diff options
-rw-r--r-- | src/firejail/fs.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_whitelist.c | 24 | ||||
-rw-r--r-- | src/firejail/x11.c | 2 | ||||
-rw-r--r-- | src/firemon/firemon.h | 3 | ||||
-rw-r--r-- | src/firemon/procevent.c | 4 |
5 files changed, 32 insertions, 3 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 6505177d0..4d2711fcd 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -283,6 +283,8 @@ static void disable_file(OPERATION op, const char *filename) { | |||
283 | 283 | ||
284 | // if the file is not present, do nothing | 284 | // if the file is not present, do nothing |
285 | struct stat s; | 285 | struct stat s; |
286 | if (fname == NULL) | ||
287 | return; | ||
286 | if (stat(fname, &s) == -1) { | 288 | if (stat(fname, &s) == -1) { |
287 | if (arg_debug) | 289 | if (arg_debug) |
288 | printf("Warning: %s does not exist, skipping...\n", fname); | 290 | printf("Warning: %s does not exist, skipping...\n", fname); |
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 99c2e855c..d394ba704 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -651,6 +651,30 @@ void fs_whitelist(void) { | |||
651 | errExit("mount tmpfs"); | 651 | errExit("mount tmpfs"); |
652 | } | 652 | } |
653 | 653 | ||
654 | // mask the real /var directory, currently mounted on RUN_WHITELIST_VAR_DIR | ||
655 | if (var_dir) { | ||
656 | if (mount("tmpfs", RUN_WHITELIST_VAR_DIR, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) | ||
657 | errExit("mount tmpfs"); | ||
658 | } | ||
659 | |||
660 | // mask the real /opt directory, currently mounted on RUN_WHITELIST_OPT_DIR | ||
661 | if (opt_dir) { | ||
662 | if (mount("tmpfs", RUN_WHITELIST_OPT_DIR, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) | ||
663 | errExit("mount tmpfs"); | ||
664 | } | ||
665 | |||
666 | // mask the real /dev directory, currently mounted on RUN_WHITELIST_DEV_DIR | ||
667 | if (dev_dir) { | ||
668 | if (mount("tmpfs", RUN_WHITELIST_DEV_DIR, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) | ||
669 | errExit("mount tmpfs"); | ||
670 | } | ||
671 | |||
672 | // mask the real /media directory, currently mounted on RUN_WHITELIST_MEDIA_DIR | ||
673 | if (media_dir) { | ||
674 | if (mount("tmpfs", RUN_WHITELIST_MEDIA_DIR, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) | ||
675 | errExit("mount tmpfs"); | ||
676 | } | ||
677 | |||
654 | if (new_name) | 678 | if (new_name) |
655 | free(new_name); | 679 | free(new_name); |
656 | 680 | ||
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index e09bb3411..7769503b1 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -47,7 +47,7 @@ int x11_display(void) { | |||
47 | int display; | 47 | int display; |
48 | int rv = sscanf(d, ":%d", &display); | 48 | int rv = sscanf(d, ":%d", &display); |
49 | if (rv != 1) | 49 | if (rv != 1) |
50 | return; | 50 | return -1; |
51 | if (arg_debug) | 51 | if (arg_debug) |
52 | printf("DISPLAY %s, %d\n", d, display); | 52 | printf("DISPLAY %s, %d\n", d, display); |
53 | 53 | ||
diff --git a/src/firemon/firemon.h b/src/firemon/firemon.h index b10c9ce17..522ece077 100644 --- a/src/firemon/firemon.h +++ b/src/firemon/firemon.h | |||
@@ -81,4 +81,7 @@ void tree(pid_t pid); | |||
81 | // netstats.c | 81 | // netstats.c |
82 | void netstats(void); | 82 | void netstats(void); |
83 | 83 | ||
84 | // x11.c | ||
85 | void x11(pid_t pid); | ||
86 | |||
84 | #endif | 87 | #endif |
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c index 6396049e3..71550454a 100644 --- a/src/firemon/procevent.c +++ b/src/firemon/procevent.c | |||
@@ -91,7 +91,7 @@ static int pid_is_firejail(pid_t pid) { | |||
91 | continue; | 91 | continue; |
92 | if (first) { | 92 | if (first) { |
93 | first = 0; | 93 | first = 0; |
94 | start = buffer + i + 1; | 94 | start = (char *) buffer + i + 1; |
95 | continue; | 95 | continue; |
96 | } | 96 | } |
97 | if (strncmp(start, "--", 2) != 0) | 97 | if (strncmp(start, "--", 2) != 0) |
@@ -101,7 +101,7 @@ static int pid_is_firejail(pid_t pid) { | |||
101 | rv = 0; | 101 | rv = 0; |
102 | break; | 102 | break; |
103 | } | 103 | } |
104 | start = buffer + i + 1; | 104 | start = (char *) buffer + i + 1; |
105 | } | 105 | } |
106 | } | 106 | } |
107 | 107 | ||