diff options
| author |  startx2017 <vradu.startx@yandex.com> | 2018-03-18 10:03:41 -0400 |
|---|---|---|
| committer | startx2017 <vradu.startx@yandex.com> | 2018-03-18 10:03:41 -0400 |
| commit | cc9183d70224babdb65d9dbb9d29e6d14876ca2b (patch) | |
| tree | abe1cf1d4142e869cc61ae027a154b137412930f /src | |
| parent | harden konversation and kwrite, minor fixes (diff) | |
| download | firejail-cc9183d70224babdb65d9dbb9d29e6d14876ca2b.tar.gz firejail-cc9183d70224babdb65d9dbb9d29e6d14876ca2b.tar.zst firejail-cc9183d70224babdb65d9dbb9d29e6d14876ca2b.zip | |
more run files fixing - problem when running on symlinks
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/main.c | 18 | ||||
| -rw-r--r-- | src/firejail/preproc.c | 51 | ||||
| -rw-r--r-- | src/firejail/run_files.c | 2 |
3 files changed, 44 insertions, 27 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index dad9befd3..38db165e8 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -835,12 +835,24 @@ int main(int argc, char **argv) { | |||
| 835 | // get starting timestamp | 835 | // get starting timestamp |
| 836 | start_timestamp = getticks(); | 836 | start_timestamp = getticks(); |
| 837 | 837 | ||
| 838 | if (check_arg(argc, argv, "--quiet", 1)) | ||
| 839 | arg_quiet = 1; | ||
| 840 | |||
| 838 | // build /run/firejail directory structure | 841 | // build /run/firejail directory structure |
| 839 | preproc_build_firejail_dir(); | 842 | preproc_build_firejail_dir(); |
| 840 | preproc_clean_run(); | 843 | char *container_name = getenv("container"); |
| 844 | if (!container_name || strcmp(container_name, "firejail")) { | ||
| 845 | lockfd_directory = open(RUN_DIRECTORY_LOCK_FILE, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR); | ||
| 846 | if (lockfd_directory != -1) { | ||
| 847 | int rv = fchown(lockfd_directory, 0, 0); | ||
| 848 | (void) rv; | ||
| 849 | flock(lockfd_directory, LOCK_EX); | ||
| 850 | } | ||
| 851 | preproc_clean_run(); | ||
| 852 | flock(lockfd_directory, LOCK_UN); | ||
| 853 | close(lockfd_directory); | ||
| 854 | } | ||
| 841 | 855 | ||
| 842 | if (check_arg(argc, argv, "--quiet", 1)) | ||
| 843 | arg_quiet = 1; | ||
| 844 | if (check_arg(argc, argv, "--allow-debuggers", 1)) { | 856 | if (check_arg(argc, argv, "--allow-debuggers", 1)) { |
| 845 | // check kernel version | 857 | // check kernel version |
| 846 | struct utsname u; | 858 | struct utsname u; |
diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c index 1f4cf9e54..45399bd48 100644 --- a/src/firejail/preproc.c +++ b/src/firejail/preproc.c | |||
| @@ -107,6 +107,31 @@ void preproc_mount_mnt_dir(void) { | |||
| 107 | } | 107 | } |
| 108 | } | 108 | } |
| 109 | 109 | ||
| 110 | static void clean_dir(const char *name, int *pidarr, int start_pid, int max_pids) { | ||
| 111 | DIR *dir; | ||
| 112 | if (!(dir = opendir(name))) { | ||
| 113 | fwarning("cannot clean %s directory\n", name); | ||
| 114 | return; // we live to fight another day! | ||
| 115 | } | ||
| 116 | |||
| 117 | // clean leftover files | ||
| 118 | struct dirent *entry; | ||
| 119 | char *end; | ||
| 120 | while ((entry = readdir(dir)) != NULL) { | ||
| 121 | pid_t pid = strtol(entry->d_name, &end, 10); | ||
| 122 | pid %= max_pids; | ||
| 123 | if (end == entry->d_name || *end) | ||
| 124 | continue; | ||
| 125 | |||
| 126 | if (pid < start_pid) | ||
| 127 | continue; | ||
| 128 | if (pidarr[pid] == 0) | ||
| 129 | delete_run_files(pid); | ||
| 130 | } | ||
| 131 | closedir(dir); | ||
| 132 | } | ||
| 133 | |||
| 134 | |||
| 110 | // clean run directory | 135 | // clean run directory |
| 111 | void preproc_clean_run(void) { | 136 | void preproc_clean_run(void) { |
| 112 | int max_pids=32769; | 137 | int max_pids=32769; |
| @@ -153,29 +178,9 @@ void preproc_clean_run(void) { | |||
| 153 | } | 178 | } |
| 154 | closedir(dir); | 179 | closedir(dir); |
| 155 | 180 | ||
| 156 | // open /run/firejail/profile directory | 181 | // clean profile and name directories |
| 157 | if (!(dir = opendir(RUN_FIREJAIL_PROFILE_DIR))) { | 182 | clean_dir(RUN_FIREJAIL_PROFILE_DIR, pidarr, start_pid, max_pids); |
| 158 | // sleep 2 seconds and try again | 183 | clean_dir(RUN_FIREJAIL_NAME_DIR, pidarr, start_pid, max_pids); |
| 159 | sleep(2); | ||
| 160 | if (!(dir = opendir(RUN_FIREJAIL_PROFILE_DIR))) { | ||
| 161 | fprintf(stderr, "Error: cannot open %s directory\n", RUN_FIREJAIL_PROFILE_DIR); | ||
| 162 | exit(1); | ||
| 163 | } | ||
| 164 | } | ||
| 165 | |||
| 166 | // read /run/firejail/profile directory and clean leftover files | ||
| 167 | while ((entry = readdir(dir)) != NULL) { | ||
| 168 | pid_t pid = strtol(entry->d_name, &end, 10); | ||
| 169 | pid %= max_pids; | ||
| 170 | if (end == entry->d_name || *end) | ||
| 171 | continue; | ||
| 172 | |||
| 173 | if (pid < start_pid) | ||
| 174 | continue; | ||
| 175 | if (pidarr[pid] == 0) | ||
| 176 | delete_run_files(pid); | ||
| 177 | } | ||
| 178 | closedir(dir); | ||
| 179 | 184 | ||
| 180 | free(pidarr); | 185 | free(pidarr); |
| 181 | } | 186 | } |
diff --git a/src/firejail/run_files.c b/src/firejail/run_files.c index 42303c07b..57a0e19df 100644 --- a/src/firejail/run_files.c +++ b/src/firejail/run_files.c | |||
| @@ -70,8 +70,8 @@ void delete_run_files(pid_t pid) { | |||
| 70 | delete_bandwidth_run_file(pid); | 70 | delete_bandwidth_run_file(pid); |
| 71 | delete_network_run_file(pid); | 71 | delete_network_run_file(pid); |
| 72 | delete_name_run_file(pid); | 72 | delete_name_run_file(pid); |
| 73 | delete_profile_run_file(pid); | ||
| 74 | delete_x11_run_file(pid); | 73 | delete_x11_run_file(pid); |
| 74 | delete_profile_run_file(pid); | ||
| 75 | } | 75 | } |
| 76 | 76 | ||
| 77 | void set_name_run_file(pid_t pid) { | 77 | void set_name_run_file(pid_t pid) { |