overlayfs fix for home directories mounted on a different partition

author: netblue30 <netblue30@yahoo.com> 2016-03-10 07:13:57 -0500
committer: netblue30 <netblue30@yahoo.com> 2016-03-10 07:13:57 -0500
commit: e8be433033945aeff9dcb8424b6a4b9fc7387557 (patch)
tree: 9bdbd19f360c14e4037cfe8ae8b9ec3c8b955077 /src
parent: overlay fix (diff)
download: firejail-e8be433033945aeff9dcb8424b6a4b9fc7387557.tar.gz
firejail-e8be433033945aeff9dcb8424b6a4b9fc7387557.tar.zst
firejail-e8be433033945aeff9dcb8424b6a4b9fc7387557.zip
1 files changed, 59 insertions, 1 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 61f9175db..acee0ba1d 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -859,9 +859,67 @@ void fs_overlayfs(void) {
        else { // kernel 3.18 or newer
                if (asprintf(&option, "lowerdir=/,upperdir=%s,workdir=%s", odiff, owork) == -1)
                        errExit("asprintf");
-//printf("option #%s#\n", option);                      
                if (mount("overlay", oroot, "overlay", MS_MGC_VAL, option) < 0)
                        errExit("mounting overlayfs");
+                        
+                //***************************
+                // issue #263 start code
+                // My setup has a separate mount point for /home. When the overlay is mounted,
+                // the overlay does not contain the original /home contents. 
+                // I added code to create a second overlay for /home if the overlay home dir is empty and this seems to work
+                // @dshmgh, Jan 2016
+                {
+                        char *overlayhome;
+                        struct stat s;
+                        char *hroot;
+                        char *hdiff;
+                        char *hwork;
+                
+                        // dons add debug
+                        if (arg_debug) printf ("DEBUG: chroot dirs are oroot %s  odiff %s  owork %s\n",oroot,odiff,owork);
+                
+                        // BEFORE NEXT, WE NEED TO TEST IF /home has any contents or do we need to mount it?
+                        // must create var for oroot/cfg.homedir
+                        if (asprintf(&overlayhome,"%s%s",oroot,cfg.homedir) == -1)
+                                errExit("asprintf");
+                        if (arg_debug) printf ("DEBUG: overlayhome var holds ##%s##\n",overlayhome);
+                
+                        // if no homedir in overlay -- create another overlay for /home
+                        if (stat(overlayhome, &s) == -1) {
+                
+                                if(asprintf(&hroot, "%s/oroot/home", RUN_MNT_DIR) == -1)
+                                        errExit("asprintf");
+                
+                                if(asprintf(&hdiff, "%s/hdiff", basedir) == -1)
+                                        errExit("asprintf");
+                                if (mkdir(hdiff, S_IRWXU | S_IRWXG | S_IRWXO))
+                                        errExit("mkdir");
+                                if (chown(hdiff, 0, 0) < 0)
+                                        errExit("chown");
+                                if (chmod(hdiff, S_IRWXU  | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) < 0)
+                                        errExit("chmod");
+                
+                                if(asprintf(&hwork, "%s/hwork", basedir) == -1)
+                                        errExit("asprintf");
+                                if (mkdir(hwork, S_IRWXU | S_IRWXG | S_IRWXO))
+                                        errExit("mkdir");
+                                if (chown(hwork, 0, 0) < 0)
+                                        errExit("chown");
+                                if (chmod(hwork, S_IRWXU  | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) < 0)
+                                        errExit("chmod");
+                
+                                // no homedir in overlay so now mount another overlay for /home
+                                if (asprintf(&option, "lowerdir=/home,upperdir=%s,workdir=%s", hdiff, hwork) == -1)
+                                        errExit("asprintf");
+                                if (mount("overlay", hroot, "overlay", MS_MGC_VAL, option) < 0)
+                                        errExit("mounting overlayfs for mounted home directory");
+                
+                                printf("OverlayFS for /home configured in %s directory\n", basedir);
+                        } // stat(overlayhome)
+                        free(overlayhome);
+                }
+                // issue #263 end code
+                //***************************
        }
        printf("OverlayFS configured in %s directory\n", basedir);
author	netblue30 <netblue30@yahoo.com>	2016-03-10 07:13:57 -0500
committer	netblue30 <netblue30@yahoo.com>	2016-03-10 07:13:57 -0500
commit	e8be433033945aeff9dcb8424b6a4b9fc7387557 (patch)
tree	9bdbd19f360c14e4037cfe8ae8b9ec3c8b955077 /src
parent	overlay fix (diff)
download	firejail-e8be433033945aeff9dcb8424b6a4b9fc7387557.tar.gz firejail-e8be433033945aeff9dcb8424b6a4b9fc7387557.tar.zst firejail-e8be433033945aeff9dcb8424b6a4b9fc7387557.zip

diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 61f9175db..acee0ba1d 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c
@@ -859,9 +859,67 @@ void fs_overlayfs(void) {
859	else { // kernel 3.18 or newer	859	else { // kernel 3.18 or newer
860	if (asprintf(&option, "lowerdir=/,upperdir=%s,workdir=%s", odiff, owork) == -1)	860	if (asprintf(&option, "lowerdir=/,upperdir=%s,workdir=%s", odiff, owork) == -1)
861	errExit("asprintf");	861	errExit("asprintf");
862	//printf("option #%s#\n", option);
863	if (mount("overlay", oroot, "overlay", MS_MGC_VAL, option) < 0)	862	if (mount("overlay", oroot, "overlay", MS_MGC_VAL, option) < 0)
864	errExit("mounting overlayfs");	863	errExit("mounting overlayfs");
		864
		865	//***************************
		866	// issue #263 start code
		867	// My setup has a separate mount point for /home. When the overlay is mounted,
		868	// the overlay does not contain the original /home contents.
		869	// I added code to create a second overlay for /home if the overlay home dir is empty and this seems to work
		870	// @dshmgh, Jan 2016
		871	{
		872	char *overlayhome;
		873	struct stat s;
		874	char *hroot;
		875	char *hdiff;
		876	char *hwork;
		877
		878	// dons add debug
		879	if (arg_debug) printf ("DEBUG: chroot dirs are oroot %s odiff %s owork %s\n",oroot,odiff,owork);
		880
		881	// BEFORE NEXT, WE NEED TO TEST IF /home has any contents or do we need to mount it?
		882	// must create var for oroot/cfg.homedir
		883	if (asprintf(&overlayhome,"%s%s",oroot,cfg.homedir) == -1)
		884	errExit("asprintf");
		885	if (arg_debug) printf ("DEBUG: overlayhome var holds ##%s##\n",overlayhome);
		886
		887	// if no homedir in overlay -- create another overlay for /home
		888	if (stat(overlayhome, &s) == -1) {
		889
		890	if(asprintf(&hroot, "%s/oroot/home", RUN_MNT_DIR) == -1)
		891	errExit("asprintf");
		892
		893	if(asprintf(&hdiff, "%s/hdiff", basedir) == -1)
		894	errExit("asprintf");
		895	if (mkdir(hdiff, S_IRWXU \| S_IRWXG \| S_IRWXO))
		896	errExit("mkdir");
		897	if (chown(hdiff, 0, 0) < 0)
		898	errExit("chown");
		899	if (chmod(hdiff, S_IRWXU \| S_IRGRP \| S_IXGRP \| S_IROTH \| S_IXOTH) < 0)
		900	errExit("chmod");
		901
		902	if(asprintf(&hwork, "%s/hwork", basedir) == -1)
		903	errExit("asprintf");
		904	if (mkdir(hwork, S_IRWXU \| S_IRWXG \| S_IRWXO))
		905	errExit("mkdir");
		906	if (chown(hwork, 0, 0) < 0)
		907	errExit("chown");
		908	if (chmod(hwork, S_IRWXU \| S_IRGRP \| S_IXGRP \| S_IROTH \| S_IXOTH) < 0)
		909	errExit("chmod");
		910
		911	// no homedir in overlay so now mount another overlay for /home
		912	if (asprintf(&option, "lowerdir=/home,upperdir=%s,workdir=%s", hdiff, hwork) == -1)
		913	errExit("asprintf");
		914	if (mount("overlay", hroot, "overlay", MS_MGC_VAL, option) < 0)
		915	errExit("mounting overlayfs for mounted home directory");
		916
		917	printf("OverlayFS for /home configured in %s directory\n", basedir);
		918	} // stat(overlayhome)
		919	free(overlayhome);
		920	}
		921	// issue #263 end code
		922	//***************************
865	}	923	}
866	printf("OverlayFS configured in %s directory\n", basedir);	924	printf("OverlayFS configured in %s directory\n", basedir);
867		925