fixes

author: netblue30 <netblue30@yahoo.com> 2016-11-26 10:25:06 -0500
committer: netblue30 <netblue30@yahoo.com> 2016-11-26 10:25:06 -0500
commit: fa79162b5eada1d0b9daa11ca327d65b42ed1b71 (patch)
tree: cf3ffcb86bf930bbb03c6ac3f57e1677eeaa1ea6 /src
parent: ssh fix (diff)
download: firejail-fa79162b5eada1d0b9daa11ca327d65b42ed1b71.tar.gz
firejail-fa79162b5eada1d0b9daa11ca327d65b42ed1b71.tar.zst
firejail-fa79162b5eada1d0b9daa11ca327d65b42ed1b71.zip
7 files changed, 68 insertions, 60 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index 78c0e5c60..963d95bed 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -185,6 +185,8 @@ int checkcfg(int val) {
                                        exit(1);
                                }
                                
+                                if (netfilter_default)
+                                        goto errout;
                                netfilter_default = strdup(fname);
                                if (!netfilter_default)
                                        errExit("strdup");
@@ -216,6 +218,8 @@ int checkcfg(int val) {
                                
                        // Xephyr command extra parameters
                        else if (strncmp(ptr, "xephyr-extra-params ", 19) == 0) {
+                                if (*xephyr_extra_params != '\0')
+                                        goto errout;
                                xephyr_extra_params = strdup(ptr + 19);
                                if (!xephyr_extra_params)
                                        errExit("strdup");
diff --git a/src/firejail/ls.c b/src/firejail/ls.c
index 86c3a6079..5444ad9c2 100644
--- a/src/firejail/ls.c
+++ b/src/firejail/ls.c
@@ -258,42 +258,35 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) {
                // drop privileges
                drop_privs(0);
+                // check access
                if (access(fname1, R_OK) == -1) {
                        fprintf(stderr, "Error: Cannot access %s\n", fname1);
                        exit(1);
                }
+                char *rp = realpath(fname1, NULL);
+                if (!rp) {
+                        fprintf(stderr, "Error: Cannot access %s\n", fname1);
+                        exit(1);
+                }
+                if (arg_debug)
+                        printf("realpath %s\n", rp);
+                
        
                // list directory contents
                struct stat s;
-                if (stat(fname1, &s) == -1) {
+                if (stat(rp, &s) == -1) {
-                        fprintf(stderr, "Error: Cannot access %s\n", fname1);
+                        fprintf(stderr, "Error: Cannot access %s\n", rp);
                        exit(1);
                }
                if (S_ISDIR(s.st_mode)) {
-                        char *rp = realpath(fname1, NULL);
-                        if (!rp) {
-                                fprintf(stderr, "Error: Cannot access %s\n", fname1);
-                                exit(1);
-                        }
-                        if (arg_debug)
-                                printf("realpath %s\n", rp);
-        
                        char *dir;
                        if (asprintf(&dir, "%s/", rp) == -1)
                                errExit("asprintf");
                        
                        print_directory(dir);
-                        free(rp);
                        free(dir);
                }
                else {
-                        char *rp = realpath(fname1, NULL);
-                        if (!rp) {
-                                fprintf(stderr, "Error: Cannot access %s\n", fname1);
-                                exit(1);
-                        }
-                        if (arg_debug)
-                                printf("realpath %s\n", rp);
                        char *split = strrchr(rp, '/');
                        if (split) {
                                *split = '\0';
@@ -302,8 +295,8 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) {
                                        printf("path %s, file %s\n", rp, rp2);
                                print_file_or_dir(rp, rp2, 1);
                        }
-                        free(rp);
                }
+                free(rp);
        }
        
        // get file from sandbox and store it in the current directory
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 111a1d751..0929347b7 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -2064,8 +2064,7 @@ int main(int argc, char **argv) {
                // command
                //*************************************
                else if (strcmp(argv[i], "--audit") == 0) {
-                        if (asprintf(&arg_audit_prog, "%s/firejail/faudit", LIBDIR) == -1)
+                        arg_audit_prog = LIBDIR "/firejail/faudit";
-                                errExit("asprintf");
                        arg_audit = 1;
                }
                else if (strncmp(argv[i], "--audit=", 8) == 0) {
@@ -2076,6 +2075,12 @@ int main(int argc, char **argv) {
                        arg_audit_prog = strdup(argv[i] + 8);
                        if (!arg_audit_prog)
                                errExit("strdup");
+                        struct stat s;
+                        if (stat(arg_audit_prog, &s) != 0) {
+                                fprintf(stderr, "Error: cannot find the audit program %s\n", arg_audit_prog);
+                                exit(1);
+                        }
                        arg_audit = 1;
                }
                else if (strcmp(argv[i], "--appimage") == 0)
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index ad77caeb2..0a6777fef 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -236,12 +236,15 @@ static int monitor_application(pid_t app_pid) {
                        
                        // todo: make this generic
                        // Dillo browser leaves a dpid process running, we need to shut it down
+                        int found = 0;
                        if (strcmp(cfg.command_name, "dillo") == 0) {
                                char *pidname = pid_proc_comm(pid);
                                if (pidname && strcmp(pidname, "dpid") == 0)
-                                        break;
+                                        found = 1;
                                free(pidname);
                        }
+                        if (found)
+                                break;
                        monitored_pid = pid;
                        break;
@@ -283,11 +286,6 @@ void start_application(void) {
        //****************************************
        if (arg_audit) {
                assert(arg_audit_prog);
-                struct stat s;
-                if (stat(arg_audit_prog, &s) != 0) {
-                        fprintf(stderr, "Error: cannot find the audit program\n");
-                        exit(1);
-                }
                execl(arg_audit_prog, arg_audit_prog, NULL);
        }
        //****************************************
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c
index 4678f366b..dd133b2ba 100644
--- a/src/firejail/seccomp.c
+++ b/src/firejail/seccomp.c
@@ -52,44 +52,53 @@ char *seccomp_check_list(const char *str) {
 int seccomp_load(const char *fname) {
        assert(fname);
+        
+        // open filter file
+        int fd = open(fname, O_RDONLY);
+        if (fd == -1)
+                goto errexit;
-        // check file
+        // calculate the number of entries
-        struct stat s;
+        int size = lseek(fd, 0, SEEK_END);
-        if (stat(fname, &s) == -1) {
+        if (size == -1)
-                fprintf(stderr, "Error: cannot read protocol filter file\n");
+                goto errexit;
-                exit(1);
+        if (lseek(fd, 0 , SEEK_SET) == -1)
-        }
+                goto errexit;
-        int size = s.st_size;
        unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter);
-//printf("size %d, entries %d\n", s.st_size, entries);
+        if (arg_debug)
+                printf("reading %d seccomp entries from %s\n", entries, fname);
        // read filter
-        struct sock_filter filter[entries];
+        struct sock_filter *filter = malloc(size);
+        if (filter == NULL)
+                goto errexit;
        memset(&filter[0], 0, sizeof(filter));
-        int src = open(fname, O_RDONLY);
        int rd = 0;
        while (rd < size) {
-                int rv = read(src, (unsigned char *) filter + rd, size - rd);
+                int rv = read(fd, (unsigned char *) filter + rd, size - rd);
-                if (rv == -1) {
+                if (rv == -1)
-                        fprintf(stderr, "Error: cannot read %s file\n", fname);
+                        goto errexit;
-                        exit(1);
-                }
                rd += rv;
        }
-        close(src);
+        
+        // close file
+        close(fd);
        // install filter
        struct sock_fprog prog = {
                .len = entries,
                .filter = filter,
        };
        if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog) || prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
                fprintf(stderr, "Warning: seccomp disabled, it requires a Linux kernel version 3.5 or newer.\n");
                return 1;
        }
        
        return 0;
+        
+errexit:
+        fprintf(stderr, "Error: cannot read %s\n", fname);
+        exit(1);
 }
 // i386 filter installed on amd64 architectures
diff --git a/src/firemon/x11.c b/src/firemon/x11.c
index b0efb090a..73dc310d3 100644
--- a/src/firemon/x11.c
+++ b/src/firemon/x11.c
@@ -37,20 +37,17 @@ void x11(pid_t pid, int print_procs) {
                        if (asprintf(&x11file, "/run/firejail/x11/%d", i) == -1)
                                errExit("asprintf");
-                        struct stat s;
+                        FILE *fp = fopen(x11file, "r");
-                        if (stat(x11file, &s) == 0) {
+                        if (!fp) {
-                                FILE *fp = fopen(x11file, "r");
+                                free(x11file);
-                                if (!fp) {
+                                continue;
-                                        free(x11file);
-                                        continue;
-                                }
-                                int display;
-                                int rv = fscanf(fp, "%d", &display);
-                                if (rv == 1)
-                                        printf("  DISPLAY :%d\n", display);
-                                fclose(fp);
                        }
+                        int display;
+                        int rv = fscanf(fp, "%d", &display);
+                        if (rv == 1)
+                                printf("  DISPLAY :%d\n", display);
+                        fclose(fp);
                        free(x11file);
                }
        }
diff --git a/src/libtracelog/libtracelog.c b/src/libtracelog/libtracelog.c
index ff884c7d7..ca496d41c 100644
--- a/src/libtracelog/libtracelog.c
+++ b/src/libtracelog/libtracelog.c
@@ -163,9 +163,9 @@ static char *storage_find(const char *str) {
 #define RUN_FSLOGGER_FILE               "/run/firejail/mnt/fslogger"
 #define MAXBUF 4096
 static int blacklist_loaded = 0;
-static char *sandbox_pid_str = 0;
+static char *sandbox_pid_str = NULL;
 static char *sandbox_name_str = NULL;
-void load_blacklist(void) {
+static void load_blacklist(void) {
        if (blacklist_loaded)
                return;
        
@@ -184,13 +184,15 @@ void load_blacklist(void) {
                        char *ptr = strchr(buf, '\n');
                        if (ptr)
                                *ptr = '\0';
-                        sandbox_pid_str = strdup(buf + 13);
+                        if (sandbox_pid_str == NULL)
+                                sandbox_pid_str = strdup(buf + 13);
                }
                else if (strncmp(buf, "sandbox name: ", 14) == 0) {
                        char *ptr = strchr(buf, '\n');
                        if (ptr)
                                *ptr = '\0';
-                        sandbox_name_str = strdup(buf + 14);
+                        if (sandbox_name_str == NULL);
+                                sandbox_name_str = strdup(buf + 14);
                }
                else if (strncmp(buf, "blacklist ", 10) == 0) {
                        char *ptr = strchr(buf, '\n');
author	netblue30 <netblue30@yahoo.com>	2016-11-26 10:25:06 -0500
committer	netblue30 <netblue30@yahoo.com>	2016-11-26 10:25:06 -0500
commit	fa79162b5eada1d0b9daa11ca327d65b42ed1b71 (patch)
tree	cf3ffcb86bf930bbb03c6ac3f57e1677eeaa1ea6 /src
parent	ssh fix (diff)
download	firejail-fa79162b5eada1d0b9daa11ca327d65b42ed1b71.tar.gz firejail-fa79162b5eada1d0b9daa11ca327d65b42ed1b71.tar.zst firejail-fa79162b5eada1d0b9daa11ca327d65b42ed1b71.zip

diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 78c0e5c60..963d95bed 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c
@@ -185,6 +185,8 @@ int checkcfg(int val) {
185	exit(1);	185	exit(1);
186	}	186	}
187		187
		188	if (netfilter_default)
		189	goto errout;
188	netfilter_default = strdup(fname);	190	netfilter_default = strdup(fname);
189	if (!netfilter_default)	191	if (!netfilter_default)
190	errExit("strdup");	192	errExit("strdup");
@@ -216,6 +218,8 @@ int checkcfg(int val) {
216		218
217	// Xephyr command extra parameters	219	// Xephyr command extra parameters
218	else if (strncmp(ptr, "xephyr-extra-params ", 19) == 0) {	220	else if (strncmp(ptr, "xephyr-extra-params ", 19) == 0) {
		221	if (*xephyr_extra_params != '\0')
		222	goto errout;
219	xephyr_extra_params = strdup(ptr + 19);	223	xephyr_extra_params = strdup(ptr + 19);
220	if (!xephyr_extra_params)	224	if (!xephyr_extra_params)
221	errExit("strdup");	225	errExit("strdup");


diff --git a/src/firejail/ls.c b/src/firejail/ls.c index 86c3a6079..5444ad9c2 100644 --- a/src/firejail/ls.c +++ b/src/firejail/ls.c
@@ -258,42 +258,35 @@ void sandboxfs(int op, pid_t pid, const char path1, const char path2) {
258	// drop privileges	258	// drop privileges
259	drop_privs(0);	259	drop_privs(0);
260		260
		261	// check access
261	if (access(fname1, R_OK) == -1) {	262	if (access(fname1, R_OK) == -1) {
262	fprintf(stderr, "Error: Cannot access %s\n", fname1);	263	fprintf(stderr, "Error: Cannot access %s\n", fname1);
263	exit(1);	264	exit(1);
264	}	265	}
		266	char *rp = realpath(fname1, NULL);
		267	if (!rp) {
		268	fprintf(stderr, "Error: Cannot access %s\n", fname1);
		269	exit(1);
		270	}
		271	if (arg_debug)
		272	printf("realpath %s\n", rp);
		273
265		274
266	// list directory contents	275	// list directory contents
267	struct stat s;	276	struct stat s;
268	if (stat(fname1, &s) == -1) {	277	if (stat(rp, &s) == -1) {
269	fprintf(stderr, "Error: Cannot access %s\n", fname1);	278	fprintf(stderr, "Error: Cannot access %s\n", rp);
270	exit(1);	279	exit(1);
271	}	280	}
272	if (S_ISDIR(s.st_mode)) {	281	if (S_ISDIR(s.st_mode)) {
273	char *rp = realpath(fname1, NULL);
274	if (!rp) {
275	fprintf(stderr, "Error: Cannot access %s\n", fname1);
276	exit(1);
277	}
278	if (arg_debug)
279	printf("realpath %s\n", rp);
280
281	char *dir;	282	char *dir;
282	if (asprintf(&dir, "%s/", rp) == -1)	283	if (asprintf(&dir, "%s/", rp) == -1)
283	errExit("asprintf");	284	errExit("asprintf");
284		285
285	print_directory(dir);	286	print_directory(dir);
286	free(rp);
287	free(dir);	287	free(dir);
288	}	288	}
289	else {	289	else {
290	char *rp = realpath(fname1, NULL);
291	if (!rp) {
292	fprintf(stderr, "Error: Cannot access %s\n", fname1);
293	exit(1);
294	}
295	if (arg_debug)
296	printf("realpath %s\n", rp);
297	char *split = strrchr(rp, '/');	290	char *split = strrchr(rp, '/');
298	if (split) {	291	if (split) {
299	*split = '\0';	292	*split = '\0';
@@ -302,8 +295,8 @@ void sandboxfs(int op, pid_t pid, const char path1, const char path2) {
302	printf("path %s, file %s\n", rp, rp2);	295	printf("path %s, file %s\n", rp, rp2);
303	print_file_or_dir(rp, rp2, 1);	296	print_file_or_dir(rp, rp2, 1);
304	}	297	}
305	free(rp);
306	}	298	}
		299	free(rp);
307	}	300	}
308		301
309	// get file from sandbox and store it in the current directory	302	// get file from sandbox and store it in the current directory


diff --git a/src/firejail/main.c b/src/firejail/main.c index 111a1d751..0929347b7 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -2064,8 +2064,7 @@ int main(int argc, char **argv) {
2064	// command	2064	// command
2065	//*************************************	2065	//*************************************
2066	else if (strcmp(argv[i], "--audit") == 0) {	2066	else if (strcmp(argv[i], "--audit") == 0) {
2067	if (asprintf(&arg_audit_prog, "%s/firejail/faudit", LIBDIR) == -1)	2067	arg_audit_prog = LIBDIR "/firejail/faudit";
2068	errExit("asprintf");
2069	arg_audit = 1;	2068	arg_audit = 1;
2070	}	2069	}
2071	else if (strncmp(argv[i], "--audit=", 8) == 0) {	2070	else if (strncmp(argv[i], "--audit=", 8) == 0) {
@@ -2076,6 +2075,12 @@ int main(int argc, char **argv) {
2076	arg_audit_prog = strdup(argv[i] + 8);	2075	arg_audit_prog = strdup(argv[i] + 8);
2077	if (!arg_audit_prog)	2076	if (!arg_audit_prog)
2078	errExit("strdup");	2077	errExit("strdup");
		2078
		2079	struct stat s;
		2080	if (stat(arg_audit_prog, &s) != 0) {
		2081	fprintf(stderr, "Error: cannot find the audit program %s\n", arg_audit_prog);
		2082	exit(1);
		2083	}
2079	arg_audit = 1;	2084	arg_audit = 1;
2080	}	2085	}
2081	else if (strcmp(argv[i], "--appimage") == 0)	2086	else if (strcmp(argv[i], "--appimage") == 0)


diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index ad77caeb2..0a6777fef 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c
@@ -236,12 +236,15 @@ static int monitor_application(pid_t app_pid) {
236		236
237	// todo: make this generic	237	// todo: make this generic
238	// Dillo browser leaves a dpid process running, we need to shut it down	238	// Dillo browser leaves a dpid process running, we need to shut it down
		239	int found = 0;
239	if (strcmp(cfg.command_name, "dillo") == 0) {	240	if (strcmp(cfg.command_name, "dillo") == 0) {
240	char *pidname = pid_proc_comm(pid);	241	char *pidname = pid_proc_comm(pid);
241	if (pidname && strcmp(pidname, "dpid") == 0)	242	if (pidname && strcmp(pidname, "dpid") == 0)
242	break;	243	found = 1;
243	free(pidname);	244	free(pidname);
244	}	245	}
		246	if (found)
		247	break;
245		248
246	monitored_pid = pid;	249	monitored_pid = pid;
247	break;	250	break;
@@ -283,11 +286,6 @@ void start_application(void) {
283	//****************************************	286	//****************************************
284	if (arg_audit) {	287	if (arg_audit) {
285	assert(arg_audit_prog);	288	assert(arg_audit_prog);
286	struct stat s;
287	if (stat(arg_audit_prog, &s) != 0) {
288	fprintf(stderr, "Error: cannot find the audit program\n");
289	exit(1);
290	}
291	execl(arg_audit_prog, arg_audit_prog, NULL);	289	execl(arg_audit_prog, arg_audit_prog, NULL);
292	}	290	}
293	//****************************************	291	//****************************************


diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c index 4678f366b..dd133b2ba 100644 --- a/src/firejail/seccomp.c +++ b/src/firejail/seccomp.c
@@ -52,44 +52,53 @@ char seccomp_check_list(const char str) {
52		52
53	int seccomp_load(const char *fname) {	53	int seccomp_load(const char *fname) {
54	assert(fname);	54	assert(fname);
		55
		56	// open filter file
		57	int fd = open(fname, O_RDONLY);
		58	if (fd == -1)
		59	goto errexit;
55		60
56	// check file	61	// calculate the number of entries
57	struct stat s;	62	int size = lseek(fd, 0, SEEK_END);
58	if (stat(fname, &s) == -1) {	63	if (size == -1)
59	fprintf(stderr, "Error: cannot read protocol filter file\n");	64	goto errexit;
60	exit(1);	65	if (lseek(fd, 0 , SEEK_SET) == -1)
61	}	66	goto errexit;
62	int size = s.st_size;
63	unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter);	67	unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter);
64	//printf("size %d, entries %d\n", s.st_size, entries);	68	if (arg_debug)
		69	printf("reading %d seccomp entries from %s\n", entries, fname);
65		70
66	// read filter	71	// read filter
67	struct sock_filter filter[entries];	72	struct sock_filter *filter = malloc(size);
		73	if (filter == NULL)
		74	goto errexit;
68	memset(&filter[0], 0, sizeof(filter));	75	memset(&filter[0], 0, sizeof(filter));
69	int src = open(fname, O_RDONLY);
70	int rd = 0;	76	int rd = 0;
71	while (rd < size) {	77	while (rd < size) {
72	int rv = read(src, (unsigned char *) filter + rd, size - rd);	78	int rv = read(fd, (unsigned char *) filter + rd, size - rd);
73	if (rv == -1) {	79	if (rv == -1)
74	fprintf(stderr, "Error: cannot read %s file\n", fname);	80	goto errexit;
75	exit(1);
76	}
77	rd += rv;	81	rd += rv;
78	}	82	}
79	close(src);	83
		84	// close file
		85	close(fd);
80		86
81	// install filter	87	// install filter
82	struct sock_fprog prog = {	88	struct sock_fprog prog = {
83	.len = entries,	89	.len = entries,
84	.filter = filter,	90	.filter = filter,
85	};	91	};
86
87	if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog) \|\| prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {	92	if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog) \|\| prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
88	fprintf(stderr, "Warning: seccomp disabled, it requires a Linux kernel version 3.5 or newer.\n");	93	fprintf(stderr, "Warning: seccomp disabled, it requires a Linux kernel version 3.5 or newer.\n");
89	return 1;	94	return 1;
90	}	95	}
91		96
92	return 0;	97	return 0;
		98
		99	errexit:
		100	fprintf(stderr, "Error: cannot read %s\n", fname);
		101	exit(1);
93	}	102	}
94		103
95	// i386 filter installed on amd64 architectures	104	// i386 filter installed on amd64 architectures


diff --git a/src/firemon/x11.c b/src/firemon/x11.c index b0efb090a..73dc310d3 100644 --- a/src/firemon/x11.c +++ b/src/firemon/x11.c
@@ -37,20 +37,17 @@ void x11(pid_t pid, int print_procs) {
37	if (asprintf(&x11file, "/run/firejail/x11/%d", i) == -1)	37	if (asprintf(&x11file, "/run/firejail/x11/%d", i) == -1)
38	errExit("asprintf");	38	errExit("asprintf");
39		39
40	struct stat s;	40	FILE *fp = fopen(x11file, "r");
41	if (stat(x11file, &s) == 0) {	41	if (!fp) {
42	FILE *fp = fopen(x11file, "r");	42	free(x11file);
43	if (!fp) {	43	continue;
44	free(x11file);
45	continue;
46	}
47	int display;
48	int rv = fscanf(fp, "%d", &display);
49	if (rv == 1)
50	printf(" DISPLAY :%d\n", display);
51	fclose(fp);
52	}	44	}
53		45
		46	int display;
		47	int rv = fscanf(fp, "%d", &display);
		48	if (rv == 1)
		49	printf(" DISPLAY :%d\n", display);
		50	fclose(fp);
54	free(x11file);	51	free(x11file);
55	}	52	}
56	}	53	}


diff --git a/src/libtracelog/libtracelog.c b/src/libtracelog/libtracelog.c index ff884c7d7..ca496d41c 100644 --- a/src/libtracelog/libtracelog.c +++ b/src/libtracelog/libtracelog.c
@@ -163,9 +163,9 @@ static char storage_find(const char str) {
163	#define RUN_FSLOGGER_FILE "/run/firejail/mnt/fslogger"	163	#define RUN_FSLOGGER_FILE "/run/firejail/mnt/fslogger"
164	#define MAXBUF 4096	164	#define MAXBUF 4096
165	static int blacklist_loaded = 0;	165	static int blacklist_loaded = 0;
166	static char *sandbox_pid_str = 0;	166	static char *sandbox_pid_str = NULL;
167	static char *sandbox_name_str = NULL;	167	static char *sandbox_name_str = NULL;
168	void load_blacklist(void) {	168	static void load_blacklist(void) {
169	if (blacklist_loaded)	169	if (blacklist_loaded)
170	return;	170	return;
171		171
@@ -184,13 +184,15 @@ void load_blacklist(void) {
184	char *ptr = strchr(buf, '\n');	184	char *ptr = strchr(buf, '\n');
185	if (ptr)	185	if (ptr)
186	*ptr = '\0';	186	*ptr = '\0';
187	sandbox_pid_str = strdup(buf + 13);	187	if (sandbox_pid_str == NULL)
		188	sandbox_pid_str = strdup(buf + 13);
188	}	189	}
189	else if (strncmp(buf, "sandbox name: ", 14) == 0) {	190	else if (strncmp(buf, "sandbox name: ", 14) == 0) {
190	char *ptr = strchr(buf, '\n');	191	char *ptr = strchr(buf, '\n');
191	if (ptr)	192	if (ptr)
192	*ptr = '\0';	193	*ptr = '\0';
193	sandbox_name_str = strdup(buf + 14);	194	if (sandbox_name_str == NULL);
		195	sandbox_name_str = strdup(buf + 14);
194	}	196	}
195	else if (strncmp(buf, "blacklist ", 10) == 0) {	197	else if (strncmp(buf, "blacklist ", 10) == 0) {
196	char *ptr = strchr(buf, '\n');	198	char *ptr = strchr(buf, '\n');