diff options
-rw-r--r-- | src/firejail/fs.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_home.c | 14 | ||||
-rw-r--r-- | src/firejail/ls.c | 8 | ||||
-rw-r--r-- | src/firejail/preproc.c | 8 | ||||
-rw-r--r-- | src/firejail/pulseaudio.c | 2 | ||||
-rw-r--r-- | src/firejail/util.c | 2 |
6 files changed, 18 insertions, 18 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index e2fc09533..0c643af4a 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -1129,7 +1129,7 @@ void fs_chroot(const char *rootdir) { | |||
1129 | fprintf(stderr, "Error: invalid %s file\n", fname); | 1129 | fprintf(stderr, "Error: invalid %s file\n", fname); |
1130 | exit(1); | 1130 | exit(1); |
1131 | } | 1131 | } |
1132 | if (copy_file("/etc/resolv.conf", fname, 0, 0, 0644) == -1) | 1132 | if (copy_file("/etc/resolv.conf", fname, 0, 0, 0644) == -1) // root needed |
1133 | fprintf(stderr, "Warning: /etc/resolv.conf not initialized\n"); | 1133 | fprintf(stderr, "Warning: /etc/resolv.conf not initialized\n"); |
1134 | } | 1134 | } |
1135 | 1135 | ||
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index e4b19d5cc..8a52314ed 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -47,7 +47,7 @@ static void skel(const char *homedir, uid_t u, gid_t g) { | |||
47 | exit(1); | 47 | exit(1); |
48 | } | 48 | } |
49 | if (stat("/etc/skel/.zshrc", &s) == 0) { | 49 | if (stat("/etc/skel/.zshrc", &s) == 0) { |
50 | copy_file_as_user("/etc/skel/.zshrc", fname, u, g, 0644); | 50 | copy_file_as_user("/etc/skel/.zshrc", fname, u, g, 0644); // regular user |
51 | fs_logger("clone /etc/skel/.zshrc"); | 51 | fs_logger("clone /etc/skel/.zshrc"); |
52 | } | 52 | } |
53 | else { | 53 | else { |
@@ -71,7 +71,7 @@ static void skel(const char *homedir, uid_t u, gid_t g) { | |||
71 | exit(1); | 71 | exit(1); |
72 | } | 72 | } |
73 | if (stat("/etc/skel/.cshrc", &s) == 0) { | 73 | if (stat("/etc/skel/.cshrc", &s) == 0) { |
74 | copy_file_as_user("/etc/skel/.cshrc", fname, u, g, 0644); | 74 | copy_file_as_user("/etc/skel/.cshrc", fname, u, g, 0644); // regular user |
75 | fs_logger("clone /etc/skel/.cshrc"); | 75 | fs_logger("clone /etc/skel/.cshrc"); |
76 | } | 76 | } |
77 | else { | 77 | else { |
@@ -94,7 +94,7 @@ static void skel(const char *homedir, uid_t u, gid_t g) { | |||
94 | exit(1); | 94 | exit(1); |
95 | } | 95 | } |
96 | if (stat("/etc/skel/.bashrc", &s) == 0) { | 96 | if (stat("/etc/skel/.bashrc", &s) == 0) { |
97 | copy_file_as_user("/etc/skel/.bashrc", fname, u, g, 0644); | 97 | copy_file_as_user("/etc/skel/.bashrc", fname, u, g, 0644); // regular user |
98 | fs_logger("clone /etc/skel/.bashrc"); | 98 | fs_logger("clone /etc/skel/.bashrc"); |
99 | } | 99 | } |
100 | free(fname); | 100 | free(fname); |
@@ -123,7 +123,7 @@ static int store_xauthority(void) { | |||
123 | return 0; | 123 | return 0; |
124 | } | 124 | } |
125 | 125 | ||
126 | copy_file_as_user(src, dest, getuid(), getgid(), 0600); | 126 | copy_file_as_user(src, dest, getuid(), getgid(), 0600); // regular user |
127 | fs_logger2("clone", dest); | 127 | fs_logger2("clone", dest); |
128 | return 1; // file copied | 128 | return 1; // file copied |
129 | } | 129 | } |
@@ -163,7 +163,7 @@ static int store_asoundrc(void) { | |||
163 | free(rp); | 163 | free(rp); |
164 | } | 164 | } |
165 | 165 | ||
166 | copy_file_as_user(src, dest, getuid(), getgid(), 0644); | 166 | copy_file_as_user(src, dest, getuid(), getgid(), 0644); // regular user |
167 | fs_logger2("clone", dest); | 167 | fs_logger2("clone", dest); |
168 | return 1; // file copied | 168 | return 1; // file copied |
169 | } | 169 | } |
@@ -184,7 +184,7 @@ static void copy_xauthority(void) { | |||
184 | exit(1); | 184 | exit(1); |
185 | } | 185 | } |
186 | 186 | ||
187 | copy_file_as_user(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR); | 187 | copy_file_as_user(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR); // regular user |
188 | fs_logger2("clone", dest); | 188 | fs_logger2("clone", dest); |
189 | 189 | ||
190 | // delete the temporary file | 190 | // delete the temporary file |
@@ -204,7 +204,7 @@ static void copy_asoundrc(void) { | |||
204 | exit(1); | 204 | exit(1); |
205 | } | 205 | } |
206 | 206 | ||
207 | copy_file_as_user(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR); | 207 | copy_file_as_user(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR); // regular user |
208 | fs_logger2("clone", dest); | 208 | fs_logger2("clone", dest); |
209 | 209 | ||
210 | // delete the temporary file | 210 | // delete the temporary file |
diff --git a/src/firejail/ls.c b/src/firejail/ls.c index 77eb35f97..1af56751a 100644 --- a/src/firejail/ls.c +++ b/src/firejail/ls.c | |||
@@ -336,7 +336,7 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { | |||
336 | drop_privs(0); | 336 | drop_privs(0); |
337 | 337 | ||
338 | // copy the file | 338 | // copy the file |
339 | if (copy_file(src_fname, tmp_fname, getuid(), getgid(), 0600)) | 339 | if (copy_file(src_fname, tmp_fname, getuid(), getgid(), 0600)) // already a regular user |
340 | _exit(1); | 340 | _exit(1); |
341 | #ifdef HAVE_GCOV | 341 | #ifdef HAVE_GCOV |
342 | __gcov_flush(); | 342 | __gcov_flush(); |
@@ -362,7 +362,7 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { | |||
362 | drop_privs(0); | 362 | drop_privs(0); |
363 | 363 | ||
364 | // copy the file | 364 | // copy the file |
365 | if (copy_file(tmp_fname, dest_fname, getuid(), getgid(), 0600)) | 365 | if (copy_file(tmp_fname, dest_fname, getuid(), getgid(), 0600)) // already a regular user |
366 | _exit(1); | 366 | _exit(1); |
367 | #ifdef HAVE_GCOV | 367 | #ifdef HAVE_GCOV |
368 | __gcov_flush(); | 368 | __gcov_flush(); |
@@ -411,7 +411,7 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { | |||
411 | drop_privs(0); | 411 | drop_privs(0); |
412 | 412 | ||
413 | // copy the file | 413 | // copy the file |
414 | if (copy_file(src_fname, tmp_fname, getuid(), getgid(), 0600)) | 414 | if (copy_file(src_fname, tmp_fname, getuid(), getgid(), 0600)) // already a regular user |
415 | _exit(1); | 415 | _exit(1); |
416 | #ifdef HAVE_GCOV | 416 | #ifdef HAVE_GCOV |
417 | __gcov_flush(); | 417 | __gcov_flush(); |
@@ -443,7 +443,7 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { | |||
443 | drop_privs(0); | 443 | drop_privs(0); |
444 | 444 | ||
445 | // copy the file | 445 | // copy the file |
446 | if (copy_file(tmp_fname, dest_fname, getuid(), getgid(), 0600)) | 446 | if (copy_file(tmp_fname, dest_fname, getuid(), getgid(), 0600)) // already a regular user |
447 | _exit(1); | 447 | _exit(1); |
448 | #ifdef HAVE_GCOV | 448 | #ifdef HAVE_GCOV |
449 | __gcov_flush(); | 449 | __gcov_flush(); |
diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c index d2db7d3dd..e17f39caa 100644 --- a/src/firejail/preproc.c +++ b/src/firejail/preproc.c | |||
@@ -76,12 +76,12 @@ void preproc_mount_mnt_dir(void) { | |||
76 | fs_logger2("tmpfs", RUN_MNT_DIR); | 76 | fs_logger2("tmpfs", RUN_MNT_DIR); |
77 | 77 | ||
78 | //copy defaultl seccomp files | 78 | //copy defaultl seccomp files |
79 | copy_file(PATH_SECCOMP_I386, RUN_SECCOMP_I386, getuid(), getgid(), 0644); | 79 | copy_file(PATH_SECCOMP_I386, RUN_SECCOMP_I386, getuid(), getgid(), 0644); // root needed |
80 | copy_file(PATH_SECCOMP_AMD64, RUN_SECCOMP_AMD64, getuid(), getgid(), 0644); | 80 | copy_file(PATH_SECCOMP_AMD64, RUN_SECCOMP_AMD64, getuid(), getgid(), 0644); // root needed |
81 | if (arg_allow_debuggers) | 81 | if (arg_allow_debuggers) |
82 | copy_file(PATH_SECCOMP_DEFAULT_DEBUG, RUN_SECCOMP_CFG, getuid(), getgid(), 0644); | 82 | copy_file(PATH_SECCOMP_DEFAULT_DEBUG, RUN_SECCOMP_CFG, getuid(), getgid(), 0644); // root needed |
83 | else | 83 | else |
84 | copy_file(PATH_SECCOMP_DEFAULT, RUN_SECCOMP_CFG, getuid(), getgid(), 0644); | 84 | copy_file(PATH_SECCOMP_DEFAULT, RUN_SECCOMP_CFG, getuid(), getgid(), 0644); // root needed |
85 | 85 | ||
86 | // as root, create an empty RUN_SECCOMP_PROTOCOL file | 86 | // as root, create an empty RUN_SECCOMP_PROTOCOL file |
87 | create_empty_file_as_root(RUN_SECCOMP_PROTOCOL, 0644); | 87 | create_empty_file_as_root(RUN_SECCOMP_PROTOCOL, 0644); |
diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c index f0f95a80e..4ec84ec61 100644 --- a/src/firejail/pulseaudio.c +++ b/src/firejail/pulseaudio.c | |||
@@ -114,7 +114,7 @@ void pulseaudio_init(void) { | |||
114 | char *pulsecfg = NULL; | 114 | char *pulsecfg = NULL; |
115 | if (asprintf(&pulsecfg, "%s/client.conf", RUN_PULSE_DIR) == -1) | 115 | if (asprintf(&pulsecfg, "%s/client.conf", RUN_PULSE_DIR) == -1) |
116 | errExit("asprintf"); | 116 | errExit("asprintf"); |
117 | if (copy_file("/etc/pulse/client.conf", pulsecfg, -1, -1, 0644)) | 117 | if (copy_file("/etc/pulse/client.conf", pulsecfg, -1, -1, 0644)) // root needed |
118 | errExit("copy_file"); | 118 | errExit("copy_file"); |
119 | FILE *fp = fopen(pulsecfg, "a+"); | 119 | FILE *fp = fopen(pulsecfg, "a+"); |
120 | if (!fp) | 120 | if (!fp) |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 2d3563093..763e6b58b 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -229,7 +229,7 @@ void copy_file_as_user(const char *srcname, const char *destname, uid_t uid, gid | |||
229 | drop_privs(0); | 229 | drop_privs(0); |
230 | 230 | ||
231 | // copy, set permissions and ownership | 231 | // copy, set permissions and ownership |
232 | int rv = copy_file(srcname, destname, uid, gid, mode); | 232 | int rv = copy_file(srcname, destname, uid, gid, mode); // already a regular user |
233 | if (rv) | 233 | if (rv) |
234 | fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n"); | 234 | fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n"); |
235 | #ifdef HAVE_GCOV | 235 | #ifdef HAVE_GCOV |