fix private-etc empty list

author: netblue30 <netblue30@yahoo.com> 2016-05-07 10:05:29 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-05-07 10:05:29 -0400
commit: 571e8a53d6f083de8c6c90cdc9e6c48c31bb2702 (patch)
tree: 53f63b3f9ec76c2d958246fe8e184b71615604d4 /src
parent: Merge pull request #502 from Fred-Barclay/xapps (diff)
download: firejail-571e8a53d6f083de8c6c90cdc9e6c48c31bb2702.tar.gz
firejail-571e8a53d6f083de8c6c90cdc9e6c48c31bb2702.tar.zst
firejail-571e8a53d6f083de8c6c90cdc9e6c48c31bb2702.zip
3 files changed, 34 insertions, 40 deletions
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c
index 1a44b1305..2ff36f5d2 100644
--- a/src/firejail/fs_etc.c
+++ b/src/firejail/fs_etc.c
@@ -129,40 +129,44 @@ void fs_private_etc_list(void) {
                errExit("chmod");
        fs_logger("tmpfs /etc");
        
-        // copy the list of files in the new etc directory
-        // using a new child process without root privileges
        fs_logger_print();      // save the current log
-        pid_t child = fork();
-        if (child < 0)
-                errExit("fork");
-        if (child == 0) {
-                if (arg_debug)
-                        printf("Copying files in the new etc directory:\n");
-                // elevate privileges - files in the new /etc directory belong to root
-                if (setreuid(0, 0) < 0)
-                        errExit("setreuid");
-                if (setregid(0, 0) < 0)
-                        errExit("setregid");
-                
-                // copy the list of files in the new home directory
-                char *dlist = strdup(private_list);
-                if (!dlist)
-                        errExit("strdup");
-        
-                char *ptr = strtok(dlist, ",");
+        // copy the list of files in the new etc directory
-                duplicate(ptr);
+        // using a new child process without root privileges
+        if (*private_list != '\0') {
+                pid_t child = fork();
+                if (child < 0)
+                        errExit("fork");
+                if (child == 0) {
+                        if (arg_debug)
+                                printf("Copying files in the new etc directory:\n");
        
-                while ((ptr = strtok(NULL, ",")) != NULL)
+                        // elevate privileges - files in the new /etc directory belong to root
+                        if (setreuid(0, 0) < 0)
+                                errExit("setreuid");
+                        if (setregid(0, 0) < 0)
+                                errExit("setregid");
+                        
+                        // copy the list of files in the new home directory
+                        char *dlist = strdup(private_list);
+                        if (!dlist)
+                                errExit("strdup");
+                
+        
+                        char *ptr = strtok(dlist, ",");
                        duplicate(ptr);
-                free(dlist);    
+                
-                fs_logger_print();
+                        while ((ptr = strtok(NULL, ",")) != NULL)
-                exit(0);
+                                duplicate(ptr);
+                        free(dlist);    
+                        fs_logger_print();
+                        exit(0);
+                }
+                // wait for the child to finish
+                waitpid(child, NULL, 0);
        }
-        // wait for the child to finish
+        
-        waitpid(child, NULL, 0);
        if (arg_debug)
                printf("Mount-bind %s on top of /etc\n", RUN_ETC_DIR);
        if (mount(RUN_ETC_DIR, "/etc", NULL, MS_BIND|MS_REC, NULL) < 0)
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 7aa81a9c5..59f500e3a 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1330,12 +1330,7 @@ int main(int argc, char **argv) {
                                exit(1);
                        }
                        fs_check_etc_list();
-                        if (*cfg.etc_private_keep != '\0')
+                        arg_private_etc = 1;
-                                arg_private_etc = 1;
-                        else {
-                                arg_private_etc = 0;
-                                fprintf(stderr, "Warning: private-etc disabled, no file found\n");
-                        }
                }
                else if (strncmp(argv[i], "--private-bin=", 14) == 0) {
                        // extract private bin list
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 2b3984a99..095e5eecc 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -611,12 +611,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                }
                cfg.etc_private_keep = ptr + 12;
                fs_check_etc_list();
-                if (*cfg.etc_private_keep != '\0')
+                arg_private_etc = 1;
-                        arg_private_etc = 1;
-                else {
-                        arg_private_etc = 0;
-                        fprintf(stderr, "Warning: private-etc disabled, no file found\n");
-                }
                
                return 0;
        }
author	netblue30 <netblue30@yahoo.com>	2016-05-07 10:05:29 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-05-07 10:05:29 -0400
commit	571e8a53d6f083de8c6c90cdc9e6c48c31bb2702 (patch)
tree	53f63b3f9ec76c2d958246fe8e184b71615604d4 /src
parent	Merge pull request #502 from Fred-Barclay/xapps (diff)
download	firejail-571e8a53d6f083de8c6c90cdc9e6c48c31bb2702.tar.gz firejail-571e8a53d6f083de8c6c90cdc9e6c48c31bb2702.tar.zst firejail-571e8a53d6f083de8c6c90cdc9e6c48c31bb2702.zip

diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index 1a44b1305..2ff36f5d2 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c
@@ -129,40 +129,44 @@ void fs_private_etc_list(void) {
129	errExit("chmod");	129	errExit("chmod");
130	fs_logger("tmpfs /etc");	130	fs_logger("tmpfs /etc");
131		131
132	// copy the list of files in the new etc directory
133	// using a new child process without root privileges
134	fs_logger_print(); // save the current log	132	fs_logger_print(); // save the current log
135	pid_t child = fork();
136	if (child < 0)
137	errExit("fork");
138	if (child == 0) {
139	if (arg_debug)
140	printf("Copying files in the new etc directory:\n");
141		133
142	// elevate privileges - files in the new /etc directory belong to root
143	if (setreuid(0, 0) < 0)
144	errExit("setreuid");
145	if (setregid(0, 0) < 0)
146	errExit("setregid");
147
148	// copy the list of files in the new home directory
149	char *dlist = strdup(private_list);
150	if (!dlist)
151	errExit("strdup");
152
153		134
154	char *ptr = strtok(dlist, ",");	135	// copy the list of files in the new etc directory
155	duplicate(ptr);	136	// using a new child process without root privileges
		137	if (*private_list != '\0') {
		138	pid_t child = fork();
		139	if (child < 0)
		140	errExit("fork");
		141	if (child == 0) {
		142	if (arg_debug)
		143	printf("Copying files in the new etc directory:\n");
156		144
157	while ((ptr = strtok(NULL, ",")) != NULL)	145	// elevate privileges - files in the new /etc directory belong to root
		146	if (setreuid(0, 0) < 0)
		147	errExit("setreuid");
		148	if (setregid(0, 0) < 0)
		149	errExit("setregid");
		150
		151	// copy the list of files in the new home directory
		152	char *dlist = strdup(private_list);
		153	if (!dlist)
		154	errExit("strdup");
		155
		156
		157	char *ptr = strtok(dlist, ",");
158	duplicate(ptr);	158	duplicate(ptr);
159	free(dlist);	159
160	fs_logger_print();	160	while ((ptr = strtok(NULL, ",")) != NULL)
161	exit(0);	161	duplicate(ptr);
		162	free(dlist);
		163	fs_logger_print();
		164	exit(0);
		165	}
		166	// wait for the child to finish
		167	waitpid(child, NULL, 0);
162	}	168	}
163	// wait for the child to finish	169
164	waitpid(child, NULL, 0);
165
166	if (arg_debug)	170	if (arg_debug)
167	printf("Mount-bind %s on top of /etc\n", RUN_ETC_DIR);	171	printf("Mount-bind %s on top of /etc\n", RUN_ETC_DIR);
168	if (mount(RUN_ETC_DIR, "/etc", NULL, MS_BIND\|MS_REC, NULL) < 0)	172	if (mount(RUN_ETC_DIR, "/etc", NULL, MS_BIND\|MS_REC, NULL) < 0)


diff --git a/src/firejail/main.c b/src/firejail/main.c index 7aa81a9c5..59f500e3a 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -1330,12 +1330,7 @@ int main(int argc, char **argv) {
1330	exit(1);	1330	exit(1);
1331	}	1331	}
1332	fs_check_etc_list();	1332	fs_check_etc_list();
1333	if (*cfg.etc_private_keep != '\0')	1333	arg_private_etc = 1;
1334	arg_private_etc = 1;
1335	else {
1336	arg_private_etc = 0;
1337	fprintf(stderr, "Warning: private-etc disabled, no file found\n");
1338	}
1339	}	1334	}
1340	else if (strncmp(argv[i], "--private-bin=", 14) == 0) {	1335	else if (strncmp(argv[i], "--private-bin=", 14) == 0) {
1341	// extract private bin list	1336	// extract private bin list


diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 2b3984a99..095e5eecc 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c
@@ -611,12 +611,7 @@ int profile_check_line(char ptr, int lineno, const char fname) {
611	}	611	}
612	cfg.etc_private_keep = ptr + 12;	612	cfg.etc_private_keep = ptr + 12;
613	fs_check_etc_list();	613	fs_check_etc_list();
614	if (*cfg.etc_private_keep != '\0')	614	arg_private_etc = 1;
615	arg_private_etc = 1;
616	else {
617	arg_private_etc = 0;
618	fprintf(stderr, "Warning: private-etc disabled, no file found\n");
619	}
620		615
621	return 0;	616	return 0;
622	}	617	}