landlock: fix profile entries processed in reverse

When a new landlock entry is parsed from a profile, the first entry in the `cfg.lprofile` list is being set as the next/second entry and the new entry is being set as the first entry in the list, so all entries are being processed from last to first. This commit makes the behavior of ll_add_profile() match the one from profile_add() in src/firejail/profile.c so that the entries are processed in the same order that they are parsed. This amends commit b94cc754a ("landlock: apply rules in sandbox before app start", 2023-10-26) / PR #6078.
author: Kelvin M. Klann <kmk3.code@protonmail.com> 2023-11-14 16:25:56 -0300
committer: Kelvin M. Klann <kmk3.code@protonmail.com> 2023-12-05 11:41:13 -0300
commit: aa87789ad38e9017908fd1cfae6cc79c8db59eb7 (patch)
tree: c4b9a2fa87fff936626aaf2330d325665ed91b8d /src
parent: landlock: simplify variables in ll_add_profile (diff)
download: firejail-aa87789ad38e9017908fd1cfae6cc79c8db59eb7.tar.gz
firejail-aa87789ad38e9017908fd1cfae6cc79c8db59eb7.tar.zst
firejail-aa87789ad38e9017908fd1cfae6cc79c8db59eb7.zip
1 files changed, 16 insertions, 8 deletions
diff --git a/src/firejail/landlock.c b/src/firejail/landlock.c
index 163804053..d89b031a8 100644
--- a/src/firejail/landlock.c
+++ b/src/firejail/landlock.c
@@ -345,16 +345,24 @@ void ll_add_profile(int type, const char *data) {
        while (*data == ' ' || *data == '\t')
                data++;
-        LandlockEntry *ptr = malloc(sizeof(LandlockEntry));
+        LandlockEntry *entry = malloc(sizeof(LandlockEntry));
-        if (!ptr)
+        if (!entry)
                errExit("malloc");
-        memset(ptr, 0, sizeof(LandlockEntry));
+        memset(entry, 0, sizeof(LandlockEntry));
-        ptr->type = type;
+        entry->type = type;
-        ptr->data = strdup(data);
+        entry->data = strdup(data);
-        if (!ptr->data)
+        if (!entry->data)
                errExit("strdup");
-        ptr->next = cfg.lprofile;
-        cfg.lprofile = ptr;
+        // add entry to the list
+        if (cfg.lprofile == NULL) {
+                cfg.lprofile = entry;
+                return;
+        }
+        LandlockEntry *ptr = cfg.lprofile;
+        while (ptr->next != NULL)
+                ptr = ptr->next;
+        ptr->next = entry;
 }
 #endif /* HAVE_LANDLOCK */
author	Kelvin M. Klann <kmk3.code@protonmail.com>	2023-11-14 16:25:56 -0300
committer	Kelvin M. Klann <kmk3.code@protonmail.com>	2023-12-05 11:41:13 -0300
commit	aa87789ad38e9017908fd1cfae6cc79c8db59eb7 (patch)
tree	c4b9a2fa87fff936626aaf2330d325665ed91b8d /src
parent	landlock: simplify variables in ll_add_profile (diff)
download	firejail-aa87789ad38e9017908fd1cfae6cc79c8db59eb7.tar.gz firejail-aa87789ad38e9017908fd1cfae6cc79c8db59eb7.tar.zst firejail-aa87789ad38e9017908fd1cfae6cc79c8db59eb7.zip

diff --git a/src/firejail/landlock.c b/src/firejail/landlock.c index 163804053..d89b031a8 100644 --- a/src/firejail/landlock.c +++ b/src/firejail/landlock.c
@@ -345,16 +345,24 @@ void ll_add_profile(int type, const char *data) {
345	while (data == ' ' \|\| data == '\t')	345	while (data == ' ' \|\| data == '\t')
346	data++;	346	data++;
347		347
348	LandlockEntry *ptr = malloc(sizeof(LandlockEntry));	348	LandlockEntry *entry = malloc(sizeof(LandlockEntry));
349	if (!ptr)	349	if (!entry)
350	errExit("malloc");	350	errExit("malloc");
351	memset(ptr, 0, sizeof(LandlockEntry));	351	memset(entry, 0, sizeof(LandlockEntry));
352	ptr->type = type;	352	entry->type = type;
353	ptr->data = strdup(data);	353	entry->data = strdup(data);
354	if (!ptr->data)	354	if (!entry->data)
355	errExit("strdup");	355	errExit("strdup");
356	ptr->next = cfg.lprofile;	356
357	cfg.lprofile = ptr;	357	// add entry to the list
		358	if (cfg.lprofile == NULL) {
		359	cfg.lprofile = entry;
		360	return;
		361	}
		362	LandlockEntry *ptr = cfg.lprofile;
		363	while (ptr->next != NULL)
		364	ptr = ptr->next;
		365	ptr->next = entry;
358	}	366	}
359		367
360	#endif /* HAVE_LANDLOCK */	368	#endif /* HAVE_LANDLOCK */