diff options
author | smitsohu <smitsohu@gmail.com> | 2020-08-27 22:38:34 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2020-08-27 22:38:34 +0200 |
commit | 340884af15e1908f85c3532d89529536a4f465b5 (patch) | |
tree | c839c2b80af9f77e01b643a70c84026eb8b5d8a2 /src | |
parent | improve copy_file (diff) | |
download | firejail-340884af15e1908f85c3532d89529536a4f465b5.tar.gz firejail-340884af15e1908f85c3532d89529536a4f465b5.tar.zst firejail-340884af15e1908f85c3532d89529536a4f465b5.zip |
mask writable pulseaudio runtime dir
... and don't fail hard without need if there is a FUSE mount
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/pulseaudio.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c index b4df78dda..2c360f297 100644 --- a/src/firejail/pulseaudio.c +++ b/src/firejail/pulseaudio.c | |||
@@ -23,6 +23,7 @@ | |||
23 | #include <sys/statvfs.h> | 23 | #include <sys/statvfs.h> |
24 | #include <sys/mount.h> | 24 | #include <sys/mount.h> |
25 | #include <dirent.h> | 25 | #include <dirent.h> |
26 | #include <errno.h> | ||
26 | #include <sys/wait.h> | 27 | #include <sys/wait.h> |
27 | 28 | ||
28 | #include <fcntl.h> | 29 | #include <fcntl.h> |
@@ -133,8 +134,13 @@ void pulseaudio_init(void) { | |||
133 | goto out; | 134 | goto out; |
134 | } | 135 | } |
135 | // confirm the actual mount destination is owned by the user | 136 | // confirm the actual mount destination is owned by the user |
136 | if (fstat(fd, &s) == -1) | 137 | if (fstat(fd, &s) == -1) { // FUSE |
137 | errExit("fstat"); | 138 | if (errno != EACCES) |
139 | errExit("fstat"); | ||
140 | close(fd); | ||
141 | pulseaudio_set_environment(pulsecfg); | ||
142 | goto out; | ||
143 | } | ||
138 | if (s.st_uid != getuid()) { | 144 | if (s.st_uid != getuid()) { |
139 | close(fd); | 145 | close(fd); |
140 | pulseaudio_set_environment(pulsecfg); | 146 | pulseaudio_set_environment(pulsecfg); |
@@ -169,6 +175,11 @@ void pulseaudio_init(void) { | |||
169 | pulseaudio_set_environment(p); | 175 | pulseaudio_set_environment(p); |
170 | free(p); | 176 | free(p); |
171 | 177 | ||
178 | // RUN_PULSE_DIR not needed anymore, mask it | ||
179 | if (mount("tmpfs", RUN_PULSE_DIR, "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME, "mode=755,gid=0") < 0) | ||
180 | errExit("mount pulseaudio"); | ||
181 | fs_logger2("tmpfs", RUN_PULSE_DIR); | ||
182 | |||
172 | out: | 183 | out: |
173 | free(pulsecfg); | 184 | free(pulsecfg); |
174 | free(homeusercfg); | 185 | free(homeusercfg); |