firecfg fixes

author: netblue30 <netblue30@yahoo.com> 2017-04-25 10:08:45 -0400
committer: netblue30 <netblue30@yahoo.com> 2017-04-25 10:08:45 -0400
commit: d4827db063abce8100817079c8fc0bb2b21429ce (patch)
tree: a9c114d6dcac1aa3fd2aea5c5e1bb74a53a9f1b9 /src
parent: Merge branch 'master' of https://github.com/netblue30/firejail (diff)
download: firejail-d4827db063abce8100817079c8fc0bb2b21429ce.tar.gz
firejail-d4827db063abce8100817079c8fc0bb2b21429ce.tar.zst
firejail-d4827db063abce8100817079c8fc0bb2b21429ce.zip
1 files changed, 38 insertions, 7 deletions
diff --git a/src/firecfg/main.c b/src/firecfg/main.c
index 04ccbf2c3..7d63cb848 100644
--- a/src/firecfg/main.c
+++ b/src/firecfg/main.c
@@ -26,6 +26,7 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <unistd.h>
+#include <grp.h>
 #include <string.h>
 #include <errno.h>
 #include <sys/mman.h>
@@ -287,6 +288,25 @@ static void set_links(void) {
        free(firejail_exec);
 }
+int have_profile(const char *filename) {
+        // remove .desktop extension
+        char *f1 = strdup(filename);
+        if (!f1)
+                errExit("strdup");      
+        f1[strlen(filename) - 8] = '\0';
+        // build profile name
+        char *profname;
+        if (asprintf(&profname, "%s/%s.profile", SYSCONFDIR, f1) == -1)
+                errExit("asprintf");
+        struct stat s;
+        int rv = stat(profname, &s);
+        free(f1);
+        free(profname);
+        return (rv == 0)? 1: 0;
+}
 static void fix_desktop_files(char *homedir) {
        assert(homedir);
        struct stat sb;
@@ -324,7 +344,7 @@ static void fix_desktop_files(char *homedir) {
                exit(1);
        }
-        printf("\nFixing desktop files in ~/.local/shared/applications\n");
+        printf("\nFixing desktop files in %s\n", user_apps_dir);
        // copy
        struct dirent *entry;
        while ((entry = readdir(dir)) != NULL) {
@@ -348,6 +368,10 @@ static void fix_desktop_files(char *homedir) {
                if (stat(filename, &sb) == -1)
                        errExit("stat");
+                // no profile in /etc/firejail, no desktop file fixing
+                if (!have_profile(filename))
+                        continue;
                /* coverity[toctou] */
                int fd = open(filename, O_RDONLY);
                if (fd == -1)
@@ -501,17 +525,24 @@ int main(int argc, char **argv) {
        // switch to the local user, and fix desktop files
        char *user = getlogin();
-        if (!user)
+        if (!user) {
-                goto errexit;
+                user = getenv("SUDO_USER");
+                if (!user) {
+                        goto errexit;
+                }
+        }
        if (user) {
                // find home directory
                struct passwd *pw = getpwnam(user);
-                if (!pw)
+                if (!pw) {
                        goto errexit;
+                }
                char *home = pw->pw_dir;
-                if (!home)
+                if (!home) {
                        goto errexit;
-                        
+                }
                // drop permissions
                if (setgroups(0, NULL) < 0)
                        errExit("setgroups");
@@ -528,7 +559,7 @@ int main(int argc, char **argv) {
        return 0;
 errexit:
-        fprintf(stderr, "Error: cannot set desktop files in ~/.local/share/applications\n");
+        fprintf(stderr, "Error: cannot detect login user in order to set desktop files in ~/.local/share/applications\n");
        return 1;
 }
author	netblue30 <netblue30@yahoo.com>	2017-04-25 10:08:45 -0400
committer	netblue30 <netblue30@yahoo.com>	2017-04-25 10:08:45 -0400
commit	d4827db063abce8100817079c8fc0bb2b21429ce (patch)
tree	a9c114d6dcac1aa3fd2aea5c5e1bb74a53a9f1b9 /src
parent	Merge branch 'master' of https://github.com/netblue30/firejail (diff)
download	firejail-d4827db063abce8100817079c8fc0bb2b21429ce.tar.gz firejail-d4827db063abce8100817079c8fc0bb2b21429ce.tar.zst firejail-d4827db063abce8100817079c8fc0bb2b21429ce.zip

diff --git a/src/firecfg/main.c b/src/firecfg/main.c index 04ccbf2c3..7d63cb848 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c
@@ -26,6 +26,7 @@
26	#include <sys/stat.h>	26	#include <sys/stat.h>
27	#include <fcntl.h>	27	#include <fcntl.h>
28	#include <unistd.h>	28	#include <unistd.h>
		29	#include <grp.h>
29	#include <string.h>	30	#include <string.h>
30	#include <errno.h>	31	#include <errno.h>
31	#include <sys/mman.h>	32	#include <sys/mman.h>
@@ -287,6 +288,25 @@ static void set_links(void) {
287	free(firejail_exec);	288	free(firejail_exec);
288	}	289	}
289		290
		291	int have_profile(const char *filename) {
		292	// remove .desktop extension
		293	char *f1 = strdup(filename);
		294	if (!f1)
		295	errExit("strdup");
		296	f1[strlen(filename) - 8] = '\0';
		297
		298	// build profile name
		299	char *profname;
		300	if (asprintf(&profname, "%s/%s.profile", SYSCONFDIR, f1) == -1)
		301	errExit("asprintf");
		302
		303	struct stat s;
		304	int rv = stat(profname, &s);
		305	free(f1);
		306	free(profname);
		307	return (rv == 0)? 1: 0;
		308	}
		309
290	static void fix_desktop_files(char *homedir) {	310	static void fix_desktop_files(char *homedir) {
291	assert(homedir);	311	assert(homedir);
292	struct stat sb;	312	struct stat sb;
@@ -324,7 +344,7 @@ static void fix_desktop_files(char *homedir) {
324	exit(1);	344	exit(1);
325	}	345	}
326		346
327	printf("\nFixing desktop files in ~/.local/shared/applications\n");	347	printf("\nFixing desktop files in %s\n", user_apps_dir);
328	// copy	348	// copy
329	struct dirent *entry;	349	struct dirent *entry;
330	while ((entry = readdir(dir)) != NULL) {	350	while ((entry = readdir(dir)) != NULL) {
@@ -348,6 +368,10 @@ static void fix_desktop_files(char *homedir) {
348	if (stat(filename, &sb) == -1)	368	if (stat(filename, &sb) == -1)
349	errExit("stat");	369	errExit("stat");
350		370
		371	// no profile in /etc/firejail, no desktop file fixing
		372	if (!have_profile(filename))
		373	continue;
		374
351	/* coverity[toctou] */	375	/* coverity[toctou] */
352	int fd = open(filename, O_RDONLY);	376	int fd = open(filename, O_RDONLY);
353	if (fd == -1)	377	if (fd == -1)
@@ -501,17 +525,24 @@ int main(int argc, char **argv) {
501		525
502	// switch to the local user, and fix desktop files	526	// switch to the local user, and fix desktop files
503	char *user = getlogin();	527	char *user = getlogin();
504	if (!user)	528	if (!user) {
505	goto errexit;	529	user = getenv("SUDO_USER");
		530	if (!user) {
		531	goto errexit;
		532	}
		533	}
		534
506	if (user) {	535	if (user) {
507	// find home directory	536	// find home directory
508	struct passwd *pw = getpwnam(user);	537	struct passwd *pw = getpwnam(user);
509	if (!pw)	538	if (!pw) {
510	goto errexit;	539	goto errexit;
		540	}
511	char *home = pw->pw_dir;	541	char *home = pw->pw_dir;
512	if (!home)	542	if (!home) {
513	goto errexit;	543	goto errexit;
514		544	}
		545
515	// drop permissions	546	// drop permissions
516	if (setgroups(0, NULL) < 0)	547	if (setgroups(0, NULL) < 0)
517	errExit("setgroups");	548	errExit("setgroups");
@@ -528,7 +559,7 @@ int main(int argc, char **argv) {
528	return 0;	559	return 0;
529		560
530	errexit:	561	errexit:
531	fprintf(stderr, "Error: cannot set desktop files in ~/.local/share/applications\n");	562	fprintf(stderr, "Error: cannot detect login user in order to set desktop files in ~/.local/share/applications\n");
532	return 1;	563	return 1;
533	}	564	}
534		565