diff options
| author |  netblue30 <netblue30@yahoo.com> | 2017-03-28 15:31:50 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2017-03-28 15:31:50 -0400 |
| commit | cf5559df5e168fd57a2757776f182704572c6941 (patch) | |
| tree | 332db150b3496cfffadd19be1afe65b82ef73874 /src | |
| parent | Merge pull request #1166 from SYN-cook/patch-1 (diff) | |
| download | firejail-cf5559df5e168fd57a2757776f182704572c6941.tar.gz firejail-cf5559df5e168fd57a2757776f182704572c6941.tar.zst firejail-cf5559df5e168fd57a2757776f182704572c6941.zip | |
rlimit fixes; ~/.cache cleanup
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/checkcfg.c | 9 | ||||
| -rw-r--r-- | src/firejail/firejail.h | 2 | ||||
| -rw-r--r-- | src/firejail/fs.c | 20 | ||||
| -rw-r--r-- | src/firejail/profile.c | 12 | ||||
| -rw-r--r-- | src/firejail/sandbox.c | 7 | ||||
| -rw-r--r-- | src/firejail/util.c | 1 |
6 files changed, 4 insertions, 47 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index f76f83d85..24d8d0381 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
| @@ -74,15 +74,6 @@ int checkcfg(int val) { | |||
| 74 | if (!ptr) | 74 | if (!ptr) |
| 75 | continue; | 75 | continue; |
| 76 | 76 | ||
| 77 | // mount tmpfs on top of ~/.cache directory | ||
| 78 | if (strncmp(ptr, "cache-tmpfs ", 12) == 0) { | ||
| 79 | if (strcmp(ptr + 12, "yes") == 0) | ||
| 80 | cfg_val[CFG_CACHE_TMPFS] = 1; | ||
| 81 | else if (strcmp(ptr + 12, "no") == 0) | ||
| 82 | cfg_val[CFG_CACHE_TMPFS] = 0; | ||
| 83 | else | ||
| 84 | goto errout; | ||
| 85 | } | ||
| 86 | // file transfer | 77 | // file transfer |
| 87 | else if (strncmp(ptr, "file-transfer ", 14) == 0) { | 78 | else if (strncmp(ptr, "file-transfer ", 14) == 0) { |
| 88 | if (strcmp(ptr + 14, "yes") == 0) | 79 | if (strcmp(ptr + 14, "yes") == 0) |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index a981c8759..7258dd2f8 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
| @@ -407,7 +407,6 @@ void fs_overlayfs(void); | |||
| 407 | // chroot into an existing directory; mount exiting /dev and update /etc/resolv.conf | 407 | // chroot into an existing directory; mount exiting /dev and update /etc/resolv.conf |
| 408 | void fs_chroot(const char *rootdir); | 408 | void fs_chroot(const char *rootdir); |
| 409 | void fs_check_chroot_dir(const char *rootdir); | 409 | void fs_check_chroot_dir(const char *rootdir); |
| 410 | void fs_cache(void); | ||
| 411 | 410 | ||
| 412 | // profile.c | 411 | // profile.c |
| 413 | // find and read the profile specified by name from dir directory | 412 | // find and read the profile specified by name from dir directory |
| @@ -685,7 +684,6 @@ enum { | |||
| 685 | CFG_FOLLOW_SYMLINK_AS_USER, | 684 | CFG_FOLLOW_SYMLINK_AS_USER, |
| 686 | CFG_FOLLOW_SYMLINK_PRIVATE_BIN, | 685 | CFG_FOLLOW_SYMLINK_PRIVATE_BIN, |
| 687 | CFG_DISABLE_MNT, | 686 | CFG_DISABLE_MNT, |
| 688 | CFG_CACHE_TMPFS, | ||
| 689 | CFG_JOIN, | 687 | CFG_JOIN, |
| 690 | CFG_MAX // this should always be the last entry | 688 | CFG_MAX // this should always be the last entry |
| 691 | }; | 689 | }; |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 451a946b7..0ebed61db 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
| @@ -480,26 +480,6 @@ void fs_mnt(void) { | |||
| 480 | } | 480 | } |
| 481 | 481 | ||
| 482 | 482 | ||
| 483 | void fs_cache(void) { | ||
| 484 | #if 0 | ||
| 485 | if (arg_debug) | ||
| 486 | printf("Deploy ~/.cache tmpfs\n"); | ||
| 487 | char *cache; | ||
| 488 | if (asprintf(&cache, "%s/.cache", cfg.homedir) == -1) | ||
| 489 | errExit("asprintf"); | ||
| 490 | if (is_link(cache)) { | ||
| 491 | fprintf(stderr, "Error: ~/.cache directory is a symbolik link\n"); | ||
| 492 | exit(1); | ||
| 493 | } | ||
| 494 | disable_file(MOUNT_TMPFS, cache); | ||
| 495 | if (is_link(cache)) { | ||
| 496 | fprintf(stderr, "Error: ~/.cache directory is a symbolik link\n"); | ||
| 497 | exit(1); | ||
| 498 | } | ||
| 499 | free(cache); | ||
| 500 | #endif | ||
| 501 | } | ||
| 502 | |||
| 503 | // mount /proc and /sys directories | 483 | // mount /proc and /sys directories |
| 504 | void fs_proc_sys_dev_boot(void) { | 484 | void fs_proc_sys_dev_boot(void) { |
| 505 | if (arg_debug) | 485 | if (arg_debug) |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 8f98fd397..53fa38845 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -874,27 +874,23 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
| 874 | // rlimit | 874 | // rlimit |
| 875 | if (strncmp(ptr, "rlimit", 6) == 0) { | 875 | if (strncmp(ptr, "rlimit", 6) == 0) { |
| 876 | if (strncmp(ptr, "rlimit-nofile ", 14) == 0) { | 876 | if (strncmp(ptr, "rlimit-nofile ", 14) == 0) { |
| 877 | ptr += 14; | ||
| 878 | check_unsigned(ptr + 14, "Error: invalid rlimit in profile file: "); | 877 | check_unsigned(ptr + 14, "Error: invalid rlimit in profile file: "); |
| 879 | sscanf(ptr, "%llu", &cfg.rlimit_nofile); | 878 | sscanf(ptr + 14, "%llu", &cfg.rlimit_nofile); |
| 880 | arg_rlimit_nofile = 1; | 879 | arg_rlimit_nofile = 1; |
| 881 | } | 880 | } |
| 882 | else if (strncmp(ptr, "rlimit-nproc ", 13) == 0) { | 881 | else if (strncmp(ptr, "rlimit-nproc ", 13) == 0) { |
| 883 | ptr += 13; | ||
| 884 | check_unsigned(ptr + 13, "Error: invalid rlimit in profile file: "); | 882 | check_unsigned(ptr + 13, "Error: invalid rlimit in profile file: "); |
| 885 | sscanf(ptr, "%llu", &cfg.rlimit_nproc); | 883 | sscanf(ptr + 13, "%llu", &cfg.rlimit_nproc); |
| 886 | arg_rlimit_nproc = 1; | 884 | arg_rlimit_nproc = 1; |
| 887 | } | 885 | } |
| 888 | else if (strncmp(ptr, "rlimit-fsize ", 13) == 0) { | 886 | else if (strncmp(ptr, "rlimit-fsize ", 13) == 0) { |
| 889 | ptr += 13; | ||
| 890 | check_unsigned(ptr + 13, "Error: invalid rlimit in profile file: "); | 887 | check_unsigned(ptr + 13, "Error: invalid rlimit in profile file: "); |
| 891 | sscanf(ptr, "%llu", &cfg.rlimit_fsize); | 888 | sscanf(ptr + 13, "%llu", &cfg.rlimit_fsize); |
| 892 | arg_rlimit_fsize = 1; | 889 | arg_rlimit_fsize = 1; |
| 893 | } | 890 | } |
| 894 | else if (strncmp(ptr, "rlimit-sigpending ", 18) == 0) { | 891 | else if (strncmp(ptr, "rlimit-sigpending ", 18) == 0) { |
| 895 | ptr += 18; | ||
| 896 | check_unsigned(ptr + 18, "Error: invalid rlimit in profile file: "); | 892 | check_unsigned(ptr + 18, "Error: invalid rlimit in profile file: "); |
| 897 | sscanf(ptr, "%llu", &cfg.rlimit_sigpending); | 893 | sscanf(ptr + 18, "%llu", &cfg.rlimit_sigpending); |
| 898 | arg_rlimit_sigpending = 1; | 894 | arg_rlimit_sigpending = 1; |
| 899 | } | 895 | } |
| 900 | else { | 896 | else { |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index f9e59f1ed..6cb1aca28 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
| @@ -790,13 +790,6 @@ int sandbox(void* sandbox_arg) { | |||
| 790 | fs_mnt(); | 790 | fs_mnt(); |
| 791 | 791 | ||
| 792 | //**************************** | 792 | //**************************** |
| 793 | // deploy a tmpfs on ~/.cache directory | ||
| 794 | //**************************** | ||
| 795 | if (checkcfg(CFG_CACHE_TMPFS)) | ||
| 796 | fs_cache(); | ||
| 797 | |||
| 798 | |||
| 799 | //**************************** | ||
| 800 | // apply the profile file | 793 | // apply the profile file |
| 801 | //**************************** | 794 | //**************************** |
| 802 | // apply all whitelist commands ... | 795 | // apply all whitelist commands ... |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 93eabec65..88fa67183 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
| @@ -421,7 +421,6 @@ char *split_comma(char *str) { | |||
| 421 | 421 | ||
| 422 | void check_unsigned(const char *str, const char *msg) { | 422 | void check_unsigned(const char *str, const char *msg) { |
| 423 | EUID_ASSERT(); | 423 | EUID_ASSERT(); |
| 424 | |||
| 425 | int rv = 0; | 424 | int rv = 0; |
| 426 | const char *ptr = str; | 425 | const char *ptr = str; |
| 427 | while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0') { | 426 | while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0') { |