Allow recursive mkdir (Closes #305)

author: Reiner Herrmann <reiner@reiner-h.de> 2016-07-30 17:58:25 +0200
committer: Reiner Herrmann <reiner@reiner-h.de> 2016-07-30 17:58:45 +0200
commit: 0657c20377d6f8d80f143e9c6a336601c8bbd2e2 (patch)
tree: 9a64c53de121fb14f64cc0db850fd8397883776b /src
parent: fixes (diff)
download: firejail-0657c20377d6f8d80f143e9c6a336601c8bbd2e2.tar.gz
firejail-0657c20377d6f8d80f143e9c6a336601c8bbd2e2.tar.zst
firejail-0657c20377d6f8d80f143e9c6a336601c8bbd2e2.zip
2 files changed, 36 insertions, 11 deletions
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c
index 50bcc613b..5bc2df2cc 100644
--- a/src/firejail/fs_mkdir.c
+++ b/src/firejail/fs_mkdir.c
@@ -22,8 +22,38 @@
 #include <sys/stat.h>
 #include <unistd.h>
 #include <grp.h>
- #include <sys/wait.h>
+#include <sys/wait.h>
- 
+#include <string.h>
+static void mkdir_recursive(char *path) {
+        char *subdir = NULL;
+        struct stat s;
+        if (chdir("/")) {
+                fprintf(stderr, "Error: can't chdir to /");
+                return;
+        }
+        subdir = strtok(path, "/");
+        while(subdir) {
+                if (stat(subdir, &s) == -1) {
+                        if (mkdir(subdir, 0700) == -1) {
+                                fprintf(stderr, "Warning: cannot create %s directory\n", subdir);
+                                return;
+                        }
+                } else if (!S_ISDIR(s.st_mode)) {
+                        fprintf(stderr, "Warning: '%s' exists, but is no directory\n", subdir);
+                        return;
+                }
+                if (chdir(subdir)) {
+                        fprintf(stderr, "Error: can't chdir to %s", subdir);
+                        return;
+                }
+                subdir = strtok(NULL, "/");
+        }
+}
 void fs_mkdir(const char *name) {
        EUID_ASSERT();
        
@@ -50,8 +80,7 @@ void fs_mkdir(const char *name) {
                drop_privs(0);
                // create directory
-                if (mkdir(expanded, 0700) == -1)
+                mkdir_recursive(expanded);
-                        fprintf(stderr, "Warning: cannot create %s directory\n", expanded);
                exit(0);
        }
        // wait for the child to finish
@@ -101,4 +130,4 @@ void fs_mkfile(const char *name) {
 doexit:
        free(expanded);
-}
-\ No newline at end of file
+}
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 504842a9e..7e33a6b45 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -136,7 +136,7 @@ The directory is created if it doesn't already exist.
 .br
 Use this command for whitelisted directories you need to preserve
 when the sandbox is closed. Without it, the application will create the directory, and the directory
-will be deleted when the sandbox is closed. Subdirectories also need to be created using mkdir. Example from
+will be deleted when the sandbox is closed. Subdirectories are recursively created. Example from
 firefox profile:
 .br
@@ -145,17 +145,13 @@ mkdir ~/.mozilla
 .br
 whitelist ~/.mozilla
 .br
-mkdir ~/.cache
-.br
-mkdir ~/.cache/mozilla
-.br
 mkdir ~/.cache/mozilla/firefox
 .br
 whitelist ~/.cache/mozilla/firefox
 .TP
 \fBmkfile file
 Similar to mkdir, this command creates a file in user home before the sandbox is started.
-The file is created if it doesn't already exist.
+The file is created if it doesn't already exist, but it's target directory has to exist.
 .TP
 \fBnoexec file_or_directory
 Remount the file or the directory noexec, nodev and nosuid.
author	Reiner Herrmann <reiner@reiner-h.de>	2016-07-30 17:58:25 +0200
committer	Reiner Herrmann <reiner@reiner-h.de>	2016-07-30 17:58:45 +0200
commit	0657c20377d6f8d80f143e9c6a336601c8bbd2e2 (patch)
tree	9a64c53de121fb14f64cc0db850fd8397883776b /src
parent	fixes (diff)
download	firejail-0657c20377d6f8d80f143e9c6a336601c8bbd2e2.tar.gz firejail-0657c20377d6f8d80f143e9c6a336601c8bbd2e2.tar.zst firejail-0657c20377d6f8d80f143e9c6a336601c8bbd2e2.zip

diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c index 50bcc613b..5bc2df2cc 100644 --- a/src/firejail/fs_mkdir.c +++ b/src/firejail/fs_mkdir.c
@@ -22,8 +22,38 @@
22	#include <sys/stat.h>	22	#include <sys/stat.h>
23	#include <unistd.h>	23	#include <unistd.h>
24	#include <grp.h>	24	#include <grp.h>
25	#include <sys/wait.h>	25	#include <sys/wait.h>
26		26	#include <string.h>
		27
		28	static void mkdir_recursive(char *path) {
		29	char *subdir = NULL;
		30	struct stat s;
		31
		32	if (chdir("/")) {
		33	fprintf(stderr, "Error: can't chdir to /");
		34	return;
		35	}
		36
		37	subdir = strtok(path, "/");
		38	while(subdir) {
		39	if (stat(subdir, &s) == -1) {
		40	if (mkdir(subdir, 0700) == -1) {
		41	fprintf(stderr, "Warning: cannot create %s directory\n", subdir);
		42	return;
		43	}
		44	} else if (!S_ISDIR(s.st_mode)) {
		45	fprintf(stderr, "Warning: '%s' exists, but is no directory\n", subdir);
		46	return;
		47	}
		48	if (chdir(subdir)) {
		49	fprintf(stderr, "Error: can't chdir to %s", subdir);
		50	return;
		51	}
		52
		53	subdir = strtok(NULL, "/");
		54	}
		55	}
		56
27	void fs_mkdir(const char *name) {	57	void fs_mkdir(const char *name) {
28	EUID_ASSERT();	58	EUID_ASSERT();
29		59
@@ -50,8 +80,7 @@ void fs_mkdir(const char *name) {
50	drop_privs(0);	80	drop_privs(0);
51		81
52	// create directory	82	// create directory
53	if (mkdir(expanded, 0700) == -1)	83	mkdir_recursive(expanded);
54	fprintf(stderr, "Warning: cannot create %s directory\n", expanded);
55	exit(0);	84	exit(0);
56	}	85	}
57	// wait for the child to finish	86	// wait for the child to finish
@@ -101,4 +130,4 @@ void fs_mkfile(const char *name) {
101		130
102	doexit:	131	doexit:
103	free(expanded);	132	free(expanded);
104	} \ No newline at end of file	133	}


diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 504842a9e..7e33a6b45 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt
@@ -136,7 +136,7 @@ The directory is created if it doesn't already exist.
136	.br	136	.br
137	Use this command for whitelisted directories you need to preserve	137	Use this command for whitelisted directories you need to preserve
138	when the sandbox is closed. Without it, the application will create the directory, and the directory	138	when the sandbox is closed. Without it, the application will create the directory, and the directory
139	will be deleted when the sandbox is closed. Subdirectories also need to be created using mkdir. Example from	139	will be deleted when the sandbox is closed. Subdirectories are recursively created. Example from
140	firefox profile:	140	firefox profile:
141	.br	141	.br
142		142
@@ -145,17 +145,13 @@ mkdir ~/.mozilla
145	.br	145	.br
146	whitelist ~/.mozilla	146	whitelist ~/.mozilla
147	.br	147	.br
148	mkdir ~/.cache
149	.br
150	mkdir ~/.cache/mozilla
151	.br
152	mkdir ~/.cache/mozilla/firefox	148	mkdir ~/.cache/mozilla/firefox
153	.br	149	.br
154	whitelist ~/.cache/mozilla/firefox	150	whitelist ~/.cache/mozilla/firefox
155	.TP	151	.TP
156	\fBmkfile file	152	\fBmkfile file
157	Similar to mkdir, this command creates a file in user home before the sandbox is started.	153	Similar to mkdir, this command creates a file in user home before the sandbox is started.
158	The file is created if it doesn't already exist.	154	The file is created if it doesn't already exist, but it's target directory has to exist.
159	.TP	155	.TP
160	\fBnoexec file_or_directory	156	\fBnoexec file_or_directory
161	Remount the file or the directory noexec, nodev and nosuid.	157	Remount the file or the directory noexec, nodev and nosuid.