diff options
author | Aleksey Manevich <manevich.aleksey@gmail.com> | 2016-08-23 10:00:31 +0300 |
---|---|---|
committer | Aleksey Manevich <manevich.aleksey@gmail.com> | 2016-08-23 13:01:18 +0300 |
commit | b1de742a08cccb5f3ae7e2a8fa851aa0059c92f4 (patch) | |
tree | 8f9d42a1499cb8e39f9ae50d5d04ada6f9896d86 /src | |
parent | x11 command in profile files (diff) | |
download | firejail-b1de742a08cccb5f3ae7e2a8fa851aa0059c92f4.tar.gz firejail-b1de742a08cccb5f3ae7e2a8fa851aa0059c92f4.tar.zst firejail-b1de742a08cccb5f3ae7e2a8fa851aa0059c92f4.zip |
remove unneeded chown
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/appimage.c | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c index db9382dc3..37e3de5d8 100644 --- a/src/firejail/appimage.c +++ b/src/firejail/appimage.c | |||
@@ -39,15 +39,20 @@ void appimage_set(const char *appimage_path) { | |||
39 | assert(appimage_path); | 39 | assert(appimage_path); |
40 | assert(devloop == NULL); // don't call this twice! | 40 | assert(devloop == NULL); // don't call this twice! |
41 | EUID_ASSERT(); | 41 | EUID_ASSERT(); |
42 | 42 | ||
43 | // check appimage_path | 43 | // check appimage_path |
44 | if (access(appimage_path, R_OK) == -1) { | 44 | if (access(appimage_path, R_OK) == -1) { |
45 | fprintf(stderr, "Error: cannot access AppImage file\n"); | 45 | fprintf(stderr, "Error: cannot access AppImage file\n"); |
46 | exit(1); | 46 | exit(1); |
47 | } | 47 | } |
48 | 48 | ||
49 | // open as user to prevent race condition | ||
50 | int ffd = open(appimage_path, O_RDONLY|O_CLOEXEC); | ||
51 | if (ffd == -1) | ||
52 | errExit("open"); | ||
53 | |||
49 | EUID_ROOT(); | 54 | EUID_ROOT(); |
50 | 55 | ||
51 | // find or allocate a free loop device to use | 56 | // find or allocate a free loop device to use |
52 | int cfd = open("/dev/loop-control", O_RDWR); | 57 | int cfd = open("/dev/loop-control", O_RDWR); |
53 | int devnr = ioctl(cfd, LOOP_CTL_GET_FREE); | 58 | int devnr = ioctl(cfd, LOOP_CTL_GET_FREE); |
@@ -59,7 +64,6 @@ void appimage_set(const char *appimage_path) { | |||
59 | if (asprintf(&devloop, "/dev/loop%d", devnr) == -1) | 64 | if (asprintf(&devloop, "/dev/loop%d", devnr) == -1) |
60 | errExit("asprintf"); | 65 | errExit("asprintf"); |
61 | 66 | ||
62 | int ffd = open(appimage_path, O_RDONLY|O_CLOEXEC); | ||
63 | int lfd = open(devloop, O_RDONLY); | 67 | int lfd = open(devloop, O_RDONLY); |
64 | if (ioctl(lfd, LOOP_SET_FD, ffd) == -1) { | 68 | if (ioctl(lfd, LOOP_SET_FD, ffd) == -1) { |
65 | fprintf(stderr, "Error: cannot configure the loopback device\n"); | 69 | fprintf(stderr, "Error: cannot configure the loopback device\n"); |
@@ -68,22 +72,21 @@ void appimage_set(const char *appimage_path) { | |||
68 | close(lfd); | 72 | close(lfd); |
69 | close(ffd); | 73 | close(ffd); |
70 | 74 | ||
75 | EUID_USER(); | ||
76 | |||
77 | // creates directory with perms 0700 | ||
71 | char dirname[] = "/tmp/firejail-mnt-XXXXXX"; | 78 | char dirname[] = "/tmp/firejail-mnt-XXXXXX"; |
72 | mntdir = strdup(mkdtemp(dirname)); | 79 | mntdir = strdup(mkdtemp(dirname)); |
73 | if (mntdir == NULL) { | 80 | if (mntdir == NULL) { |
74 | fprintf(stderr, "Error: cannot create temporary directory\n"); | 81 | fprintf(stderr, "Error: cannot create temporary directory\n"); |
75 | exit(1); | 82 | exit(1); |
76 | } | 83 | } |
77 | mkdir(mntdir, 755); | ||
78 | if (chown(mntdir, getuid(), getgid()) == -1) | ||
79 | errExit("chown"); | ||
80 | if (chmod(mntdir, 755) == -1) | ||
81 | errExit("chmod"); | ||
82 | 84 | ||
83 | char *mode; | 85 | char *mode; |
84 | if (asprintf(&mode, "mode=755,uid=%d,gid=%d", getuid(), getgid()) == -1) | 86 | if (asprintf(&mode, "mode=700,uid=%d,gid=%d", getuid(), getgid()) == -1) |
85 | errExit("asprintf"); | 87 | errExit("asprintf"); |
86 | 88 | ||
89 | EUID_ROOT(); | ||
87 | if (mount(devloop, mntdir, "iso9660",MS_MGC_VAL|MS_RDONLY, mode) < 0) | 90 | if (mount(devloop, mntdir, "iso9660",MS_MGC_VAL|MS_RDONLY, mode) < 0) |
88 | errExit("mounting appimage"); | 91 | errExit("mounting appimage"); |
89 | 92 | ||