diff options
author | netblue30 <netblue30@yahoo.com> | 2015-11-25 08:35:25 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-11-25 08:35:25 -0500 |
commit | a91649ccf77c2fa20206759ef986aa9967e38ea6 (patch) | |
tree | a82921724f471bf646e50ce365986f0e7bb847db /src | |
parent | fixes (diff) | |
download | firejail-a91649ccf77c2fa20206759ef986aa9967e38ea6.tar.gz firejail-a91649ccf77c2fa20206759ef986aa9967e38ea6.tar.zst firejail-a91649ccf77c2fa20206759ef986aa9967e38ea6.zip |
fixes
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/fs_bin.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_home.c | 11 | ||||
-rw-r--r-- | src/firejail/fs_whitelist.c | 2 | ||||
-rw-r--r-- | src/firejail/restrict_users.c | 2 | ||||
-rw-r--r-- | src/firejail/util.c | 34 |
6 files changed, 45 insertions, 7 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 3ede58df6..a364de75f 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -322,6 +322,7 @@ int net_move_interface(const char *dev, unsigned pid); | |||
322 | 322 | ||
323 | // util.c | 323 | // util.c |
324 | void drop_privs(int nogroups); | 324 | void drop_privs(int nogroups); |
325 | int mkpath_as_root(const char* path); | ||
325 | void extract_command_name(const char *str); | 326 | void extract_command_name(const char *str); |
326 | void logsignal(int s); | 327 | void logsignal(int s); |
327 | void logmsg(const char *msg); | 328 | void logmsg(const char *msg); |
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c index 38b9b06ca..946c75d30 100644 --- a/src/firejail/fs_bin.c +++ b/src/firejail/fs_bin.c | |||
@@ -55,7 +55,7 @@ static char *check_dir_or_file(const char *name) { | |||
55 | } | 55 | } |
56 | 56 | ||
57 | if (!fname) { | 57 | if (!fname) { |
58 | fprintf(stderr, "Warning: file %s not found\n", name); | 58 | // fprintf(stderr, "Warning: file %s not found\n", name); |
59 | return NULL; | 59 | return NULL; |
60 | } | 60 | } |
61 | 61 | ||
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 23f036bd7..ca9f7b472 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -233,9 +233,12 @@ void fs_private(void) { | |||
233 | // create /home/user | 233 | // create /home/user |
234 | if (arg_debug) | 234 | if (arg_debug) |
235 | printf("Create a new user directory\n"); | 235 | printf("Create a new user directory\n"); |
236 | int rv = mkdir(homedir, S_IRWXU); | 236 | if (mkdir(homedir, S_IRWXU) == -1) { |
237 | if (rv == -1) | 237 | if (mkpath_as_root(homedir) == -1) |
238 | errExit("mkdir"); | 238 | errExit("mkpath"); |
239 | if (mkdir(homedir, S_IRWXU) == -1) | ||
240 | errExit("mkdir"); | ||
241 | } | ||
239 | if (chown(homedir, u, g) < 0) | 242 | if (chown(homedir, u, g) < 0) |
240 | errExit("chown"); | 243 | errExit("chown"); |
241 | } | 244 | } |
@@ -346,7 +349,7 @@ void fs_check_private_dir(void) { | |||
346 | exit(1); | 349 | exit(1); |
347 | } | 350 | } |
348 | if (s1.st_uid != s2.st_uid) { | 351 | if (s1.st_uid != s2.st_uid) { |
349 | printf("Error: the two home directories must have the same owner\n"); | 352 | printf("Error: --private directory should be owned by the current user\n"); |
350 | exit(1); | 353 | exit(1); |
351 | } | 354 | } |
352 | } | 355 | } |
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index a38539078..d018554d5 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -75,7 +75,7 @@ static void whitelist_path(ProfileEntry *entry) { | |||
75 | assert(path); | 75 | assert(path); |
76 | const char *fname; | 76 | const char *fname; |
77 | char *wfile = NULL; | 77 | char *wfile = NULL; |
78 | 78 | ||
79 | if (entry->home_dir) { | 79 | if (entry->home_dir) { |
80 | fname = path + strlen(cfg.homedir); | 80 | fname = path + strlen(cfg.homedir); |
81 | if (*fname == '\0') { | 81 | if (*fname == '\0') { |
diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c index 4930dd1ea..50a9a9b89 100644 --- a/src/firejail/restrict_users.c +++ b/src/firejail/restrict_users.c | |||
@@ -120,7 +120,7 @@ static void sanitize_home(void) { | |||
120 | 120 | ||
121 | // create user home directory | 121 | // create user home directory |
122 | if (mkdir(cfg.homedir, 0755) == -1) { | 122 | if (mkdir(cfg.homedir, 0755) == -1) { |
123 | if (mkpath(cfg.homedir)) | 123 | if (mkpath_as_root(cfg.homedir)) |
124 | errExit("mkpath"); | 124 | errExit("mkpath"); |
125 | if (mkdir(cfg.homedir, 0755) == -1) | 125 | if (mkdir(cfg.homedir, 0755) == -1) |
126 | errExit("mkdir"); | 126 | errExit("mkdir"); |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 89d0697fd..880e45465 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -75,6 +75,40 @@ void drop_privs(int nogroups) { | |||
75 | } | 75 | } |
76 | 76 | ||
77 | 77 | ||
78 | int mkpath_as_root(const char* path) { | ||
79 | assert(path && *path); | ||
80 | |||
81 | // work on a copy of the path | ||
82 | char *file_path = strdup(path); | ||
83 | if (!file_path) | ||
84 | errExit("strdup"); | ||
85 | |||
86 | char* p; | ||
87 | for (p=strchr(file_path+1, '/'); p; p=strchr(p+1, '/')) { | ||
88 | *p='\0'; | ||
89 | if (mkdir(file_path, 0755)==-1) { | ||
90 | if (errno != EEXIST) { | ||
91 | *p='/'; | ||
92 | free(file_path); | ||
93 | return -1; | ||
94 | } | ||
95 | } | ||
96 | else { | ||
97 | if (chmod(file_path, 0755) == -1) | ||
98 | errExit("chmod"); | ||
99 | if (chown(file_path, 0, 0) == -1) | ||
100 | errExit("chown"); | ||
101 | } | ||
102 | |||
103 | *p='/'; | ||
104 | } | ||
105 | |||
106 | free(file_path); | ||
107 | return 0; | ||
108 | } | ||
109 | |||
110 | |||
111 | |||
78 | void logsignal(int s) { | 112 | void logsignal(int s) { |
79 | if (!arg_debug) | 113 | if (!arg_debug) |
80 | return; | 114 | return; |