--private-bin fixes

author: netblue30 <netblue30@yahoo.com> 2016-04-12 13:22:39 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-04-12 13:22:39 -0400
commit: 75b80b445d01ee34f105ff0d8a47d1b09f2c7898 (patch)
tree: 49486c97863659112979a4fab4fbcb3646c0cd19 /src
parent: Merge pull request #427 from avoidr/paths_fix (diff)
download: firejail-75b80b445d01ee34f105ff0d8a47d1b09f2c7898.tar.gz
firejail-75b80b445d01ee34f105ff0d8a47d1b09f2c7898.tar.zst
firejail-75b80b445d01ee34f105ff0d8a47d1b09f2c7898.zip
3 files changed, 26 insertions, 16 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index b4eb708d8..b3fafa0c2 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -506,7 +506,7 @@ void fs_blacklist(void) {
                        if (strncmp(ptr, "${PATH}", 7) == 0) {
                                char *fname = ptr + 7;
                                size_t fname_len = strlen(fname);
-                                char **paths = build_paths(); //{"/usr/local/bin", "/bin", "/usr/bin/", "/sbin", "/usr/sbin", NULL};
+                                char **paths = build_paths(); //{"/usr/local/bin", "/usr/local/sbin", "/bin", "/usr/bin/", "/sbin", "/usr/sbin", NULL};
                                int i = 0;
                                while (paths[i] != NULL) {
                                        char *path = paths[i];
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c
index 87d63c6e6..c3d24aaac 100644
--- a/src/firejail/fs_bin.c
+++ b/src/firejail/fs_bin.c
@@ -26,10 +26,11 @@
 static char *paths[] = {
        "/usr/local/bin",
-        "/bin",
        "/usr/bin",
-        "/sbin",
+        "/bin",
+        "/usr/local/sbin",
        "/usr/sbin",
+        "/sbin",
        NULL
 };
@@ -173,6 +174,7 @@ void fs_private_bin_list(void) {
        
        // check bin paths
        int i = 0;
+#if 0
        while (paths[i]) {
                struct stat s;
                if (stat(paths[i], &s) == -1) {
@@ -181,6 +183,7 @@ void fs_private_bin_list(void) {
                }
                i++;
        }
+#endif
        // create /tmp/firejail/mnt/bin directory
        fs_build_mnt_dir();
@@ -230,12 +233,15 @@ void fs_private_bin_list(void) {
        // mount-bind
        i = 0;
        while (paths[i]) {
-                if (arg_debug)
+                struct stat s;
-                        printf("Mount-bind %s on top of %s\n", RUN_BIN_DIR, paths[i]);
+                if (stat(paths[i], &s) == 0) {
-                if (mount(RUN_BIN_DIR, paths[i], NULL, MS_BIND|MS_REC, NULL) < 0)
+                        if (arg_debug)
-                        errExit("mount bind");
+                                printf("Mount-bind %s on top of %s\n", RUN_BIN_DIR, paths[i]);
-                fs_logger2("tmpfs", paths[i]);
+                        if (mount(RUN_BIN_DIR, paths[i], NULL, MS_BIND|MS_REC, NULL) < 0)
-                fs_logger2("mount", paths[i]);
+                                errExit("mount bind");
+                        fs_logger2("tmpfs", paths[i]);
+                        fs_logger2("mount", paths[i]);
+                }
                i++;
        }
        
@@ -249,11 +255,14 @@ void fs_private_bin_list(void) {
        while (ptr) {
                i = 0;
                while (paths[i]) {
-                        char *fname;
+                        struct stat s;
-                        if (asprintf(&fname, "%s/%s", paths[i], ptr) == -1)
+                        if (stat(paths[i], &s) == 0) {
-                                errExit("asprintf");
+                                char *fname;
-                        fs_logger2("clone", fname);
+                                if (asprintf(&fname, "%s/%s", paths[i], ptr) == -1)
-                        free(fname);
+                                        errExit("asprintf");
+                                fs_logger2("clone", fname);
+                                free(fname);
+                        }
                        i++;
                }
                ptr = strtok(NULL, ",");
diff --git a/src/firejail/paths.c b/src/firejail/paths.c
index 74b8dfe55..97a1d5a98 100644
--- a/src/firejail/paths.c
+++ b/src/firejail/paths.c
@@ -76,10 +76,11 @@ char **build_paths(void) {
                // add default paths
                add_path("/usr/local/bin");
-                add_path("/bin");
                add_path("/usr/bin");
-                add_path("/sbin");
+                add_path("/bin");
+                add_path("/usr/local/sbin");
                add_path("/usr/sbin");
+                add_path("/sbin");
                path2 = strdup(path1);
                if (!path2)
author	netblue30 <netblue30@yahoo.com>	2016-04-12 13:22:39 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-04-12 13:22:39 -0400
commit	75b80b445d01ee34f105ff0d8a47d1b09f2c7898 (patch)
tree	49486c97863659112979a4fab4fbcb3646c0cd19 /src
parent	Merge pull request #427 from avoidr/paths_fix (diff)
download	firejail-75b80b445d01ee34f105ff0d8a47d1b09f2c7898.tar.gz firejail-75b80b445d01ee34f105ff0d8a47d1b09f2c7898.tar.zst firejail-75b80b445d01ee34f105ff0d8a47d1b09f2c7898.zip