fixes

author: netblue30 <netblue30@yahoo.com> 2016-03-20 13:17:35 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-03-20 13:17:35 -0400
commit: 74149d2484c091e1595416731ba208ff7803957b (patch)
tree: 23f8fa53f63425103ad9d6d493d49d1fe3cedffd /src
parent: fixed symlinks for private-bin (diff)
download: firejail-74149d2484c091e1595416731ba208ff7803957b.tar.gz
firejail-74149d2484c091e1595416731ba208ff7803957b.tar.zst
firejail-74149d2484c091e1595416731ba208ff7803957b.zip
3 files changed, 37 insertions, 13 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index f1ddd40ad..0e2ae16c2 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -370,6 +370,7 @@ const char *gnu_basename(const char *path);
 uid_t pid_get_uid(pid_t pid);
 void invalid_filename(const char *fname);
 uid_t get_tty_gid(void);
+uid_t get_audio_gid(void);
 // fs_var.c
 void fs_var_log(void);  // mounting /var/log
diff --git a/src/firejail/main.c b/src/firejail/main.c
index b20854b30..612d9c667 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -2007,6 +2007,7 @@ int main(int argc, char **argv) {
                char *map_path;
                if (asprintf(&map_path, "/proc/%d/uid_map", child) == -1)
                        errExit("asprintf");
                char *map;
                uid_t uid = getuid();
                if (asprintf(&map, "%d %d 1", uid, uid) == -1)
@@ -2017,23 +2018,35 @@ int main(int argc, char **argv) {
                free(map);
                free(map_path);
         
-                //gid
+                // gid file
-                if (asprintf(&map_path, "/proc/%d/gid_map", child) == -1)
+                if (asprintf(&map_path, "/proc/%d/gid_map", child) == -1)
-                        errExit("asprintf");
+                        errExit("asprintf");
+                char gidmap[1024];
+                char *ptr = gidmap;
+                *ptr = '\0';
+                // add user group
                gid_t gid = getgid();
+                sprintf(ptr, "%d %d 1\n", gid, gid);
+                ptr += strlen(ptr);
+                
+                //  add tty group
                gid_t ttygid = get_tty_gid();
-                if (ttygid == 0)  {
+                if (ttygid) {
-                        if (asprintf(&map, "%d %d 1", gid, gid) == -1)
+                        sprintf(ptr, "%d %d 1\n", ttygid, ttygid);
-                                errExit("asprintf");
+                        ptr += strlen(ptr);
-                }
+                }
-                else {
+                
-                        if (asprintf(&map, "%d %d 1\n%d %d 1", gid, gid, ttygid, ttygid) == -1)
+                //  add audio group
-                                errExit("asprintf");
+                gid_t audiogid = get_audio_gid();
-                }
+                if (ttygid) {
+                        sprintf(ptr, "%d %d 1\n", audiogid, audiogid);
+                        ptr += strlen(ptr);
+                }
+                
                EUID_ROOT();
-                update_map(map, map_path);
+                update_map(gidmap, map_path);
                EUID_USER();
-                free(map);
                free(map_path);
        }
        
diff --git a/src/firejail/util.c b/src/firejail/util.c
index 04b564370..1fa60bb4d 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -642,3 +642,13 @@ uid_t get_tty_gid(void) {
        return ttygid;
 }
+uid_t get_audio_gid(void) {
+        // find tty group id
+        gid_t audiogid = 0;
+        struct group *g = getgrnam("audio");
+        if (g)
+                audiogid = g->gr_gid;
+        return audiogid;
+}
author	netblue30 <netblue30@yahoo.com>	2016-03-20 13:17:35 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-03-20 13:17:35 -0400
commit	74149d2484c091e1595416731ba208ff7803957b (patch)
tree	23f8fa53f63425103ad9d6d493d49d1fe3cedffd /src
parent	fixed symlinks for private-bin (diff)
download	firejail-74149d2484c091e1595416731ba208ff7803957b.tar.gz firejail-74149d2484c091e1595416731ba208ff7803957b.tar.zst firejail-74149d2484c091e1595416731ba208ff7803957b.zip

diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index f1ddd40ad..0e2ae16c2 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h
@@ -370,6 +370,7 @@ const char gnu_basename(const char path);
370	uid_t pid_get_uid(pid_t pid);	370	uid_t pid_get_uid(pid_t pid);
371	void invalid_filename(const char *fname);	371	void invalid_filename(const char *fname);
372	uid_t get_tty_gid(void);	372	uid_t get_tty_gid(void);
		373	uid_t get_audio_gid(void);
373		374
374	// fs_var.c	375	// fs_var.c
375	void fs_var_log(void); // mounting /var/log	376	void fs_var_log(void); // mounting /var/log


diff --git a/src/firejail/main.c b/src/firejail/main.c index b20854b30..612d9c667 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -2007,6 +2007,7 @@ int main(int argc, char **argv) {
2007	char *map_path;	2007	char *map_path;
2008	if (asprintf(&map_path, "/proc/%d/uid_map", child) == -1)	2008	if (asprintf(&map_path, "/proc/%d/uid_map", child) == -1)
2009	errExit("asprintf");	2009	errExit("asprintf");
		2010
2010	char *map;	2011	char *map;
2011	uid_t uid = getuid();	2012	uid_t uid = getuid();
2012	if (asprintf(&map, "%d %d 1", uid, uid) == -1)	2013	if (asprintf(&map, "%d %d 1", uid, uid) == -1)
@@ -2017,23 +2018,35 @@ int main(int argc, char **argv) {
2017	free(map);	2018	free(map);
2018	free(map_path);	2019	free(map_path);
2019		2020
2020	//gid	2021	// gid file
2021	if (asprintf(&map_path, "/proc/%d/gid_map", child) == -1)	2022	if (asprintf(&map_path, "/proc/%d/gid_map", child) == -1)
2022	errExit("asprintf");	2023	errExit("asprintf");
		2024	char gidmap[1024];
		2025	char *ptr = gidmap;
		2026	*ptr = '\0';
		2027
		2028	// add user group
2023	gid_t gid = getgid();	2029	gid_t gid = getgid();
		2030	sprintf(ptr, "%d %d 1\n", gid, gid);
		2031	ptr += strlen(ptr);
		2032
		2033	// add tty group
2024	gid_t ttygid = get_tty_gid();	2034	gid_t ttygid = get_tty_gid();
2025	if (ttygid == 0) {	2035	if (ttygid) {
2026	if (asprintf(&map, "%d %d 1", gid, gid) == -1)	2036	sprintf(ptr, "%d %d 1\n", ttygid, ttygid);
2027	errExit("asprintf");	2037	ptr += strlen(ptr);
2028	}	2038	}
2029	else {	2039
2030	if (asprintf(&map, "%d %d 1\n%d %d 1", gid, gid, ttygid, ttygid) == -1)	2040	// add audio group
2031	errExit("asprintf");	2041	gid_t audiogid = get_audio_gid();
2032	}	2042	if (ttygid) {
		2043	sprintf(ptr, "%d %d 1\n", audiogid, audiogid);
		2044	ptr += strlen(ptr);
		2045	}
		2046
2033	EUID_ROOT();	2047	EUID_ROOT();
2034	update_map(map, map_path);	2048	update_map(gidmap, map_path);
2035	EUID_USER();	2049	EUID_USER();
2036	free(map);
2037	free(map_path);	2050	free(map_path);
2038	}	2051	}
2039		2052


diff --git a/src/firejail/util.c b/src/firejail/util.c index 04b564370..1fa60bb4d 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c
@@ -642,3 +642,13 @@ uid_t get_tty_gid(void) {
642		642
643	return ttygid;	643	return ttygid;
644	}	644	}
		645
		646	uid_t get_audio_gid(void) {
		647	// find tty group id
		648	gid_t audiogid = 0;
		649	struct group *g = getgrnam("audio");
		650	if (g)
		651	audiogid = g->gr_gid;
		652
		653	return audiogid;
		654	}