little tweaks, cosmetic changes

author: smitsohu <smitsohu@gmail.com> 2018-10-26 22:47:48 +0200
committer: smitsohu <smitsohu@gmail.com> 2018-10-26 22:47:48 +0200
commit: 922c4a10abe52d9f2c1e1b1c932a43076822920f (patch)
tree: d22523938f1a78eb06d7713c12301c7a91c368b6 /src
parent: Merge pull request #2218 from smitsohu/mounts2 (diff)
download: firejail-922c4a10abe52d9f2c1e1b1c932a43076822920f.tar.gz
firejail-922c4a10abe52d9f2c1e1b1c932a43076822920f.tar.zst
firejail-922c4a10abe52d9f2c1e1b1c932a43076822920f.zip
3 files changed, 28 insertions, 31 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index d5733e678..2d96863c5 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -561,7 +561,7 @@ typedef struct {
 // mountinfo.c
 MountData *get_last_mount(void);
 int get_mount_id(const char *path);
-char **get_all_mounts(const int mountid, const char *path);
+char **build_mount_array(const int mountid, const char *path);
 // fs_var.c
 void fs_var_log(void);  // mounting /var/log
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 6fe9d56aa..eda46d127 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -485,12 +485,12 @@ void fs_rdonly_rec(const char *dir) {
        EUID_USER();
        // get mount point of the directory
        int mountid = get_mount_id(dir);
-        if (mountid == 0) {
+        if (mountid == -1) {
                EUID_ROOT();
                return;
        }
        // build array with all mount points that need to get remounted
-        char **arr = get_all_mounts(mountid, dir);
+        char **arr = build_mount_array(mountid, dir);
        assert(arr);
        // remount
        EUID_ROOT();
@@ -543,12 +543,12 @@ static void fs_rdwr_rec(const char *dir) {
        EUID_USER();
        // get mount point of the directory
        int mountid = get_mount_id(dir);
-        if (mountid == 0) {
+        if (mountid == -1) {
                EUID_ROOT();
                return;
        }
        // build array with all mount points that need to get remounted
-        char **arr = get_all_mounts(mountid, dir);
+        char **arr = build_mount_array(mountid, dir);
        assert(arr);
        // remount
        EUID_ROOT();
@@ -589,12 +589,12 @@ void fs_noexec_rec(const char *dir) {
        EUID_USER();
        // get mount point of the directory
        int mountid = get_mount_id(dir);
-        if (mountid == 0) {
+        if (mountid == -1) {
                EUID_ROOT();
                return;
        }
        // build array with all mount points that need to get remounted
-        char **arr = get_all_mounts(mountid, dir);
+        char **arr = build_mount_array(mountid, dir);
        assert(arr);
        // remount
        EUID_ROOT();
@@ -809,20 +809,17 @@ void fs_basic_fs(void) {
        uid_t uid = getuid();
        if (arg_debug)
-                printf("Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr");
+                printf("Basic read-only filesystem:\n");
        if (!arg_writable_etc) {
                fs_rdonly("/etc");
                if (uid)
                        fs_noexec("/etc");
-                if (arg_debug) printf(", /etc");
        }
        if (!arg_writable_var) {
                fs_rdonly("/var");
                if (uid)
                        fs_noexec("/var");
-                if (arg_debug) printf(", /var");
        }
-        if (arg_debug) printf("\n");
        fs_rdonly("/bin");
        fs_rdonly("/sbin");
        fs_rdonly("/lib");
diff --git a/src/firejail/mountinfo.c b/src/firejail/mountinfo.c
index b7760ba67..b7e6c6fdd 100644
--- a/src/firejail/mountinfo.c
+++ b/src/firejail/mountinfo.c
@@ -67,7 +67,7 @@ static void unmangle_path(char *path) {
 // Parse a line from /proc/self/mountinfo,
 // the function does an exit(1) if anything goes wrong.
 static void parse_line(char *line, MountData *output) {
-        assert(line && *line);
+        assert(line && output);
        memset(output, 0, sizeof(*output));
        // extract filesystem name, directory and filesystem types
        // examples:
@@ -156,7 +156,7 @@ int get_mount_id(const char *path) {
        EUID_ASSERT();
        int fd = open(path, O_PATH|O_CLOEXEC);
        if (fd == -1)
-                return 0;
+                return -1;
        char *fdinfo;
        if (asprintf(&fdinfo, "/proc/self/fdinfo/%d", fd) == -1)
@@ -166,31 +166,31 @@ int get_mount_id(const char *path) {
        EUID_USER();
        if (!fp)
                goto errexit;
-        // go to the last line
+        // read the file
        char buf[MAX_BUF];
-        while (fgets(buf, MAX_BUF, fp));
+        while (fgets(buf, MAX_BUF, fp)) {
-        fclose(fp);
+                if (strncmp(buf, "mnt_id:", 7) == 0) {
-        close(fd);
+                        char *ptr = buf + 7;
-        // go to the mount id
+                        while (*ptr != '\0' && (*ptr == ' ' || *ptr == '\t')) {
-        if (strncmp(buf, "mnt_id:", 7) != 0)
+                                ptr++;
-                goto errexit;
+                        }
-        char *ptr = buf + 7;
+                        if (*ptr == '\0')
-        while (*ptr != '\0' && (*ptr == ' ' || *ptr == '\t')) {
+                                goto errexit;
-                ptr++;
+                        fclose(fp);
+                        close(fd);
+                        free(fdinfo);
+                        return atoi(ptr);
+                }
        }
-        if (*ptr == '\0')
-                goto errexit;
-        free(fdinfo);
-        return atoi(ptr);
 errexit:
-        fprintf(stderr, "Error: cannot read file in /proc/self/fdinfo\n");
+        fprintf(stderr, "Error: cannot read %s\n", fdinfo);
        exit(1);
 }
 // Return array with all paths that might need a remount.
-char **get_all_mounts(const int mountid, const char *path) {
+char **build_mount_array(const int mountid, const char *path) {
        // open /proc/self/mountinfo
        FILE *fp = fopen("/proc/self/mountinfo", "re");
        if (!fp) {
@@ -244,7 +244,7 @@ char **get_all_mounts(const int mountid, const char *path) {
                                        errExit("realloc");
                        }
                        rv[cnt] = strdup(mdata.dir);
-                        if (!rv[cnt])
+                        if (rv[cnt] == NULL)
                                errExit("strdup");
                        cnt++;
                }
author	smitsohu <smitsohu@gmail.com>	2018-10-26 22:47:48 +0200
committer	smitsohu <smitsohu@gmail.com>	2018-10-26 22:47:48 +0200
commit	922c4a10abe52d9f2c1e1b1c932a43076822920f (patch)
tree	d22523938f1a78eb06d7713c12301c7a91c368b6 /src
parent	Merge pull request #2218 from smitsohu/mounts2 (diff)
download	firejail-922c4a10abe52d9f2c1e1b1c932a43076822920f.tar.gz firejail-922c4a10abe52d9f2c1e1b1c932a43076822920f.tar.zst firejail-922c4a10abe52d9f2c1e1b1c932a43076822920f.zip

diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index d5733e678..2d96863c5 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h
@@ -561,7 +561,7 @@ typedef struct {
561	// mountinfo.c	561	// mountinfo.c
562	MountData *get_last_mount(void);	562	MountData *get_last_mount(void);
563	int get_mount_id(const char *path);	563	int get_mount_id(const char *path);
564	char *get_all_mounts(const int mountid, const char path);	564	char *build_mount_array(const int mountid, const char path);
565		565
566	// fs_var.c	566	// fs_var.c
567	void fs_var_log(void); // mounting /var/log	567	void fs_var_log(void); // mounting /var/log


diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 6fe9d56aa..eda46d127 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c
@@ -485,12 +485,12 @@ void fs_rdonly_rec(const char *dir) {
485	EUID_USER();	485	EUID_USER();
486	// get mount point of the directory	486	// get mount point of the directory
487	int mountid = get_mount_id(dir);	487	int mountid = get_mount_id(dir);
488	if (mountid == 0) {	488	if (mountid == -1) {
489	EUID_ROOT();	489	EUID_ROOT();
490	return;	490	return;
491	}	491	}
492	// build array with all mount points that need to get remounted	492	// build array with all mount points that need to get remounted
493	char **arr = get_all_mounts(mountid, dir);	493	char **arr = build_mount_array(mountid, dir);
494	assert(arr);	494	assert(arr);
495	// remount	495	// remount
496	EUID_ROOT();	496	EUID_ROOT();
@@ -543,12 +543,12 @@ static void fs_rdwr_rec(const char *dir) {
543	EUID_USER();	543	EUID_USER();
544	// get mount point of the directory	544	// get mount point of the directory
545	int mountid = get_mount_id(dir);	545	int mountid = get_mount_id(dir);
546	if (mountid == 0) {	546	if (mountid == -1) {
547	EUID_ROOT();	547	EUID_ROOT();
548	return;	548	return;
549	}	549	}
550	// build array with all mount points that need to get remounted	550	// build array with all mount points that need to get remounted
551	char **arr = get_all_mounts(mountid, dir);	551	char **arr = build_mount_array(mountid, dir);
552	assert(arr);	552	assert(arr);
553	// remount	553	// remount
554	EUID_ROOT();	554	EUID_ROOT();
@@ -589,12 +589,12 @@ void fs_noexec_rec(const char *dir) {
589	EUID_USER();	589	EUID_USER();
590	// get mount point of the directory	590	// get mount point of the directory
591	int mountid = get_mount_id(dir);	591	int mountid = get_mount_id(dir);
592	if (mountid == 0) {	592	if (mountid == -1) {
593	EUID_ROOT();	593	EUID_ROOT();
594	return;	594	return;
595	}	595	}
596	// build array with all mount points that need to get remounted	596	// build array with all mount points that need to get remounted
597	char **arr = get_all_mounts(mountid, dir);	597	char **arr = build_mount_array(mountid, dir);
598	assert(arr);	598	assert(arr);
599	// remount	599	// remount
600	EUID_ROOT();	600	EUID_ROOT();
@@ -809,20 +809,17 @@ void fs_basic_fs(void) {
809	uid_t uid = getuid();	809	uid_t uid = getuid();
810		810
811	if (arg_debug)	811	if (arg_debug)
812	printf("Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr");	812	printf("Basic read-only filesystem:\n");
813	if (!arg_writable_etc) {	813	if (!arg_writable_etc) {
814	fs_rdonly("/etc");	814	fs_rdonly("/etc");
815	if (uid)	815	if (uid)
816	fs_noexec("/etc");	816	fs_noexec("/etc");
817	if (arg_debug) printf(", /etc");
818	}	817	}
819	if (!arg_writable_var) {	818	if (!arg_writable_var) {
820	fs_rdonly("/var");	819	fs_rdonly("/var");
821	if (uid)	820	if (uid)
822	fs_noexec("/var");	821	fs_noexec("/var");
823	if (arg_debug) printf(", /var");
824	}	822	}
825	if (arg_debug) printf("\n");
826	fs_rdonly("/bin");	823	fs_rdonly("/bin");
827	fs_rdonly("/sbin");	824	fs_rdonly("/sbin");
828	fs_rdonly("/lib");	825	fs_rdonly("/lib");


diff --git a/src/firejail/mountinfo.c b/src/firejail/mountinfo.c index b7760ba67..b7e6c6fdd 100644 --- a/src/firejail/mountinfo.c +++ b/src/firejail/mountinfo.c
@@ -67,7 +67,7 @@ static void unmangle_path(char *path) {
67	// Parse a line from /proc/self/mountinfo,	67	// Parse a line from /proc/self/mountinfo,
68	// the function does an exit(1) if anything goes wrong.	68	// the function does an exit(1) if anything goes wrong.
69	static void parse_line(char line, MountData output) {	69	static void parse_line(char line, MountData output) {
70	assert(line && *line);	70	assert(line && output);
71	memset(output, 0, sizeof(*output));	71	memset(output, 0, sizeof(*output));
72	// extract filesystem name, directory and filesystem types	72	// extract filesystem name, directory and filesystem types
73	// examples:	73	// examples:
@@ -156,7 +156,7 @@ int get_mount_id(const char *path) {
156	EUID_ASSERT();	156	EUID_ASSERT();
157	int fd = open(path, O_PATH\|O_CLOEXEC);	157	int fd = open(path, O_PATH\|O_CLOEXEC);
158	if (fd == -1)	158	if (fd == -1)
159	return 0;	159	return -1;
160		160
161	char *fdinfo;	161	char *fdinfo;
162	if (asprintf(&fdinfo, "/proc/self/fdinfo/%d", fd) == -1)	162	if (asprintf(&fdinfo, "/proc/self/fdinfo/%d", fd) == -1)
@@ -166,31 +166,31 @@ int get_mount_id(const char *path) {
166	EUID_USER();	166	EUID_USER();
167	if (!fp)	167	if (!fp)
168	goto errexit;	168	goto errexit;
169	// go to the last line	169
		170	// read the file
170	char buf[MAX_BUF];	171	char buf[MAX_BUF];
171	while (fgets(buf, MAX_BUF, fp));	172	while (fgets(buf, MAX_BUF, fp)) {
172	fclose(fp);	173	if (strncmp(buf, "mnt_id:", 7) == 0) {
173	close(fd);	174	char *ptr = buf + 7;
174	// go to the mount id	175	while (ptr != '\0' && (ptr == ' ' \|\| *ptr == '\t')) {
175	if (strncmp(buf, "mnt_id:", 7) != 0)	176	ptr++;
176	goto errexit;	177	}
177	char *ptr = buf + 7;	178	if (*ptr == '\0')
178	while (ptr != '\0' && (ptr == ' ' \|\| *ptr == '\t')) {	179	goto errexit;
179	ptr++;	180	fclose(fp);
		181	close(fd);
		182	free(fdinfo);
		183	return atoi(ptr);
		184	}
180	}	185	}
181	if (*ptr == '\0')
182	goto errexit;
183	free(fdinfo);
184
185	return atoi(ptr);
186		186
187	errexit:	187	errexit:
188	fprintf(stderr, "Error: cannot read file in /proc/self/fdinfo\n");	188	fprintf(stderr, "Error: cannot read %s\n", fdinfo);
189	exit(1);	189	exit(1);
190	}	190	}
191		191
192	// Return array with all paths that might need a remount.	192	// Return array with all paths that might need a remount.
193	char *get_all_mounts(const int mountid, const char path) {	193	char *build_mount_array(const int mountid, const char path) {
194	// open /proc/self/mountinfo	194	// open /proc/self/mountinfo
195	FILE *fp = fopen("/proc/self/mountinfo", "re");	195	FILE *fp = fopen("/proc/self/mountinfo", "re");
196	if (!fp) {	196	if (!fp) {
@@ -244,7 +244,7 @@ char *get_all_mounts(const int mountid, const char path) {
244	errExit("realloc");	244	errExit("realloc");
245	}	245	}
246	rv[cnt] = strdup(mdata.dir);	246	rv[cnt] = strdup(mdata.dir);
247	if (!rv[cnt])	247	if (rv[cnt] == NULL)
248	errExit("strdup");	248	errExit("strdup");
249	cnt++;	249	cnt++;
250	}	250	}