aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorLibravatar startx2017 <vradu.startx@yandex.com>2017-04-13 08:20:08 -0400
committerLibravatar startx2017 <vradu.startx@yandex.com>2017-04-13 08:20:08 -0400
commit05e9768345dc3660974d2eecb0b5134d17b20434 (patch)
tree1f585c97ce51120186975fda5c490f00b44c5f3c /src
parentfix /sys handling for overlayfs and chroot (diff)
downloadfirejail-05e9768345dc3660974d2eecb0b5134d17b20434.tar.gz
firejail-05e9768345dc3660974d2eecb0b5134d17b20434.tar.zst
firejail-05e9768345dc3660974d2eecb0b5134d17b20434.zip
redirect all warnings to fwarning function and control the output with --quiet
Diffstat (limited to 'src')
-rw-r--r--src/firejail/appimage.c5
-rw-r--r--src/firejail/cgroup.c2
-rw-r--r--src/firejail/cpu.c16
-rw-r--r--src/firejail/firejail.h2
-rw-r--r--src/firejail/fs.c21
-rw-r--r--src/firejail/fs_bin.c2
-rw-r--r--src/firejail/fs_dev.c4
-rw-r--r--src/firejail/fs_etc.c5
-rw-r--r--src/firejail/fs_home.c2
-rw-r--r--src/firejail/fs_mkdir.c4
-rw-r--r--src/firejail/fs_var.c8
-rw-r--r--src/firejail/fs_whitelist.c5
-rw-r--r--src/firejail/join.c2
-rw-r--r--src/firejail/main.c24
-rw-r--r--src/firejail/netns.c2
-rw-r--r--src/firejail/network.c2
-rw-r--r--src/firejail/network_main.c2
-rw-r--r--src/firejail/no_sandbox.c11
-rw-r--r--src/firejail/profile.c6
-rw-r--r--src/firejail/protocol.c4
-rw-r--r--src/firejail/restrict_users.c6
-rw-r--r--src/firejail/sandbox.c51
-rw-r--r--src/firejail/seccomp.c2
-rw-r--r--src/firejail/util.c31
24 files changed, 104 insertions, 115 deletions
diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c
index 980c80bd9..e14de3c27 100644
--- a/src/firejail/appimage.c
+++ b/src/firejail/appimage.c
@@ -155,15 +155,14 @@ void appimage_clear(void) {
155 break; 155 break;
156 } 156 }
157 if (rv == -1 && errno == EBUSY) { 157 if (rv == -1 && errno == EBUSY) {
158 if (!arg_quiet) 158 fwarning("EBUSY error trying to unmount %s\n", mntdir);
159 printf("Warning: EBUSY error trying to unmount %s\n", mntdir);
160 sleep(2); 159 sleep(2);
161 continue; 160 continue;
162 } 161 }
163 162
164 // rv = -1 163 // rv = -1
165 if (!arg_quiet) { 164 if (!arg_quiet) {
166 printf("Warning: error trying to unmount %s\n", mntdir); 165 fwarning("error trying to unmount %s\n", mntdir);
167 perror("umount"); 166 perror("umount");
168 } 167 }
169 } 168 }
diff --git a/src/firejail/cgroup.c b/src/firejail/cgroup.c
index 143180bfb..6ceb647ff 100644
--- a/src/firejail/cgroup.c
+++ b/src/firejail/cgroup.c
@@ -63,7 +63,7 @@ void load_cgroup(const char *fname) {
63 return; 63 return;
64 } 64 }
65errout: 65errout:
66 fprintf(stderr, "Warning: cannot load control group\n"); 66 fwarning("cannot load control group\n");
67 if (fp) 67 if (fp)
68 fclose(fp); 68 fclose(fp);
69} 69}
diff --git a/src/firejail/cpu.c b/src/firejail/cpu.c
index 7a3e056c1..9c0214502 100644
--- a/src/firejail/cpu.c
+++ b/src/firejail/cpu.c
@@ -100,7 +100,7 @@ void load_cpu(const char *fname) {
100 fclose(fp); 100 fclose(fp);
101 } 101 }
102 else 102 else
103 fprintf(stderr, "Warning: cannot load cpu affinity mask\n"); 103 fwarning("cannot load cpu affinity mask\n");
104} 104}
105 105
106void set_cpu_affinity(void) { 106void set_cpu_affinity(void) {
@@ -115,20 +115,14 @@ void set_cpu_affinity(void) {
115 CPU_SET(i, &mask); 115 CPU_SET(i, &mask);
116 } 116 }
117 117
118 if (sched_setaffinity(0, sizeof(mask), &mask) == -1) { 118 if (sched_setaffinity(0, sizeof(mask), &mask) == -1)
119 fprintf(stderr, "Warning: cannot set cpu affinity\n"); 119 fwarning("cannot set cpu affinity\n");
120 fprintf(stderr, " ");
121 perror("sched_setaffinity");
122 }
123 120
124 // verify cpu affinity 121 // verify cpu affinity
125 cpu_set_t mask2; 122 cpu_set_t mask2;
126 CPU_ZERO(&mask2); 123 CPU_ZERO(&mask2);
127 if (sched_getaffinity(0, sizeof(mask2), &mask2) == -1) { 124 if (sched_getaffinity(0, sizeof(mask2), &mask2) == -1)
128 fprintf(stderr, "Warning: cannot verify cpu affinity\n"); 125 fwarning("cannot verify cpu affinity\n");
129 fprintf(stderr, " ");
130 perror("sched_getaffinity");
131 }
132 else if (arg_debug) { 126 else if (arg_debug) {
133 if (CPU_EQUAL(&mask, &mask2)) 127 if (CPU_EQUAL(&mask, &mask2))
134 printf("CPU affinity set\n"); 128 printf("CPU affinity set\n");
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 7258dd2f8..8831d07f0 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -21,6 +21,7 @@
21#define FIREJAIL_H 21#define FIREJAIL_H
22#include "../include/common.h" 22#include "../include/common.h"
23#include "../include/euid_common.h" 23#include "../include/euid_common.h"
24#include <stdarg.h>
24 25
25// debug restricted shell 26// debug restricted shell
26//#define DEBUG_RESTRICTED_SHELL 27//#define DEBUG_RESTRICTED_SHELL
@@ -446,6 +447,7 @@ int arp_check(const char *dev, uint32_t destaddr, uint32_t srcaddr);
446uint32_t arp_assign(const char *dev, Bridge *br); 447uint32_t arp_assign(const char *dev, Bridge *br);
447 448
448// util.c 449// util.c
450void fwarning(char* fmt, ...);
449void drop_privs(int nogroups); 451void drop_privs(int nogroups);
450int mkpath_as_root(const char* path); 452int mkpath_as_root(const char* path);
451void extract_command_name(int index, char **argv); 453void extract_command_name(int index, char **argv);
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index f6aba7048..fa66da617 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -97,7 +97,7 @@ static void disable_file(OPERATION op, const char *filename) {
97 return; 97 return;
98 if (stat(fname, &s) == -1) { 98 if (stat(fname, &s) == -1) {
99 if (arg_debug) 99 if (arg_debug)
100 printf("Warning: %s does not exist, skipping...\n", fname); 100 fwarning("%s does not exist, skipping...\n", fname);
101 free(fname); 101 free(fname);
102 return; 102 return;
103 } 103 }
@@ -108,8 +108,7 @@ static void disable_file(OPERATION op, const char *filename) {
108 if ((strcmp(fname, "/bin") == 0 || strcmp(fname, "/usr/bin") == 0) && 108 if ((strcmp(fname, "/bin") == 0 || strcmp(fname, "/usr/bin") == 0) &&
109 is_link(filename) && 109 is_link(filename) &&
110 S_ISDIR(s.st_mode)) { 110 S_ISDIR(s.st_mode)) {
111 if (!arg_quiet) 111 fwarning("%s directory link was not blacklisted\n", filename);
112 fprintf(stderr, "Warning: %s directory link was not blacklisted\n", filename);
113 } 112 }
114 else { 113 else {
115 if (arg_debug) { 114 if (arg_debug) {
@@ -175,7 +174,7 @@ static void disable_file(OPERATION op, const char *filename) {
175 fs_logger2("tmpfs", fname); 174 fs_logger2("tmpfs", fname);
176 } 175 }
177 else 176 else
178 printf("Warning: %s is not a directory; cannot mount a tmpfs on top of it.\n", fname); 177 fwarning("%s is not a directory; cannot mount a tmpfs on top of it.\n", fname);
179 } 178 }
180 else 179 else
181 assert(0); 180 assert(0);
@@ -444,8 +443,7 @@ static void fs_rdwr(const char *dir) {
444 // if the file is outside /home directory, allow only root user 443 // if the file is outside /home directory, allow only root user
445 uid_t u = getuid(); 444 uid_t u = getuid();
446 if (u != 0 && s.st_uid != u) { 445 if (u != 0 && s.st_uid != u) {
447 if (!arg_quiet) 446 fwarning("you are not allowed to change %s to read-write\n", dir);
448 fprintf(stderr, "Warning: you are not allowed to change %s to read-write\n", dir);
449 return; 447 return;
450 } 448 }
451 449
@@ -501,9 +499,9 @@ void fs_proc_sys_dev_boot(void) {
501 if (arg_debug) 499 if (arg_debug)
502 printf("Remounting /sys directory\n"); 500 printf("Remounting /sys directory\n");
503 if (umount2("/sys", MNT_DETACH) < 0) 501 if (umount2("/sys", MNT_DETACH) < 0)
504 fprintf(stderr, "Warning: failed to unmount /sys\n"); 502 fwarning("failed to unmount /sys\n");
505 if (mount("sysfs", "/sys", "sysfs", MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REC, NULL) < 0) 503 if (mount("sysfs", "/sys", "sysfs", MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REC, NULL) < 0)
506 fprintf(stderr, "Warning: failed to mount /sys\n"); 504 fwarning("failed to mount /sys\n");
507 else 505 else
508 fs_logger("remount /sys"); 506 fs_logger("remount /sys");
509 507
@@ -913,7 +911,8 @@ void fs_overlayfs(void) {
913 // issue #263 end code 911 // issue #263 end code
914 //*************************** 912 //***************************
915 } 913 }
916 printf("OverlayFS configured in %s directory\n", basedir); 914 if (!arg_quiet)
915 printf("OverlayFS configured in %s directory\n", basedir);
917 916
918 // mount-bind dev directory 917 // mount-bind dev directory
919 if (arg_debug) 918 if (arg_debug)
@@ -943,7 +942,7 @@ void fs_overlayfs(void) {
943 if (asprintf(&x11, "%s/tmp/.X11-unix", oroot) == -1) 942 if (asprintf(&x11, "%s/tmp/.X11-unix", oroot) == -1)
944 errExit("asprintf"); 943 errExit("asprintf");
945 if (mount("/tmp/.X11-unix", x11, NULL, MS_BIND|MS_REC, NULL) < 0) 944 if (mount("/tmp/.X11-unix", x11, NULL, MS_BIND|MS_REC, NULL) < 0)
946 fprintf(stderr, "Warning: cannot mount /tmp/.X11-unix in overlay\n"); 945 fwarning("cannot mount /tmp/.X11-unix in overlay\n");
947 else 946 else
948 fs_logger("whitelist /tmp/.X11-unix"); 947 fs_logger("whitelist /tmp/.X11-unix");
949 free(x11); 948 free(x11);
@@ -1172,7 +1171,7 @@ void fs_chroot(const char *rootdir) {
1172 exit(1); 1171 exit(1);
1173 } 1172 }
1174 if (copy_file("/etc/resolv.conf", fname, 0, 0, 0644) == -1) // root needed 1173 if (copy_file("/etc/resolv.conf", fname, 0, 0, 0644) == -1) // root needed
1175 fprintf(stderr, "Warning: /etc/resolv.conf not initialized\n"); 1174 fwarning("/etc/resolv.conf not initialized\n");
1176 } 1175 }
1177 1176
1178 // chroot into the new directory 1177 // chroot into the new directory
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c
index 73edd2ef9..c572bec88 100644
--- a/src/firejail/fs_bin.c
+++ b/src/firejail/fs_bin.c
@@ -86,7 +86,7 @@ static char *check_dir_or_file(const char *name) {
86 86
87 if (!fname) { 87 if (!fname) {
88 if (arg_debug) 88 if (arg_debug)
89 fprintf(stderr, "Warning: file %s not found\n", name); 89 fwarning("file %s not found\n", name);
90 return NULL; 90 return NULL;
91 } 91 }
92 92
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c
index fd21e7515..20fcf56e7 100644
--- a/src/firejail/fs_dev.c
+++ b/src/firejail/fs_dev.c
@@ -72,7 +72,7 @@ static void deventry_mount(void) {
72 struct stat s; 72 struct stat s;
73 if (stat(dev[i].run_fname, &s) == -1) { 73 if (stat(dev[i].run_fname, &s) == -1) {
74 if (arg_debug) 74 if (arg_debug)
75 printf("Warning: cannot stat %s file\n", dev[i].run_fname); 75 fwarning("cannot stat %s file\n", dev[i].run_fname);
76 i++; 76 i++;
77 continue; 77 continue;
78 } 78 }
@@ -254,7 +254,7 @@ void fs_dev_shm(void) {
254 free(lnk); 254 free(lnk);
255 } 255 }
256 else { 256 else {
257 fprintf(stderr, "Warning: /dev/shm not mounted\n"); 257 fwarning("/dev/shm not mounted\n");
258 dbg_test_dir("/dev/shm"); 258 dbg_test_dir("/dev/shm");
259 } 259 }
260 260
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c
index 69c422f1d..59700dd9b 100644
--- a/src/firejail/fs_etc.c
+++ b/src/firejail/fs_etc.c
@@ -81,7 +81,7 @@ static int check_dir_or_file(const char *fname) {
81 struct stat s; 81 struct stat s;
82 if (stat(fname, &s) == -1) { 82 if (stat(fname, &s) == -1) {
83 if (arg_debug) 83 if (arg_debug)
84 printf("Warning: file %s not found.\n", fname); 84 fwarning("file %s not found.\n", fname);
85 return 0; 85 return 0;
86 } 86 }
87 87
@@ -109,8 +109,7 @@ static void duplicate(const char *fname, const char *private_dir, const char *pr
109 if (asprintf(&src, "%s/%s", private_dir, fname) == -1) 109 if (asprintf(&src, "%s/%s", private_dir, fname) == -1)
110 errExit("asprintf"); 110 errExit("asprintf");
111 if (check_dir_or_file(src) == 0) { 111 if (check_dir_or_file(src) == 0) {
112 if (!arg_quiet) 112 fwarning("skipping %s for private %s\n", fname, private_dir);
113 fprintf(stderr, "Warning: skipping %s for private %s\n", fname, private_dir);
114 free(src); 113 free(src);
115 return; 114 return;
116 } 115 }
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index 3364ef797..d24f19da7 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -119,7 +119,7 @@ static int store_xauthority(void) {
119 struct stat s; 119 struct stat s;
120 if (stat(src, &s) == 0) { 120 if (stat(src, &s) == 0) {
121 if (is_link(src)) { 121 if (is_link(src)) {
122 fprintf(stderr, "Warning: invalid .Xauthority file\n"); 122 fwarning("invalid .Xauthority file\n");
123 return 0; 123 return 0;
124 } 124 }
125 125
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c
index f90b7df60..4397f0721 100644
--- a/src/firejail/fs_mkdir.c
+++ b/src/firejail/fs_mkdir.c
@@ -39,11 +39,11 @@ static void mkdir_recursive(char *path) {
39 if (stat(subdir, &s) == -1) { 39 if (stat(subdir, &s) == -1) {
40 /* coverity[toctou] */ 40 /* coverity[toctou] */
41 if (mkdir(subdir, 0700) == -1) { 41 if (mkdir(subdir, 0700) == -1) {
42 fprintf(stderr, "Warning: cannot create %s directory\n", subdir); 42 fwarning("cannot create %s directory\n", subdir);
43 return; 43 return;
44 } 44 }
45 } else if (!S_ISDIR(s.st_mode)) { 45 } else if (!S_ISDIR(s.st_mode)) {
46 fprintf(stderr, "Warning: '%s' exists, but is no directory\n", subdir); 46 fwarning("'%s exists, but is not a directory\n", subdir);
47 return; 47 return;
48 } 48 }
49 if (chdir(subdir)) { 49 if (chdir(subdir)) {
diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c
index bbea3b392..426ef48bf 100644
--- a/src/firejail/fs_var.c
+++ b/src/firejail/fs_var.c
@@ -143,7 +143,7 @@ void fs_var_log(void) {
143 fs_logger("touch /var/log/btmp"); 143 fs_logger("touch /var/log/btmp");
144 } 144 }
145 else 145 else
146 fprintf(stderr, "Warning: cannot hide /var/log directory\n"); 146 fwarning("cannot hide /var/log directory\n");
147} 147}
148 148
149void fs_var_lib(void) { 149void fs_var_lib(void) {
@@ -269,7 +269,7 @@ void fs_var_lock(void) {
269 fs_logger("tmpfs /var/lock"); 269 fs_logger("tmpfs /var/lock");
270 } 270 }
271 else { 271 else {
272 fprintf(stderr, "Warning: /var/lock not mounted\n"); 272 fwarning("/var/lock not mounted\n");
273 dbg_test_dir("/var/lock"); 273 dbg_test_dir("/var/lock");
274 } 274 }
275 } 275 }
@@ -287,7 +287,7 @@ void fs_var_tmp(void) {
287 } 287 }
288 } 288 }
289 else { 289 else {
290 fprintf(stderr, "Warning: /var/tmp not mounted\n"); 290 fwarning("/var/tmp not mounted\n");
291 dbg_test_dir("/var/tmp"); 291 dbg_test_dir("/var/tmp");
292 } 292 }
293} 293}
@@ -300,7 +300,7 @@ void fs_var_utmp(void) {
300 if (stat(UTMP_FILE, &s) == 0) 300 if (stat(UTMP_FILE, &s) == 0)
301 utmp_group = s.st_gid; 301 utmp_group = s.st_gid;
302 else { 302 else {
303 fprintf(stderr, "Warning: cannot find /var/run/utmp\n"); 303 fwarning("cannot find /var/run/utmp\n");
304 return; 304 return;
305 } 305 }
306 306
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 43a9269ff..407192200 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -352,7 +352,7 @@ void fs_whitelist(void) {
352 dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; 352 dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
353 } 353 }
354 else { 354 else {
355 if (!nowhitelist_flag) { 355 if (!nowhitelist_flag && !arg_quiet) {
356 fprintf(stderr, "***\n"); 356 fprintf(stderr, "***\n");
357 fprintf(stderr, "*** Warning: cannot whitelist Downloads directory\n"); 357 fprintf(stderr, "*** Warning: cannot whitelist Downloads directory\n");
358 fprintf(stderr, "*** \tAny file saved will be lost when the sandbox is closed.\n"); 358 fprintf(stderr, "*** \tAny file saved will be lost when the sandbox is closed.\n");
@@ -438,8 +438,7 @@ void fs_whitelist(void) {
438 if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0) { 438 if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0) {
439 // whitelisting home directory is disabled if --private option is present 439 // whitelisting home directory is disabled if --private option is present
440 if (arg_private) { 440 if (arg_private) {
441 if (!arg_quiet) 441 fwarning("\"%s\" disabled by --private\n", entry->data);
442 printf("Warning: \"%s\" disabled by --private\n", entry->data);
443 442
444 *entry->data = '\0'; 443 *entry->data = '\0';
445 continue; 444 continue;
diff --git a/src/firejail/join.c b/src/firejail/join.c
index a4b16ff8d..2f6f070e0 100644
--- a/src/firejail/join.c
+++ b/src/firejail/join.c
@@ -308,7 +308,7 @@ void join(pid_t pid, int argc, char **argv, int index) {
308 int rv = nice(cfg.nice); 308 int rv = nice(cfg.nice);
309 (void) rv; 309 (void) rv;
310 if (errno) { 310 if (errno) {
311 fprintf(stderr, "Warning: cannot set nice value\n"); 311 fwarning("cannot set nice value\n");
312 errno = 0; 312 errno = 0;
313 } 313 }
314 } 314 }
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 216488287..4357ddaa4 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -272,8 +272,7 @@ void check_user_namespace(void) {
272 return; 272 return;
273 273
274errout: 274errout:
275 if (!arg_quiet || arg_debug) 275 fwarning("noroot option is not available\n");
276 fprintf(stderr, "Warning: noroot option is not available\n");
277 arg_noroot = 0; 276 arg_noroot = 0;
278 277
279} 278}
@@ -1074,8 +1073,7 @@ int main(int argc, char **argv) {
1074 else if (strncmp(argv[i], "--protocol=", 11) == 0) { 1073 else if (strncmp(argv[i], "--protocol=", 11) == 0) {
1075 if (checkcfg(CFG_SECCOMP)) { 1074 if (checkcfg(CFG_SECCOMP)) {
1076 if (cfg.protocol) { 1075 if (cfg.protocol) {
1077 if (!arg_quiet) 1076 fwarning("a protocol list is present, the new list \"%s\" will not be installed\n", argv[i] + 11);
1078 fprintf(stderr, "Warning: a protocol list is present, the new list \"%s\" will not be installed\n", argv[i] + 11);
1079 } 1077 }
1080 else { 1078 else {
1081 // store list 1079 // store list
@@ -1708,8 +1706,7 @@ int main(int argc, char **argv) {
1708 errExit("strdup"); 1706 errExit("strdup");
1709 1707
1710 if (net_get_if_addr(intf->dev, &intf->ip, &intf->mask, intf->mac, &intf->mtu)) { 1708 if (net_get_if_addr(intf->dev, &intf->ip, &intf->mask, intf->mac, &intf->mtu)) {
1711 if (!arg_quiet || arg_debug) 1709 fwarning("interface %s is not configured\n", intf->dev);
1712 fprintf(stderr, "Warning: interface %s is not configured\n", intf->dev);
1713 } 1710 }
1714 intf->configured = 1; 1711 intf->configured = 1;
1715 } 1712 }
@@ -2186,8 +2183,7 @@ int main(int argc, char **argv) {
2186 2183
2187 // check trace configuration 2184 // check trace configuration
2188 if (arg_trace && arg_tracelog) { 2185 if (arg_trace && arg_tracelog) {
2189 if (!arg_quiet || arg_debug) 2186 fwarning("--trace and --tracelog are mutually exclusive; --tracelog disabled\n");
2190 fprintf(stderr, "Warning: --trace and --tracelog are mutually exclusive; --tracelog disabled\n");
2191 } 2187 }
2192 2188
2193 // check user namespace (--noroot) options 2189 // check user namespace (--noroot) options
@@ -2273,12 +2269,10 @@ int main(int argc, char **argv) {
2273 // use default.profile as the default 2269 // use default.profile as the default
2274 if (!custom_profile && !arg_noprofile) { 2270 if (!custom_profile && !arg_noprofile) {
2275 if (cfg.chrootdir) { 2271 if (cfg.chrootdir) {
2276 if (!arg_quiet || arg_debug) 2272 fwarning("default profile disabled by --chroot option\n");
2277 fprintf(stderr, "Warning: default profile disabled by --chroot option\n");
2278 } 2273 }
2279 else if (arg_overlay) { 2274 else if (arg_overlay) {
2280 if (!arg_quiet || arg_debug) 2275 fwarning("default profile disabled by --overlay option\n");
2281 fprintf(stderr, "Warning: default profile disabled by --overlay option\n");
2282 } 2276 }
2283 else { 2277 else {
2284 // try to load a default profile 2278 // try to load a default profile
@@ -2346,13 +2340,11 @@ int main(int argc, char **argv) {
2346 errExit("pipe"); 2340 errExit("pipe");
2347 2341
2348 if (arg_noroot && arg_overlay) { 2342 if (arg_noroot && arg_overlay) {
2349 if (!arg_quiet || arg_debug) 2343 fwarning("--overlay and --noroot are mutually exclusive, noroot disabled\n");
2350 fprintf(stderr, "Warning: --overlay and --noroot are mutually exclusive, noroot disabled\n");
2351 arg_noroot = 0; 2344 arg_noroot = 0;
2352 } 2345 }
2353 else if (arg_noroot && cfg.chrootdir) { 2346 else if (arg_noroot && cfg.chrootdir) {
2354 if (!arg_quiet || arg_debug) 2347 fwarning("--chroot and --noroot are mutually exclusive, noroot disabled\n");
2355 fprintf(stderr, "Warning: --chroot and --noroot are mutually exclusive, noroot disabled\n");
2356 arg_noroot = 0; 2348 arg_noroot = 0;
2357 } 2349 }
2358 2350
diff --git a/src/firejail/netns.c b/src/firejail/netns.c
index 477d56b3d..fdd108652 100644
--- a/src/firejail/netns.c
+++ b/src/firejail/netns.c
@@ -103,7 +103,7 @@ void netns_mounts(const char *nsname) {
103 asprintf(&etc_name, "/etc/%s", entry->d_name) < 0) 103 asprintf(&etc_name, "/etc/%s", entry->d_name) < 0)
104 errExit("asprintf"); 104 errExit("asprintf");
105 if (mount(netns_name, etc_name, "none", MS_BIND, 0) < 0) { 105 if (mount(netns_name, etc_name, "none", MS_BIND, 0) < 0) {
106 fprintf(stderr, "Warning: bind %s -> %s failed: %s\n", 106 fwarning("bind %s -> %s failed: %s\n",
107 netns_name, etc_name, strerror(errno)); 107 netns_name, etc_name, strerror(errno));
108 } 108 }
109 free(netns_name); 109 free(netns_name);
diff --git a/src/firejail/network.c b/src/firejail/network.c
index 673c607ca..44fc4f68f 100644
--- a/src/firejail/network.c
+++ b/src/firejail/network.c
@@ -75,7 +75,7 @@ void net_set_mtu(const char *ifname, int mtu) {
75 strncpy(ifr.ifr_name, ifname, IFNAMSIZ); 75 strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
76 ifr.ifr_mtu = mtu; 76 ifr.ifr_mtu = mtu;
77 if (ioctl(s, SIOCSIFMTU, (caddr_t)&ifr) != 0) 77 if (ioctl(s, SIOCSIFMTU, (caddr_t)&ifr) != 0)
78 fprintf(stderr, "Warning: cannot set mtu for interface %s\n", ifname); 78 fwarning("cannot set mtu for interface %s\n", ifname);
79 close(s); 79 close(s);
80} 80}
81 81
diff --git a/src/firejail/network_main.c b/src/firejail/network_main.c
index 924a94091..3450bceea 100644
--- a/src/firejail/network_main.c
+++ b/src/firejail/network_main.c
@@ -59,7 +59,7 @@ void net_configure_bridge(Bridge *br, char *dev_name) {
59 59
60 // allow unconfigured interfaces 60 // allow unconfigured interfaces
61 if (net_get_if_addr(br->dev, &br->ip, &br->mask, br->mac, &br->mtu)) { 61 if (net_get_if_addr(br->dev, &br->ip, &br->mask, br->mac, &br->mtu)) {
62 fprintf(stderr, "Warning: the network interface %s is not configured\n", br->dev); 62 fwarning("the network interface %s is not configured\n", br->dev);
63 br->configured = 1; 63 br->configured = 1;
64 br->arg_ip_none = 1; 64 br->arg_ip_none = 1;
65 return; 65 return;
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c
index 7cca6b291..ecbc5d1d0 100644
--- a/src/firejail/no_sandbox.c
+++ b/src/firejail/no_sandbox.c
@@ -118,7 +118,7 @@ int check_kernel_procs(void) {
118 /* coverity[toctou] */ 118 /* coverity[toctou] */
119 FILE *fp = fopen(fname, "r"); 119 FILE *fp = fopen(fname, "r");
120 if (!fp) { 120 if (!fp) {
121 fprintf(stderr, "Warning: cannot open %s\n", fname); 121 fwarning("cannot open %s\n", fname);
122 free(fname); 122 free(fname);
123 continue; 123 continue;
124 } 124 }
@@ -126,7 +126,7 @@ int check_kernel_procs(void) {
126 // read file 126 // read file
127 char buf[100]; 127 char buf[100];
128 if (fgets(buf, 10, fp) == NULL) { 128 if (fgets(buf, 10, fp) == NULL) {
129 fprintf(stderr, "Warning: cannot read %s\n", fname); 129 fwarning("cannot read %s\n", fname);
130 fclose(fp); 130 fclose(fp);
131 free(fname); 131 free(fname);
132 continue; 132 continue;
@@ -171,7 +171,7 @@ void run_no_sandbox(int argc, char **argv) {
171 strcmp(argv[i], "--zsh") == 0 || 171 strcmp(argv[i], "--zsh") == 0 ||
172 strcmp(argv[i], "--shell=none") == 0 || 172 strcmp(argv[i], "--shell=none") == 0 ||
173 strncmp(argv[i], "--shell=", 8) == 0) 173 strncmp(argv[i], "--shell=", 8) == 0)
174 fprintf(stderr, "Warning: shell-related command line options are disregarded - using SHELL environment variable\n"); 174 fwarning("shell-related command line options are disregarded - using SHELL environment variable\n");
175 } 175 }
176 176
177 // use $SHELL to get shell used in sandbox 177 // use $SHELL to get shell used in sandbox
@@ -225,9 +225,8 @@ void run_no_sandbox(int argc, char **argv) {
225 command = cfg.shell; 225 command = cfg.shell;
226 else 226 else
227 command = argv[prog_index]; 227 command = argv[prog_index];
228 if (!arg_quiet) 228 fwarning("an existing sandbox was detected. "
229 fprintf(stderr, "Warning: an existing sandbox was detected. " 229 "%s will run without any additional sandboxing features\n", command);
230 "%s will run without any additional sandboxing features\n", command);
231 230
232 arg_quiet = 1; 231 arg_quiet = 1;
233 start_application(); 232 start_application();
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 53fa38845..172aff121 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -64,8 +64,7 @@ int profile_find(const char *name, const char *dir) {
64//*************************************************** 64//***************************************************
65 65
66static void warning_feature_disabled(const char *feature) { 66static void warning_feature_disabled(const char *feature) {
67 if (!arg_quiet) 67 fwarning("%s feature is disabled in Firejail configuration file\n", feature);
68 fprintf(stderr, "Warning: %s feature is disabled in Firejail configuration file\n", feature);
69} 68}
70 69
71 70
@@ -513,8 +512,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
513#ifdef HAVE_SECCOMP 512#ifdef HAVE_SECCOMP
514 if (checkcfg(CFG_SECCOMP)) { 513 if (checkcfg(CFG_SECCOMP)) {
515 if (cfg.protocol) { 514 if (cfg.protocol) {
516 if (!arg_quiet) 515 fwarning("a protocol list is present, the new list \"%s\" will not be installed\n", ptr + 9);
517 fprintf(stderr, "Warning: a protocol list is present, the new list \"%s\" will not be installed\n", ptr + 9);
518 return 0; 516 return 0;
519 } 517 }
520 518
diff --git a/src/firejail/protocol.c b/src/firejail/protocol.c
index 382d469f1..098c9fb16 100644
--- a/src/firejail/protocol.c
+++ b/src/firejail/protocol.c
@@ -107,8 +107,8 @@ void protocol_print_filter(pid_t pid) {
107 printf("%s\n", cfg.protocol); 107 printf("%s\n", cfg.protocol);
108 exit(0); 108 exit(0);
109#else 109#else
110 fprintf(stderr, "Warning: --protocol not supported on this platform\n"); 110 fwarning("--protocol not supported on this platform\n");
111 return; 111 return;
112#endif 112#endif
113} 113}
114 114
diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c
index f759e7333..086af48b0 100644
--- a/src/firejail/restrict_users.c
+++ b/src/firejail/restrict_users.c
@@ -69,7 +69,7 @@ static void sanitize_home(void) {
69 struct stat s; 69 struct stat s;
70 if (stat(cfg.homedir, &s) == -1) { 70 if (stat(cfg.homedir, &s) == -1) {
71 // cannot find home directory, just return 71 // cannot find home directory, just return
72 fprintf(stderr, "Warning: cannot find home directory\n"); 72 fwarning("cannot find home directory\n");
73 return; 73 return;
74 } 74 }
75 75
@@ -194,7 +194,7 @@ static void sanitize_passwd(void) {
194 return; 194 return;
195 195
196errout: 196errout:
197 fprintf(stderr, "Warning: failed to clean up /etc/passwd\n"); 197 fwarning("failed to clean up /etc/passwd\n");
198 if (fpin) 198 if (fpin)
199 fclose(fpin); 199 fclose(fpin);
200 if (fpout) 200 if (fpout)
@@ -322,7 +322,7 @@ static void sanitize_group(void) {
322 return; 322 return;
323 323
324errout: 324errout:
325 fprintf(stderr, "Warning: failed to clean up /etc/group\n"); 325 fwarning("failed to clean up /etc/group\n");
326 if (fpin) 326 if (fpin)
327 fclose(fpin); 327 fclose(fpin);
328 if (fpout) 328 if (fpout)
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 6cb1aca28..35ca4ff2d 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -391,8 +391,8 @@ static void enforce_filters(void) {
391 } 391 }
392 392
393 // disable all capabilities 393 // disable all capabilities
394 if ((arg_caps_default_filter || arg_caps_list) && !arg_quiet) 394 if (arg_caps_default_filter || arg_caps_list)
395 fprintf(stderr, "Warning: all capabilities disabled for a regular user in chroot\n"); 395 fwarning("all capabilities disabled for a regular user in chroot\n");
396 arg_caps_drop_all = 1; 396 arg_caps_drop_all = 1;
397 397
398 // drop all supplementary groups; /etc/group file inside chroot 398 // drop all supplementary groups; /etc/group file inside chroot
@@ -525,8 +525,7 @@ int sandbox(void* sandbox_arg) {
525 if (cfg.defaultgw) { 525 if (cfg.defaultgw) {
526 // set the default route 526 // set the default route
527 if (net_add_route(0, 0, cfg.defaultgw)) { 527 if (net_add_route(0, 0, cfg.defaultgw)) {
528 if (!arg_quiet) 528 fwarning("cannot configure default route\n");
529 fprintf(stderr, "Warning: cannot configure default route\n");
530 gw_cfg_failed = 1; 529 gw_cfg_failed = 1;
531 } 530 }
532 } 531 }
@@ -655,17 +654,17 @@ int sandbox(void* sandbox_arg) {
655 if (arg_private) { 654 if (arg_private) {
656 if (cfg.home_private) { // --private= 655 if (cfg.home_private) { // --private=
657 if (cfg.chrootdir) 656 if (cfg.chrootdir)
658 fprintf(stderr, "Warning: private=directory feature is disabled in chroot\n"); 657 fwarning("private=directory feature is disabled in chroot\n");
659 else if (arg_overlay) 658 else if (arg_overlay)
660 fprintf(stderr, "Warning: private=directory feature is disabled in overlay\n"); 659 fwarning("private=directory feature is disabled in overlay\n");
661 else 660 else
662 fs_private_homedir(); 661 fs_private_homedir();
663 } 662 }
664 else if (cfg.home_private_keep) { // --private-home= 663 else if (cfg.home_private_keep) { // --private-home=
665 if (cfg.chrootdir) 664 if (cfg.chrootdir)
666 fprintf(stderr, "Warning: private-home= feature is disabled in chroot\n"); 665 fwarning("private-home= feature is disabled in chroot\n");
667 else if (arg_overlay) 666 else if (arg_overlay)
668 fprintf(stderr, "Warning: private-home= feature is disabled in overlay\n"); 667 fwarning("private-home= feature is disabled in overlay\n");
669 else 668 else
670 fs_private_home_list(); 669 fs_private_home_list();
671 } 670 }
@@ -675,18 +674,18 @@ int sandbox(void* sandbox_arg) {
675 674
676 if (arg_private_dev) { 675 if (arg_private_dev) {
677 if (cfg.chrootdir) 676 if (cfg.chrootdir)
678 fprintf(stderr, "Warning: private-dev feature is disabled in chroot\n"); 677 fwarning("private-dev feature is disabled in chroot\n");
679 else if (arg_overlay) 678 else if (arg_overlay)
680 fprintf(stderr, "Warning: private-dev feature is disabled in overlay\n"); 679 fwarning("private-dev feature is disabled in overlay\n");
681 else 680 else
682 fs_private_dev(); 681 fs_private_dev();
683 } 682 }
684 683
685 if (arg_private_etc) { 684 if (arg_private_etc) {
686 if (cfg.chrootdir) 685 if (cfg.chrootdir)
687 fprintf(stderr, "Warning: private-etc feature is disabled in chroot\n"); 686 fwarning("private-etc feature is disabled in chroot\n");
688 else if (arg_overlay) 687 else if (arg_overlay)
689 fprintf(stderr, "Warning: private-etc feature is disabled in overlay\n"); 688 fwarning("private-etc feature is disabled in overlay\n");
690 else { 689 else {
691 fs_private_dir_list("/etc", RUN_ETC_DIR, cfg.etc_private_keep); 690 fs_private_dir_list("/etc", RUN_ETC_DIR, cfg.etc_private_keep);
692 // create /etc/ld.so.preload file again 691 // create /etc/ld.so.preload file again
@@ -697,9 +696,9 @@ int sandbox(void* sandbox_arg) {
697 696
698 if (arg_private_opt) { 697 if (arg_private_opt) {
699 if (cfg.chrootdir) 698 if (cfg.chrootdir)
700 fprintf(stderr, "Warning: private-opt feature is disabled in chroot\n"); 699 fwarning("private-opt feature is disabled in chroot\n");
701 else if (arg_overlay) 700 else if (arg_overlay)
702 fprintf(stderr, "Warning: private-opt feature is disabled in overlay\n"); 701 fwarning("private-opt feature is disabled in overlay\n");
703 else { 702 else {
704 fs_private_dir_list("/opt", RUN_OPT_DIR, cfg.opt_private_keep); 703 fs_private_dir_list("/opt", RUN_OPT_DIR, cfg.opt_private_keep);
705 } 704 }
@@ -707,9 +706,9 @@ int sandbox(void* sandbox_arg) {
707 706
708 if (arg_private_srv) { 707 if (arg_private_srv) {
709 if (cfg.chrootdir) 708 if (cfg.chrootdir)
710 fprintf(stderr, "Warning: private-srv feature is disabled in chroot\n"); 709 fwarning("private-srv feature is disabled in chroot\n");
711 else if (arg_overlay) 710 else if (arg_overlay)
712 fprintf(stderr, "Warning: private-srv feature is disabled in overlay\n"); 711 fwarning("private-srv feature is disabled in overlay\n");
713 else { 712 else {
714 fs_private_dir_list("/srv", RUN_SRV_DIR, cfg.srv_private_keep); 713 fs_private_dir_list("/srv", RUN_SRV_DIR, cfg.srv_private_keep);
715 } 714 }
@@ -717,9 +716,9 @@ int sandbox(void* sandbox_arg) {
717 716
718 if (arg_private_bin) { 717 if (arg_private_bin) {
719 if (cfg.chrootdir) 718 if (cfg.chrootdir)
720 fprintf(stderr, "Warning: private-bin feature is disabled in chroot\n"); 719 fwarning("private-bin feature is disabled in chroot\n");
721 else if (arg_overlay) 720 else if (arg_overlay)
722 fprintf(stderr, "Warning: private-bin feature is disabled in overlay\n"); 721 fwarning("private-bin feature is disabled in overlay\n");
723 else { 722 else {
724 // for --x11=xorg we need to add xauth command 723 // for --x11=xorg we need to add xauth command
725 if (arg_x11_xorg) { 724 if (arg_x11_xorg) {
@@ -736,9 +735,9 @@ int sandbox(void* sandbox_arg) {
736 735
737 if (arg_private_tmp) { 736 if (arg_private_tmp) {
738 if (cfg.chrootdir) 737 if (cfg.chrootdir)
739 fprintf(stderr, "Warning: private-tmp feature is disabled in chroot\n"); 738 fwarning("private-tmp feature is disabled in chroot\n");
740 else if (arg_overlay) 739 else if (arg_overlay)
741 fprintf(stderr, "Warning: private-tmp feature is disabled in overlay\n"); 740 fwarning("private-tmp feature is disabled in overlay\n");
742 else { 741 else {
743 // private-tmp is implemented as a whitelist 742 // private-tmp is implemented as a whitelist
744 EUID_USER(); 743 EUID_USER();
@@ -794,9 +793,9 @@ int sandbox(void* sandbox_arg) {
794 //**************************** 793 //****************************
795 // apply all whitelist commands ... 794 // apply all whitelist commands ...
796 if (cfg.chrootdir) 795 if (cfg.chrootdir)
797 fprintf(stderr, "Warning: whitelist feature is disabled in chroot\n"); 796 fwarning("whitelist feature is disabled in chroot\n");
798 else if (arg_overlay) 797 else if (arg_overlay)
799 fprintf(stderr, "Warning: whitelist feature is disabled in overlay\n"); 798 fwarning("whitelist feature is disabled in overlay\n");
800 else 799 else
801 fs_whitelist(); 800 fs_whitelist();
802 801
@@ -873,8 +872,7 @@ int sandbox(void* sandbox_arg) {
873 int rv = nice(cfg.nice); 872 int rv = nice(cfg.nice);
874 (void) rv; 873 (void) rv;
875 if (errno) { 874 if (errno) {
876 if (!arg_quiet) 875 fwarning("cannot set nice value\n");
877 fprintf(stderr, "Warning: cannot set nice value\n");
878 errno = 0; 876 errno = 0;
879 } 877 }
880 } 878 }
@@ -930,8 +928,7 @@ int sandbox(void* sandbox_arg) {
930 if (arg_noroot) { 928 if (arg_noroot) {
931 int rv = unshare(CLONE_NEWUSER); 929 int rv = unshare(CLONE_NEWUSER);
932 if (rv == -1) { 930 if (rv == -1) {
933 if (!arg_quiet) 931 fwarning("cannot create a new user namespace, going forward without it...\n");
934 fprintf(stderr, "Warning: cannot create a new user namespace, going forward without it...\n");
935 drop_privs(arg_nogroups); 932 drop_privs(arg_nogroups);
936 arg_noroot = 0; 933 arg_noroot = 0;
937 } 934 }
@@ -963,7 +960,7 @@ int sandbox(void* sandbox_arg) {
963 int no_new_privs = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); 960 int no_new_privs = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
964 961
965 if(no_new_privs != 0 && !arg_quiet) 962 if(no_new_privs != 0 && !arg_quiet)
966 fprintf(stderr, "Warning: NO_NEW_PRIVS disabled, it requires a Linux kernel version 3.5 or newer.\n"); 963 fwarning("NO_NEW_PRIVS disabled, it requires a Linux kernel version 3.5 or newer.\n");
967 else if (arg_debug) 964 else if (arg_debug)
968 printf("NO_NEW_PRIVS set\n"); 965 printf("NO_NEW_PRIVS set\n");
969 } 966 }
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c
index ee10f3abf..17930c0e8 100644
--- a/src/firejail/seccomp.c
+++ b/src/firejail/seccomp.c
@@ -90,7 +90,7 @@ int seccomp_load(const char *fname) {
90 .filter = filter, 90 .filter = filter,
91 }; 91 };
92 if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog) || prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) { 92 if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog) || prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
93 fprintf(stderr, "Warning: seccomp disabled, it requires a Linux kernel version 3.5 or newer.\n"); 93 fwarning("seccomp disabled, it requires a Linux kernel version 3.5 or newer.\n");
94 return 1; 94 return 1;
95 } 95 }
96 96
diff --git a/src/firejail/util.c b/src/firejail/util.c
index 901ea87db..bb612516b 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -59,14 +59,14 @@ void drop_privs(int nogroups) {
59 } 59 }
60 60
61 if (rv == -1) { 61 if (rv == -1) {
62 fprintf(stderr, "Warning: cannot extract supplementary group list, dropping them\n"); 62 fwarning("cannot extract supplementary group list, dropping them\n");
63 if (setgroups(0, NULL) < 0) 63 if (setgroups(0, NULL) < 0)
64 errExit("setgroups"); 64 errExit("setgroups");
65 } 65 }
66 else { 66 else {
67 rv = setgroups(ngroups, groups); 67 rv = setgroups(ngroups, groups);
68 if (rv) { 68 if (rv) {
69 fprintf(stderr, "Warning: cannot set supplementary group list, dropping them\n"); 69 fwarning("cannot set supplementary group list, dropping them\n");
70 if (setgroups(0, NULL) < 0) 70 if (setgroups(0, NULL) < 0)
71 errExit("setgroups"); 71 errExit("setgroups");
72 } 72 }
@@ -115,6 +115,18 @@ int mkpath_as_root(const char* path) {
115 return 0; 115 return 0;
116} 116}
117 117
118void fwarning(char* fmt, ...) {
119printf("arg_quiet %d\n", arg_quiet);
120 if (arg_quiet)
121 return;
122
123 va_list args;
124 va_start(args,fmt);
125 fprintf(stderr, "Warning: ");
126 vfprintf(stderr, fmt, args);
127 va_end(args);
128}
129
118 130
119void logsignal(int s) { 131void logsignal(int s) {
120 if (!arg_debug) 132 if (!arg_debug)
@@ -197,14 +209,14 @@ int copy_file(const char *srcname, const char *destname, uid_t uid, gid_t gid, m
197 // open source 209 // open source
198 int src = open(srcname, O_RDONLY); 210 int src = open(srcname, O_RDONLY);
199 if (src < 0) { 211 if (src < 0) {
200 fprintf(stderr, "Warning: cannot open source file %s, file not copied\n", srcname); 212 fwarning("cannot open source file %s, file not copied\n", srcname);
201 return -1; 213 return -1;
202 } 214 }
203 215
204 // open destination 216 // open destination
205 int dst = open(destname, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); 217 int dst = open(destname, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
206 if (dst < 0) { 218 if (dst < 0) {
207 fprintf(stderr, "Warning: cannot open destination file %s, file not copied\n", destname); 219 fwarning("cannot open destination file %s, file not copied\n", destname);
208 close(src); 220 close(src);
209 return -1; 221 return -1;
210 } 222 }
@@ -233,7 +245,7 @@ void copy_file_as_user(const char *srcname, const char *destname, uid_t uid, gid
233 // copy, set permissions and ownership 245 // copy, set permissions and ownership
234 int rv = copy_file(srcname, destname, uid, gid, mode); // already a regular user 246 int rv = copy_file(srcname, destname, uid, gid, mode); // already a regular user
235 if (rv) 247 if (rv)
236 fprintf(stderr, "Warning: cannot copy %s\n", srcname); 248 fwarning("cannot copy %s\n", srcname);
237#ifdef HAVE_GCOV 249#ifdef HAVE_GCOV
238 __gcov_flush(); 250 __gcov_flush();
239#endif 251#endif
@@ -247,7 +259,7 @@ void copy_file_from_user_to_root(const char *srcname, const char *destname, uid_
247 // open destination 259 // open destination
248 int dst = open(destname, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); 260 int dst = open(destname, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
249 if (dst < 0) { 261 if (dst < 0) {
250 fprintf(stderr, "Warning: cannot open destination file %s, file not copied\n", destname); 262 fwarning("cannot open destination file %s, file not copied\n", destname);
251 return; 263 return;
252 } 264 }
253 265
@@ -260,10 +272,10 @@ void copy_file_from_user_to_root(const char *srcname, const char *destname, uid_
260 272
261 int src = open(srcname, O_RDONLY); 273 int src = open(srcname, O_RDONLY);
262 if (src < 0) { 274 if (src < 0) {
263 fprintf(stderr, "Warning: cannot open source file %s, file not copied\n", srcname); 275 fwarning("cannot open source file %s, file not copied\n", srcname);
264 } else { 276 } else {
265 if (copy_file_by_fd(src, dst)) { 277 if (copy_file_by_fd(src, dst)) {
266 fprintf(stderr, "Warning: cannot copy %s\n", srcname); 278 fwarning("cannot copy %s\n", srcname);
267 } 279 }
268 close(src); 280 close(src);
269 } 281 }
@@ -794,8 +806,7 @@ void flush_stdin(void) {
794 int cnt = 0; 806 int cnt = 0;
795 int rv = ioctl(STDIN_FILENO, FIONREAD, &cnt); 807 int rv = ioctl(STDIN_FILENO, FIONREAD, &cnt);
796 if (rv == 0 && cnt) { 808 if (rv == 0 && cnt) {
797 if (!arg_quiet) 809 fwarning("removing %d bytes from stdin\n", cnt);
798 printf("Warning: removing %d bytes from stdin\n", cnt);
799 rv = ioctl(STDIN_FILENO, TCFLSH, TCIFLUSH); 810 rv = ioctl(STDIN_FILENO, TCFLSH, TCIFLUSH);
800 (void) rv; 811 (void) rv;
801 } 812 }
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-18 01:44:15 +0000