aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorLibravatar Aleksey Manevich <manevich.aleksey@gmail.com>2016-08-29 23:31:57 +0300
committerLibravatar Aleksey Manevich <manevich.aleksey@gmail.com>2016-08-29 23:31:57 +0300
commit18a1ae6609c556aa433dc62fc5cd8685d2d612ea (patch)
tree9e26767ed777a8575abb9c5d7358e89464cf9e57 /src
parentMerge pull request #751 from reinerh/master (diff)
downloadfirejail-18a1ae6609c556aa433dc62fc5cd8685d2d612ea.tar.gz
firejail-18a1ae6609c556aa433dc62fc5cd8685d2d612ea.tar.zst
firejail-18a1ae6609c556aa433dc62fc5cd8685d2d612ea.zip
fix umask problem
Diffstat (limited to 'src')
-rw-r--r--src/firejail/appimage.c2
-rw-r--r--src/firejail/fs.c8
-rw-r--r--src/firejail/fs_bin.c2
-rw-r--r--src/firejail/fs_dev.c10
-rw-r--r--src/firejail/fs_etc.c2
5 files changed, 24 insertions, 0 deletions
diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c
index 513a5a8a2..eb90a39dd 100644
--- a/src/firejail/appimage.c
+++ b/src/firejail/appimage.c
@@ -81,6 +81,8 @@ void appimage_set(const char *appimage_path) {
81 fprintf(stderr, "Error: cannot create temporary directory\n"); 81 fprintf(stderr, "Error: cannot create temporary directory\n");
82 exit(1); 82 exit(1);
83 } 83 }
84 if (chmod(mntdir, 0700) == -1)
85 errExit("chmod");
84 ASSERT_PERMS(mntdir, getuid(), getgid(), 0700); 86 ASSERT_PERMS(mntdir, getuid(), getgid(), 0700);
85 87
86 char *mode; 88 char *mode;
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 855ebad7b..e38f128ea 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -36,6 +36,8 @@ static void create_dir_as_root(const char *dir, mode_t mode) {
36 36
37 if (mkdir(dir, mode) == -1) 37 if (mkdir(dir, mode) == -1)
38 errExit("mkdir"); 38 errExit("mkdir");
39 if (chmod(dir, mode) == -1)
40 errExit("chmod");
39 41
40 ASSERT_PERMS(dir, 0, 0, mode); 42 ASSERT_PERMS(dir, 0, 0, mode);
41} 43}
@@ -47,6 +49,8 @@ static void create_empty_dir(void) {
47 /* coverity[toctou] */ 49 /* coverity[toctou] */
48 if (mkdir(RUN_RO_DIR, S_IRUSR | S_IXUSR) == -1) 50 if (mkdir(RUN_RO_DIR, S_IRUSR | S_IXUSR) == -1)
49 errExit("mkdir"); 51 errExit("mkdir");
52 if (chmod(RUN_RO_DIR, S_IRUSR | S_IXUSR) == -1)
53 errExit("chmod");
50 ASSERT_PERMS(RUN_RO_DIR, 0, 0, S_IRUSR | S_IXUSR); 54 ASSERT_PERMS(RUN_RO_DIR, 0, 0, S_IRUSR | S_IXUSR);
51 } 55 }
52} 56}
@@ -772,6 +776,8 @@ char *fs_check_overlay_dir(const char *subdirname, int allow_reuse) {
772 /* coverity[toctou] */ 776 /* coverity[toctou] */
773 if (mkdir(dirname, 0700)) 777 if (mkdir(dirname, 0700))
774 errExit("mkdir"); 778 errExit("mkdir");
779 if (chmod(dirname, 0700) == -1)
780 errExit("chmod");
775 ASSERT_PERMS(dirname, getuid(), getgid(), 0700); 781 ASSERT_PERMS(dirname, getuid(), getgid(), 0700);
776 } 782 }
777 else if (is_link(dirname)) { 783 else if (is_link(dirname)) {
@@ -859,6 +865,8 @@ void fs_overlayfs(void) {
859 errExit("asprintf"); 865 errExit("asprintf");
860 if (mkdir(oroot, 0755)) 866 if (mkdir(oroot, 0755))
861 errExit("mkdir"); 867 errExit("mkdir");
868 if (chmod(oroot, 0755) == -1)
869 errExit("chmod");
862 ASSERT_PERMS(oroot, 0, 0, 0755); 870 ASSERT_PERMS(oroot, 0, 0, 0755);
863 871
864 struct stat s; 872 struct stat s;
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c
index b9d8614d4..6c4db57b4 100644
--- a/src/firejail/fs_bin.c
+++ b/src/firejail/fs_bin.c
@@ -205,6 +205,8 @@ void fs_private_bin_list(void) {
205 fs_build_mnt_dir(); 205 fs_build_mnt_dir();
206 if (mkdir(RUN_BIN_DIR, 0755) == -1) 206 if (mkdir(RUN_BIN_DIR, 0755) == -1)
207 errExit("mkdir"); 207 errExit("mkdir");
208 if (chmod(RUN_BIN_DIR, 0755) == -1)
209 errExit("chmod");
208 ASSERT_PERMS(RUN_BIN_DIR, 0, 0, 0755); 210 ASSERT_PERMS(RUN_BIN_DIR, 0, 0, 0755);
209 211
210 // copy the list of files in the new etc directory 212 // copy the list of files in the new etc directory
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c
index 701183ee1..363d3e484 100644
--- a/src/firejail/fs_dev.c
+++ b/src/firejail/fs_dev.c
@@ -75,6 +75,8 @@ void fs_private_dev(void){
75 if (have_dri) { 75 if (have_dri) {
76 if (mkdir(RUN_DRI_DIR, 0755) == -1) 76 if (mkdir(RUN_DRI_DIR, 0755) == -1)
77 errExit("mkdir"); 77 errExit("mkdir");
78 if (chmod(RUN_DRI_DIR, 0755) == -1)
79 errExit("chmod");
78 ASSERT_PERMS(RUN_DRI_DIR, 0, 0, 0755); 80 ASSERT_PERMS(RUN_DRI_DIR, 0, 0, 0755);
79 81
80 // keep a copy of /dev/dri under DRI_DIR 82 // keep a copy of /dev/dri under DRI_DIR
@@ -86,6 +88,8 @@ void fs_private_dev(void){
86 if (have_snd) { 88 if (have_snd) {
87 if (mkdir(RUN_SND_DIR, 0755) == -1) 89 if (mkdir(RUN_SND_DIR, 0755) == -1)
88 errExit("mkdir"); 90 errExit("mkdir");
91 if (chmod(RUN_SND_DIR, 0755) == -1)
92 errExit("chmod");
89 ASSERT_PERMS(RUN_SND_DIR, 0, 0, 0755); 93 ASSERT_PERMS(RUN_SND_DIR, 0, 0, 0755);
90 94
91 // keep a copy of /dev/dri under DRI_DIR 95 // keep a copy of /dev/dri under DRI_DIR
@@ -130,6 +134,8 @@ void fs_private_dev(void){
130 /* coverity[toctou] */ 134 /* coverity[toctou] */
131 if (mkdir("/dev/snd", 0755) == -1) 135 if (mkdir("/dev/snd", 0755) == -1)
132 errExit("mkdir"); 136 errExit("mkdir");
137 if (chmod("/dev/snd", 0755) == -1)
138 errExit("chmod");
133 ASSERT_PERMS("/dev/snd", 0, 0, 0755); 139 ASSERT_PERMS("/dev/snd", 0, 0, 0755);
134 if (mount(RUN_SND_DIR, "/dev/snd", NULL, MS_BIND|MS_REC, NULL) < 0) 140 if (mount(RUN_SND_DIR, "/dev/snd", NULL, MS_BIND|MS_REC, NULL) < 0)
135 errExit("mounting /dev/snd"); 141 errExit("mounting /dev/snd");
@@ -140,6 +146,8 @@ void fs_private_dev(void){
140 if (have_dri) { 146 if (have_dri) {
141 if (mkdir("/dev/dri", 0755) == -1) 147 if (mkdir("/dev/dri", 0755) == -1)
142 errExit("mkdir"); 148 errExit("mkdir");
149 if (chmod("/dev/dri", 0755) == -1)
150 errExit("chmod");
143 ASSERT_PERMS("/dev/dri", 0, 0, 0755); 151 ASSERT_PERMS("/dev/dri", 0, 0, 0755);
144 if (mount(RUN_DRI_DIR, "/dev/dri", NULL, MS_BIND|MS_REC, NULL) < 0) 152 if (mount(RUN_DRI_DIR, "/dev/dri", NULL, MS_BIND|MS_REC, NULL) < 0)
145 errExit("mounting /dev/dri"); 153 errExit("mounting /dev/dri");
@@ -178,6 +186,8 @@ void fs_private_dev(void){
178 // pseudo-terminal 186 // pseudo-terminal
179 if (mkdir("/dev/pts", 0755) == -1) 187 if (mkdir("/dev/pts", 0755) == -1)
180 errExit("mkdir"); 188 errExit("mkdir");
189 if (chmod("/dev/pts", 0755) == -1)
190 errExit("chmod");
181 ASSERT_PERMS("/dev/pts", 0, 0, 0755); 191 ASSERT_PERMS("/dev/pts", 0, 0, 0755);
182 fs_logger("mkdir /dev/pts"); 192 fs_logger("mkdir /dev/pts");
183 create_char_dev("/dev/pts/ptmx", 0666, 5, 2); //"mknod -m 666 /dev/pts/ptmx c 5 2"); 193 create_char_dev("/dev/pts/ptmx", 0666, 5, 2); //"mknod -m 666 /dev/pts/ptmx c 5 2");
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c
index d5b348ee2..e860bc173 100644
--- a/src/firejail/fs_etc.c
+++ b/src/firejail/fs_etc.c
@@ -132,6 +132,8 @@ void fs_private_etc_list(void) {
132 fs_build_mnt_dir(); 132 fs_build_mnt_dir();
133 if (mkdir(RUN_ETC_DIR, 0755) == -1) 133 if (mkdir(RUN_ETC_DIR, 0755) == -1)
134 errExit("mkdir"); 134 errExit("mkdir");
135 if (chmod(RUN_ETC_DIR, 0755) == -1)
136 errExit("chmod");
135 ASSERT_PERMS(RUN_ETC_DIR, 0, 0, 0755); 137 ASSERT_PERMS(RUN_ETC_DIR, 0, 0, 0755);
136 fs_logger("tmpfs /etc"); 138 fs_logger("tmpfs /etc");
137 139
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-19 14:17:42 +0000