diff options
author | netblue30 <netblue30@yahoo.com> | 2016-11-14 07:53:22 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-11-14 07:53:22 -0500 |
commit | 745742f17378cde52591c1aa8e112445022abb2d (patch) | |
tree | efc2e0bd25435a5ba89d6db2d3bd6981270ed6ea /src | |
parent | testing (diff) | |
download | firejail-745742f17378cde52591c1aa8e112445022abb2d.tar.gz firejail-745742f17378cde52591c1aa8e112445022abb2d.tar.zst firejail-745742f17378cde52591c1aa8e112445022abb2d.zip |
cleanup
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/caps.c | 13 | ||||
-rw-r--r-- | src/firejail/fs_whitelist.c | 55 |
2 files changed, 9 insertions, 59 deletions
diff --git a/src/firejail/caps.c b/src/firejail/caps.c index 3fd8b576e..ba811cada 100644 --- a/src/firejail/caps.c +++ b/src/firejail/caps.c | |||
@@ -168,17 +168,6 @@ static CapsEntry capslist[] = { | |||
168 | // | 168 | // |
169 | }; // end of capslist | 169 | }; // end of capslist |
170 | 170 | ||
171 | const char *caps_find_nr(int nr) { | ||
172 | int i; | ||
173 | int elems = sizeof(capslist) / sizeof(capslist[0]); | ||
174 | for (i = 0; i < elems; i++) { | ||
175 | if (nr == capslist[i].nr) | ||
176 | return capslist[i].name; | ||
177 | } | ||
178 | |||
179 | return "unknown"; | ||
180 | } | ||
181 | |||
182 | // return -1 if error, or syscall number | 171 | // return -1 if error, or syscall number |
183 | static int caps_find_name(const char *name) { | 172 | static int caps_find_name(const char *name) { |
184 | int i; | 173 | int i; |
@@ -397,7 +386,7 @@ static uint64_t extract_caps(int pid) { | |||
397 | } | 386 | } |
398 | fclose(fp); | 387 | fclose(fp); |
399 | free(file); | 388 | free(file); |
400 | printf("Error: cannot read caps configuration\n"); | 389 | fprintf(stderr, "Error: cannot read caps configuration\n"); |
401 | exit(1); | 390 | exit(1); |
402 | } | 391 | } |
403 | 392 | ||
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 9d8021219..564dc8290 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -530,11 +530,7 @@ void fs_whitelist(void) { | |||
530 | // /home/user | 530 | // /home/user |
531 | if (home_dir) { | 531 | if (home_dir) { |
532 | // keep a copy of real home dir in RUN_WHITELIST_HOME_USER_DIR | 532 | // keep a copy of real home dir in RUN_WHITELIST_HOME_USER_DIR |
533 | int rv = mkdir(RUN_WHITELIST_HOME_USER_DIR, 0755); | 533 | mkdir_attr(RUN_WHITELIST_HOME_USER_DIR, 0755, getuid(), getgid()); |
534 | if (rv == -1) | ||
535 | errExit("mkdir"); | ||
536 | if (set_perms(RUN_WHITELIST_HOME_USER_DIR, getuid(), getgid(), 0755)) | ||
537 | errExit("set_perms"); | ||
538 | if (mount(cfg.homedir, RUN_WHITELIST_HOME_USER_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) | 534 | if (mount(cfg.homedir, RUN_WHITELIST_HOME_USER_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) |
539 | errExit("mount bind"); | 535 | errExit("mount bind"); |
540 | 536 | ||
@@ -545,12 +541,7 @@ void fs_whitelist(void) { | |||
545 | // /tmp mountpoint | 541 | // /tmp mountpoint |
546 | if (tmp_dir) { | 542 | if (tmp_dir) { |
547 | // keep a copy of real /tmp directory in | 543 | // keep a copy of real /tmp directory in |
548 | int rv = mkdir(RUN_WHITELIST_TMP_DIR, 1777); | 544 | mkdir_attr(RUN_WHITELIST_TMP_DIR, 1777, 0, 0); |
549 | if (rv == -1) | ||
550 | errExit("mkdir"); | ||
551 | if (set_perms(RUN_WHITELIST_TMP_DIR, 0, 0, 1777)) | ||
552 | errExit("set_perms"); | ||
553 | |||
554 | if (mount("/tmp", RUN_WHITELIST_TMP_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) | 545 | if (mount("/tmp", RUN_WHITELIST_TMP_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) |
555 | errExit("mount bind"); | 546 | errExit("mount bind"); |
556 | 547 | ||
@@ -568,12 +559,7 @@ void fs_whitelist(void) { | |||
568 | struct stat s; | 559 | struct stat s; |
569 | if (stat("/media", &s) == 0) { | 560 | if (stat("/media", &s) == 0) { |
570 | // keep a copy of real /media directory in RUN_WHITELIST_MEDIA_DIR | 561 | // keep a copy of real /media directory in RUN_WHITELIST_MEDIA_DIR |
571 | int rv = mkdir(RUN_WHITELIST_MEDIA_DIR, 0755); | 562 | mkdir_attr(RUN_WHITELIST_MEDIA_DIR, 0755, 0, 0); |
572 | if (rv == -1) | ||
573 | errExit("mkdir"); | ||
574 | if (set_perms(RUN_WHITELIST_MEDIA_DIR, 0, 0, 0755)) | ||
575 | errExit("set_perms"); | ||
576 | |||
577 | if (mount("/media", RUN_WHITELIST_MEDIA_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) | 563 | if (mount("/media", RUN_WHITELIST_MEDIA_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) |
578 | errExit("mount bind"); | 564 | errExit("mount bind"); |
579 | 565 | ||
@@ -594,12 +580,7 @@ void fs_whitelist(void) { | |||
594 | struct stat s; | 580 | struct stat s; |
595 | if (stat("/mnt", &s) == 0) { | 581 | if (stat("/mnt", &s) == 0) { |
596 | // keep a copy of real /mnt directory in RUN_WHITELIST_MNT_DIR | 582 | // keep a copy of real /mnt directory in RUN_WHITELIST_MNT_DIR |
597 | int rv = mkdir(RUN_WHITELIST_MNT_DIR, 0755); | 583 | mkdir_attr(RUN_WHITELIST_MNT_DIR, 0755, 0, 0); |
598 | if (rv == -1) | ||
599 | errExit("mkdir"); | ||
600 | if (set_perms(RUN_WHITELIST_MNT_DIR, 0, 0, 0755)) | ||
601 | errExit("set_perms"); | ||
602 | |||
603 | if (mount("/mnt", RUN_WHITELIST_MNT_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) | 584 | if (mount("/mnt", RUN_WHITELIST_MNT_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) |
604 | errExit("mount bind"); | 585 | errExit("mount bind"); |
605 | 586 | ||
@@ -618,12 +599,7 @@ void fs_whitelist(void) { | |||
618 | // /var mountpoint | 599 | // /var mountpoint |
619 | if (var_dir) { | 600 | if (var_dir) { |
620 | // keep a copy of real /var directory in RUN_WHITELIST_VAR_DIR | 601 | // keep a copy of real /var directory in RUN_WHITELIST_VAR_DIR |
621 | int rv = mkdir(RUN_WHITELIST_VAR_DIR, 0755); | 602 | mkdir_attr(RUN_WHITELIST_VAR_DIR, 0755, 0, 0); |
622 | if (rv == -1) | ||
623 | errExit("mkdir"); | ||
624 | if (set_perms(RUN_WHITELIST_VAR_DIR, 0, 0, 0755)) | ||
625 | errExit("set_perms"); | ||
626 | |||
627 | if (mount("/var", RUN_WHITELIST_VAR_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) | 603 | if (mount("/var", RUN_WHITELIST_VAR_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) |
628 | errExit("mount bind"); | 604 | errExit("mount bind"); |
629 | 605 | ||
@@ -638,12 +614,7 @@ void fs_whitelist(void) { | |||
638 | // /dev mountpoint | 614 | // /dev mountpoint |
639 | if (dev_dir) { | 615 | if (dev_dir) { |
640 | // keep a copy of real /dev directory in RUN_WHITELIST_DEV_DIR | 616 | // keep a copy of real /dev directory in RUN_WHITELIST_DEV_DIR |
641 | int rv = mkdir(RUN_WHITELIST_DEV_DIR, 0755); | 617 | mkdir_attr(RUN_WHITELIST_DEV_DIR, 0755, 0, 0); |
642 | if (rv == -1) | ||
643 | errExit("mkdir"); | ||
644 | if (set_perms(RUN_WHITELIST_DEV_DIR, 0, 0, 0755)) | ||
645 | errExit("set_perms"); | ||
646 | |||
647 | if (mount("/dev", RUN_WHITELIST_DEV_DIR, NULL, MS_BIND|MS_REC, "mode=755,gid=0") < 0) | 618 | if (mount("/dev", RUN_WHITELIST_DEV_DIR, NULL, MS_BIND|MS_REC, "mode=755,gid=0") < 0) |
648 | errExit("mount bind"); | 619 | errExit("mount bind"); |
649 | 620 | ||
@@ -658,12 +629,7 @@ void fs_whitelist(void) { | |||
658 | // /opt mountpoint | 629 | // /opt mountpoint |
659 | if (opt_dir) { | 630 | if (opt_dir) { |
660 | // keep a copy of real /opt directory in RUN_WHITELIST_OPT_DIR | 631 | // keep a copy of real /opt directory in RUN_WHITELIST_OPT_DIR |
661 | int rv = mkdir(RUN_WHITELIST_OPT_DIR, 0755); | 632 | mkdir_attr(RUN_WHITELIST_OPT_DIR, 0755, 0, 0); |
662 | if (rv == -1) | ||
663 | errExit("mkdir"); | ||
664 | if (set_perms(RUN_WHITELIST_OPT_DIR, 0, 0, 0755)) | ||
665 | errExit("set_perms"); | ||
666 | |||
667 | if (mount("/opt", RUN_WHITELIST_OPT_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) | 633 | if (mount("/opt", RUN_WHITELIST_OPT_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) |
668 | errExit("mount bind"); | 634 | errExit("mount bind"); |
669 | 635 | ||
@@ -681,12 +647,7 @@ void fs_whitelist(void) { | |||
681 | struct stat s; | 647 | struct stat s; |
682 | if (stat("/srv", &s) == 0) { | 648 | if (stat("/srv", &s) == 0) { |
683 | // keep a copy of real /srv directory in RUN_WHITELIST_SRV_DIR | 649 | // keep a copy of real /srv directory in RUN_WHITELIST_SRV_DIR |
684 | int rv = mkdir(RUN_WHITELIST_SRV_DIR, 0755); | 650 | mkdir_attr(RUN_WHITELIST_SRV_DIR, 0755, 0, 0); |
685 | if (rv == -1) | ||
686 | errExit("mkdir"); | ||
687 | if (set_perms(RUN_WHITELIST_SRV_DIR, 0, 0, 0755)) | ||
688 | errExit("set_perms"); | ||
689 | |||
690 | if (mount("/srv", RUN_WHITELIST_SRV_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) | 651 | if (mount("/srv", RUN_WHITELIST_SRV_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) |
691 | errExit("mount bind"); | 652 | errExit("mount bind"); |
692 | 653 | ||