a4b9fc7387557.tar.gz firejail-e8be433033945aeff9dcb8424b6a4b9fc7387557.tar.zst firejail-e8be433033945aeff9dcb8424b6a4b9fc7387557.zip |
overlayfs fix for home directories mounted on a different partition
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs.c | 60 |
1 files changed, 59 insertions, 1 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 61f9175db..acee0ba1d 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -859,9 +859,67 @@ void fs_overlayfs(void) { | |||
859 | else { // kernel 3.18 or newer | 859 | else { // kernel 3.18 or newer |
860 | if (asprintf(&option, "lowerdir=/,upperdir=%s,workdir=%s", odiff, owork) == -1) | 860 | if (asprintf(&option, "lowerdir=/,upperdir=%s,workdir=%s", odiff, owork) == -1) |
861 | errExit("asprintf"); | 861 | errExit("asprintf"); |
862 | //printf("option #%s#\n", option); | ||
863 | if (mount("overlay", oroot, "overlay", MS_MGC_VAL, option) < 0) | 862 | if (mount("overlay", oroot, "overlay", MS_MGC_VAL, option) < 0) |
864 | errExit("mounting overlayfs"); | 863 | errExit("mounting overlayfs"); |
864 | |||
865 | //*************************** | ||
866 | // issue #263 start code | ||
867 | // My setup has a separate mount point for /home. When the overlay is mounted, | ||
868 | // the overlay does not contain the original /home contents. | ||
869 | // I added code to create a second overlay for /home if the overlay home dir is empty and this seems to work | ||
870 | // @dshmgh, Jan 2016 | ||
871 | { | ||
872 | char *overlayhome; | ||
873 | struct stat s; | ||
874 | char *hroot; | ||
875 | char *hdiff; | ||
876 | char *hwork; | ||
877 | |||
878 | // dons add debug | ||
879 | if (arg_debug) printf ("DEBUG: chroot dirs are oroot %s odiff %s owork %s\n",oroot,odiff,owork); | ||
880 | |||
881 | // BEFORE NEXT, WE NEED TO TEST IF /home has any contents or do we need to mount it? | ||
882 | // must create var for oroot/cfg.homedir | ||
883 | if (asprintf(&overlayhome,"%s%s",oroot,cfg.homedir) == -1) | ||
884 | errExit("asprintf"); | ||
885 | if (arg_debug) printf ("DEBUG: overlayhome var holds ##%s##\n",overlayhome); | ||
886 | |||
887 | // if no homedir in overlay -- create another overlay for /home | ||
888 | if (stat(overlayhome, &s) == -1) { | ||
889 | |||
890 | if(asprintf(&hroot, "%s/oroot/home", RUN_MNT_DIR) == -1) | ||
891 | errExit("asprintf"); | ||
892 | |||
893 | if(asprintf(&hdiff, "%s/hdiff", basedir) == -1) | ||
894 | errExit("asprintf"); | ||
895 | if (mkdir(hdiff, S_IRWXU | S_IRWXG | S_IRWXO)) | ||
896 | errExit("mkdir"); | ||
897 | if (chown(hdiff, 0, 0) < 0) | ||
898 | errExit("chown"); | ||
899 | if (chmod(hdiff, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) < 0) | ||
900 | errExit("chmod"); | ||
901 | |||
902 | if(asprintf(&hwork, "%s/hwork", basedir) == -1) | ||
903 | errExit("asprintf"); | ||
904 | if (mkdir(hwork, S_IRWXU | S_IRWXG | S_IRWXO)) | ||
905 | errExit("mkdir"); | ||
906 | if (chown(hwork, 0, 0) < 0) | ||
907 | errExit("chown"); | ||
908 | if (chmod(hwork, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) < 0) | ||
909 | errExit("chmod"); | ||
910 | |||
911 | // no homedir in overlay so now mount another overlay for /home | ||
912 | if (asprintf(&option, "lowerdir=/home,upperdir=%s,workdir=%s", hdiff, hwork) == -1) | ||
913 | errExit("asprintf"); | ||
914 | if (mount("overlay", hroot, "overlay", MS_MGC_VAL, option) < 0) | ||
915 | errExit("mounting overlayfs for mounted home directory"); | ||
916 | |||
917 | printf("OverlayFS for /home configured in %s directory\n", basedir); | ||
918 | } // stat(overlayhome) | ||
919 | free(overlayhome); | ||
920 | } | ||
921 | // issue #263 end code | ||
922 | //*************************** | ||
865 | } | 923 | } |
866 | printf("OverlayFS configured in %s directory\n", basedir); | 924 | printf("OverlayFS configured in %s directory\n", basedir); |
867 | 925 | ||