diff options
| author |  netblue30 <netblue30@yahoo.com> | 2015-11-25 08:35:25 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2015-11-25 08:35:25 -0500 |
| commit | a91649ccf77c2fa20206759ef986aa9967e38ea6 (patch) | |
| tree | a82921724f471bf646e50ce365986f0e7bb847db /src | |
| parent | fixes (diff) | |
| download | firejail-a91649ccf77c2fa20206759ef986aa9967e38ea6.tar.gz firejail-a91649ccf77c2fa20206759ef986aa9967e38ea6.tar.zst firejail-a91649ccf77c2fa20206759ef986aa9967e38ea6.zip | |
fixes
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/firejail.h | 1 | ||||
| -rw-r--r-- | src/firejail/fs_bin.c | 2 | ||||
| -rw-r--r-- | src/firejail/fs_home.c | 11 | ||||
| -rw-r--r-- | src/firejail/fs_whitelist.c | 2 | ||||
| -rw-r--r-- | src/firejail/restrict_users.c | 2 | ||||
| -rw-r--r-- | src/firejail/util.c | 34 |
6 files changed, 45 insertions, 7 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 3ede58df6..a364de75f 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
| @@ -322,6 +322,7 @@ int net_move_interface(const char *dev, unsigned pid); | |||
| 322 | 322 | ||
| 323 | // util.c | 323 | // util.c |
| 324 | void drop_privs(int nogroups); | 324 | void drop_privs(int nogroups); |
| 325 | int mkpath_as_root(const char* path); | ||
| 325 | void extract_command_name(const char *str); | 326 | void extract_command_name(const char *str); |
| 326 | void logsignal(int s); | 327 | void logsignal(int s); |
| 327 | void logmsg(const char *msg); | 328 | void logmsg(const char *msg); |
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c index 38b9b06ca..946c75d30 100644 --- a/src/firejail/fs_bin.c +++ b/src/firejail/fs_bin.c | |||
| @@ -55,7 +55,7 @@ static char *check_dir_or_file(const char *name) { | |||
| 55 | } | 55 | } |
| 56 | 56 | ||
| 57 | if (!fname) { | 57 | if (!fname) { |
| 58 | fprintf(stderr, "Warning: file %s not found\n", name); | 58 | // fprintf(stderr, "Warning: file %s not found\n", name); |
| 59 | return NULL; | 59 | return NULL; |
| 60 | } | 60 | } |
| 61 | 61 | ||
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 23f036bd7..ca9f7b472 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
| @@ -233,9 +233,12 @@ void fs_private(void) { | |||
| 233 | // create /home/user | 233 | // create /home/user |
| 234 | if (arg_debug) | 234 | if (arg_debug) |
| 235 | printf("Create a new user directory\n"); | 235 | printf("Create a new user directory\n"); |
| 236 | int rv = mkdir(homedir, S_IRWXU); | 236 | if (mkdir(homedir, S_IRWXU) == -1) { |
| 237 | if (rv == -1) | 237 | if (mkpath_as_root(homedir) == -1) |
| 238 | errExit("mkdir"); | 238 | errExit("mkpath"); |
| 239 | if (mkdir(homedir, S_IRWXU) == -1) | ||
| 240 | errExit("mkdir"); | ||
| 241 | } | ||
| 239 | if (chown(homedir, u, g) < 0) | 242 | if (chown(homedir, u, g) < 0) |
| 240 | errExit("chown"); | 243 | errExit("chown"); |
| 241 | } | 244 | } |
| @@ -346,7 +349,7 @@ void fs_check_private_dir(void) { | |||
| 346 | exit(1); | 349 | exit(1); |
| 347 | } | 350 | } |
| 348 | if (s1.st_uid != s2.st_uid) { | 351 | if (s1.st_uid != s2.st_uid) { |
| 349 | printf("Error: the two home directories must have the same owner\n"); | 352 | printf("Error: --private directory should be owned by the current user\n"); |
| 350 | exit(1); | 353 | exit(1); |
| 351 | } | 354 | } |
| 352 | } | 355 | } |
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index a38539078..d018554d5 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
| @@ -75,7 +75,7 @@ static void whitelist_path(ProfileEntry *entry) { | |||
| 75 | assert(path); | 75 | assert(path); |
| 76 | const char *fname; | 76 | const char *fname; |
| 77 | char *wfile = NULL; | 77 | char *wfile = NULL; |
| 78 | 78 | ||
| 79 | if (entry->home_dir) { | 79 | if (entry->home_dir) { |
| 80 | fname = path + strlen(cfg.homedir); | 80 | fname = path + strlen(cfg.homedir); |
| 81 | if (*fname == '\0') { | 81 | if (*fname == '\0') { |
diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c index 4930dd1ea..50a9a9b89 100644 --- a/src/firejail/restrict_users.c +++ b/src/firejail/restrict_users.c | |||
| @@ -120,7 +120,7 @@ static void sanitize_home(void) { | |||
| 120 | 120 | ||
| 121 | // create user home directory | 121 | // create user home directory |
| 122 | if (mkdir(cfg.homedir, 0755) == -1) { | 122 | if (mkdir(cfg.homedir, 0755) == -1) { |
| 123 | if (mkpath(cfg.homedir)) | 123 | if (mkpath_as_root(cfg.homedir)) |
| 124 | errExit("mkpath"); | 124 | errExit("mkpath"); |
| 125 | if (mkdir(cfg.homedir, 0755) == -1) | 125 | if (mkdir(cfg.homedir, 0755) == -1) |
| 126 | errExit("mkdir"); | 126 | errExit("mkdir"); |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 89d0697fd..880e45465 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
| @@ -75,6 +75,40 @@ void drop_privs(int nogroups) { | |||
| 75 | } | 75 | } |
| 76 | 76 | ||
| 77 | 77 | ||
| 78 | int mkpath_as_root(const char* path) { | ||
| 79 | assert(path && *path); | ||
| 80 | |||
| 81 | // work on a copy of the path | ||
| 82 | char *file_path = strdup(path); | ||
| 83 | if (!file_path) | ||
| 84 | errExit("strdup"); | ||
| 85 | |||
| 86 | char* p; | ||
| 87 | for (p=strchr(file_path+1, '/'); p; p=strchr(p+1, '/')) { | ||
| 88 | *p='\0'; | ||
| 89 | if (mkdir(file_path, 0755)==-1) { | ||
| 90 | if (errno != EEXIST) { | ||
| 91 | *p='/'; | ||
| 92 | free(file_path); | ||
| 93 | return -1; | ||
| 94 | } | ||
| 95 | } | ||
| 96 | else { | ||
| 97 | if (chmod(file_path, 0755) == -1) | ||
| 98 | errExit("chmod"); | ||
| 99 | if (chown(file_path, 0, 0) == -1) | ||
| 100 | errExit("chown"); | ||
| 101 | } | ||
| 102 | |||
| 103 | *p='/'; | ||
| 104 | } | ||
| 105 | |||
| 106 | free(file_path); | ||
| 107 | return 0; | ||
| 108 | } | ||
| 109 | |||
| 110 | |||
| 111 | |||
| 78 | void logsignal(int s) { | 112 | void logsignal(int s) { |
| 79 | if (!arg_debug) | 113 | if (!arg_debug) |
| 80 | return; | 114 | return; |