diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2021-10-02 12:43:35 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2021-10-02 15:41:02 -0300 |
commit | 3050ef0353e002a3c33214f039a64c2871650ca2 (patch) | |
tree | 94f9a64ca7144b6e38b49ae5b80ec4484667253c /src | |
parent | Merge pull request #4585 from smitsohu/euid (diff) | |
download | firejail-3050ef0353e002a3c33214f039a64c2871650ca2.tar.gz firejail-3050ef0353e002a3c33214f039a64c2871650ca2.tar.zst firejail-3050ef0353e002a3c33214f039a64c2871650ca2.zip |
s/S_IWRITE/S_IWUSR/
They are equivalent, but only the latter is POSIX. See sys_stat.h(0p)
of POSIX.1-2017[1]. From Section 14.9.5, The Mode Bits for Access
Permission of the glibc manual[2]:
> S_IWUSR
> S_IWRITE
>
> Write permission bit for the owner of the file. Usually 0200.
> S_IWRITE is an obsolete synonym provided for BSD compatibility.
Current usage:
$ git grep -F S_IWRITE -- src | wc -l
11
$ git grep -F S_IWUSR -- src | wc -l
26
Commands used to search and replace:
$ git grep -l -z S_IWRITE -- src | xargs -0 -I '{}' sh -c \
"printf '%s\n' \"\`sed 's/S_IWRITE/S_IWUSR/g' '{}'\`\" >'{}'"
Note: The other related non-POSIX macros are not used anywhere:
$ git grep -F -e S_IREAD -e S_IEXEC -- src
$
[1] https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/sys_stat.h.html
[2] https://www.gnu.org/software/libc/manual/html_node/Permission-Bits.html
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/chroot.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_hostname.c | 4 | ||||
-rw-r--r-- | src/firejail/fs_trace.c | 6 | ||||
-rw-r--r-- | src/firejail/fs_var.c | 6 | ||||
-rw-r--r-- | src/firejail/ls.c | 2 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 2 |
6 files changed, 11 insertions, 11 deletions
diff --git a/src/firejail/chroot.c b/src/firejail/chroot.c index 37ec22117..9425638ea 100644 --- a/src/firejail/chroot.c +++ b/src/firejail/chroot.c | |||
@@ -86,7 +86,7 @@ static void update_file(int parentfd, const char *relpath) { | |||
86 | if (arg_debug) | 86 | if (arg_debug) |
87 | printf("Updating chroot /%s\n", relpath); | 87 | printf("Updating chroot /%s\n", relpath); |
88 | unlinkat(parentfd, relpath, 0); | 88 | unlinkat(parentfd, relpath, 0); |
89 | int out = openat(parentfd, relpath, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 89 | int out = openat(parentfd, relpath, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
90 | if (out == -1) { | 90 | if (out == -1) { |
91 | close(in); | 91 | close(in); |
92 | goto errout; | 92 | goto errout; |
diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c index 7d320e90b..43f6e658e 100644 --- a/src/firejail/fs_hostname.c +++ b/src/firejail/fs_hostname.c | |||
@@ -33,7 +33,7 @@ void fs_hostname(const char *hostname) { | |||
33 | if (arg_debug) | 33 | if (arg_debug) |
34 | printf("Creating a new /etc/hostname file\n"); | 34 | printf("Creating a new /etc/hostname file\n"); |
35 | 35 | ||
36 | create_empty_file_as_root(RUN_HOSTNAME_FILE, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 36 | create_empty_file_as_root(RUN_HOSTNAME_FILE, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
37 | 37 | ||
38 | // bind-mount the file on top of /etc/hostname | 38 | // bind-mount the file on top of /etc/hostname |
39 | if (mount(RUN_HOSTNAME_FILE, "/etc/hostname", NULL, MS_BIND|MS_REC, NULL) < 0) | 39 | if (mount(RUN_HOSTNAME_FILE, "/etc/hostname", NULL, MS_BIND|MS_REC, NULL) < 0) |
@@ -75,7 +75,7 @@ void fs_hostname(const char *hostname) { | |||
75 | } | 75 | } |
76 | fclose(fp1); | 76 | fclose(fp1); |
77 | // mode and owner | 77 | // mode and owner |
78 | SET_PERMS_STREAM(fp2, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 78 | SET_PERMS_STREAM(fp2, 0, 0, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
79 | fclose(fp2); | 79 | fclose(fp2); |
80 | 80 | ||
81 | // bind-mount the file on top of /etc/hostname | 81 | // bind-mount the file on top of /etc/hostname |
diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c index 475a391ec..dd9abe253 100644 --- a/src/firejail/fs_trace.c +++ b/src/firejail/fs_trace.c | |||
@@ -36,7 +36,7 @@ void fs_trace_preload(void) { | |||
36 | FILE *fp = fopen("/etc/ld.so.preload", "wxe"); | 36 | FILE *fp = fopen("/etc/ld.so.preload", "wxe"); |
37 | if (!fp) | 37 | if (!fp) |
38 | errExit("fopen"); | 38 | errExit("fopen"); |
39 | SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 39 | SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
40 | fclose(fp); | 40 | fclose(fp); |
41 | fs_logger("touch /etc/ld.so.preload"); | 41 | fs_logger("touch /etc/ld.so.preload"); |
42 | } | 42 | } |
@@ -47,7 +47,7 @@ void fs_tracefile(void) { | |||
47 | if (arg_debug) | 47 | if (arg_debug) |
48 | printf("Creating an empty trace log file: %s\n", arg_tracefile); | 48 | printf("Creating an empty trace log file: %s\n", arg_tracefile); |
49 | EUID_USER(); | 49 | EUID_USER(); |
50 | int fd = open(arg_tracefile, O_CREAT|O_WRONLY|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 50 | int fd = open(arg_tracefile, O_CREAT|O_WRONLY|O_CLOEXEC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
51 | if (fd == -1) { | 51 | if (fd == -1) { |
52 | perror("open"); | 52 | perror("open"); |
53 | fprintf(stderr, "Error: cannot open trace log file %s for writing\n", arg_tracefile); | 53 | fprintf(stderr, "Error: cannot open trace log file %s for writing\n", arg_tracefile); |
@@ -100,7 +100,7 @@ void fs_trace(void) { | |||
100 | fmessage("Post-exec seccomp protector enabled\n"); | 100 | fmessage("Post-exec seccomp protector enabled\n"); |
101 | } | 101 | } |
102 | 102 | ||
103 | SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 103 | SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
104 | fclose(fp); | 104 | fclose(fp); |
105 | 105 | ||
106 | // mount the new preload file | 106 | // mount the new preload file |
diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c index 20e262d80..12ffd8383 100644 --- a/src/firejail/fs_var.c +++ b/src/firejail/fs_var.c | |||
@@ -129,7 +129,7 @@ void fs_var_log(void) { | |||
129 | /* coverity[toctou] */ | 129 | /* coverity[toctou] */ |
130 | FILE *fp = fopen("/var/log/wtmp", "wxe"); | 130 | FILE *fp = fopen("/var/log/wtmp", "wxe"); |
131 | if (fp) { | 131 | if (fp) { |
132 | SET_PERMS_STREAM(fp, 0, wtmp_group, S_IRUSR | S_IWRITE | S_IRGRP | S_IWGRP | S_IROTH); | 132 | SET_PERMS_STREAM(fp, 0, wtmp_group, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH); |
133 | fclose(fp); | 133 | fclose(fp); |
134 | } | 134 | } |
135 | fs_logger("touch /var/log/wtmp"); | 135 | fs_logger("touch /var/log/wtmp"); |
@@ -137,7 +137,7 @@ void fs_var_log(void) { | |||
137 | // create an empty /var/log/btmp file | 137 | // create an empty /var/log/btmp file |
138 | fp = fopen("/var/log/btmp", "wxe"); | 138 | fp = fopen("/var/log/btmp", "wxe"); |
139 | if (fp) { | 139 | if (fp) { |
140 | SET_PERMS_STREAM(fp, 0, wtmp_group, S_IRUSR | S_IWRITE | S_IRGRP | S_IWGRP); | 140 | SET_PERMS_STREAM(fp, 0, wtmp_group, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); |
141 | fclose(fp); | 141 | fclose(fp); |
142 | } | 142 | } |
143 | fs_logger("touch /var/log/btmp"); | 143 | fs_logger("touch /var/log/btmp"); |
@@ -314,7 +314,7 @@ void fs_var_utmp(void) { | |||
314 | // save new utmp file | 314 | // save new utmp file |
315 | int rv = fwrite(&u_boot, sizeof(u_boot), 1, fp); | 315 | int rv = fwrite(&u_boot, sizeof(u_boot), 1, fp); |
316 | (void) rv; | 316 | (void) rv; |
317 | SET_PERMS_STREAM(fp, 0, utmp_group, S_IRUSR | S_IWRITE | S_IRGRP | S_IWGRP | S_IROTH); | 317 | SET_PERMS_STREAM(fp, 0, utmp_group, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH); |
318 | fclose(fp); | 318 | fclose(fp); |
319 | 319 | ||
320 | // mount the new utmp file | 320 | // mount the new utmp file |
diff --git a/src/firejail/ls.c b/src/firejail/ls.c index 70985ba9e..53e918dde 100644 --- a/src/firejail/ls.c +++ b/src/firejail/ls.c | |||
@@ -305,7 +305,7 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { | |||
305 | } | 305 | } |
306 | // create destination file if necessary | 306 | // create destination file if necessary |
307 | EUID_ASSERT(); | 307 | EUID_ASSERT(); |
308 | int fd = open(dest_fname, O_WRONLY|O_CREAT|O_CLOEXEC, S_IRUSR | S_IWRITE); | 308 | int fd = open(dest_fname, O_WRONLY|O_CREAT|O_CLOEXEC, S_IRUSR | S_IWUSR); |
309 | if (fd == -1) { | 309 | if (fd == -1) { |
310 | fprintf(stderr, "Error: cannot open %s for writing\n", dest_fname); | 310 | fprintf(stderr, "Error: cannot open %s for writing\n", dest_fname); |
311 | exit(1); | 311 | exit(1); |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 83e50aee2..5e0e849b9 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -204,7 +204,7 @@ static void save_umask(void) { | |||
204 | } | 204 | } |
205 | 205 | ||
206 | static char *create_join_file(void) { | 206 | static char *create_join_file(void) { |
207 | int fd = open(RUN_JOIN_FILE, O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 207 | int fd = open(RUN_JOIN_FILE, O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
208 | if (fd == -1) | 208 | if (fd == -1) |
209 | errExit("open"); | 209 | errExit("open"); |
210 | if (ftruncate(fd, 1) == -1) | 210 | if (ftruncate(fd, 1) == -1) |