diff options
-rw-r--r-- | src/firejail/firejail.h | 3 | ||||
-rw-r--r-- | src/firejail/fs_trace.c | 31 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 11 |
3 files changed, 28 insertions, 17 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 90cb2952b..730c37aed 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -621,7 +621,8 @@ void caps_print_filter(pid_t pid) __attribute__((noreturn)); | |||
621 | void caps_drop_dac_override(void); | 621 | void caps_drop_dac_override(void); |
622 | 622 | ||
623 | // fs_trace.c | 623 | // fs_trace.c |
624 | void fs_trace_preload(void); | 624 | void fs_trace_touch_preload(void); |
625 | void fs_trace_touch_or_store_preload(void); | ||
625 | void fs_tracefile(void); | 626 | void fs_tracefile(void); |
626 | void fs_trace(void); | 627 | void fs_trace(void); |
627 | 628 | ||
diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c index 475a391ec..718786cdc 100644 --- a/src/firejail/fs_trace.c +++ b/src/firejail/fs_trace.c | |||
@@ -26,19 +26,26 @@ | |||
26 | #include <fcntl.h> | 26 | #include <fcntl.h> |
27 | #include <pwd.h> | 27 | #include <pwd.h> |
28 | 28 | ||
29 | void fs_trace_preload(void) { | 29 | // create an empty /etc/ld.so.preload |
30 | void fs_trace_touch_preload(void) { | ||
31 | create_empty_file_as_root("/etc/ld.so.preload", S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); | ||
32 | } | ||
33 | |||
34 | void fs_trace_touch_or_store_preload(void) { | ||
30 | struct stat s; | 35 | struct stat s; |
31 | 36 | ||
32 | // create an empty /etc/ld.so.preload | 37 | if (stat("/etc/ld.so.preload", &s) != 0) { |
33 | if (stat("/etc/ld.so.preload", &s)) { | 38 | fs_trace_touch_preload(); |
34 | if (arg_debug) | 39 | return; |
35 | printf("Creating an empty /etc/ld.so.preload file\n"); | 40 | } |
36 | FILE *fp = fopen("/etc/ld.so.preload", "wxe"); | 41 | |
37 | if (!fp) | 42 | if (s.st_size == 0) |
38 | errExit("fopen"); | 43 | return; |
39 | SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 44 | |
40 | fclose(fp); | 45 | // create a copy of /etc/ld.so.preload |
41 | fs_logger("touch /etc/ld.so.preload"); | 46 | if (copy_file("/etc/ld.so.preload", RUN_LDPRELOAD_FILE, 0, 0, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH)) { |
47 | fprintf(stderr, "Error: cannot copy /etc/ld.so.preload file\n"); | ||
48 | exit(1); | ||
42 | } | 49 | } |
43 | } | 50 | } |
44 | 51 | ||
@@ -83,7 +90,7 @@ void fs_trace(void) { | |||
83 | if (arg_debug) | 90 | if (arg_debug) |
84 | printf("Create the new ld.so.preload file\n"); | 91 | printf("Create the new ld.so.preload file\n"); |
85 | 92 | ||
86 | FILE *fp = fopen(RUN_LDPRELOAD_FILE, "we"); | 93 | FILE *fp = fopen(RUN_LDPRELOAD_FILE, "ae"); |
87 | if (!fp) | 94 | if (!fp) |
88 | errExit("fopen"); | 95 | errExit("fopen"); |
89 | const char *prefix = RUN_FIREJAIL_LIB_DIR; | 96 | const char *prefix = RUN_FIREJAIL_LIB_DIR; |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 83e50aee2..b776a0cc5 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -798,7 +798,7 @@ int sandbox(void* sandbox_arg) { | |||
798 | 798 | ||
799 | // trace pre-install | 799 | // trace pre-install |
800 | if (need_preload) | 800 | if (need_preload) |
801 | fs_trace_preload(); | 801 | fs_trace_touch_or_store_preload(); |
802 | 802 | ||
803 | // store hosts file | 803 | // store hosts file |
804 | if (cfg.hosts_file) | 804 | if (cfg.hosts_file) |
@@ -814,8 +814,11 @@ int sandbox(void* sandbox_arg) { | |||
814 | //**************************** | 814 | //**************************** |
815 | // trace pre-install, this time inside chroot | 815 | // trace pre-install, this time inside chroot |
816 | //**************************** | 816 | //**************************** |
817 | if (need_preload) | 817 | if (need_preload) { |
818 | fs_trace_preload(); | 818 | int rv = unlink(RUN_LDPRELOAD_FILE); |
819 | (void) rv; | ||
820 | fs_trace_touch_or_store_preload(); | ||
821 | } | ||
819 | } | 822 | } |
820 | else | 823 | else |
821 | #endif | 824 | #endif |
@@ -992,7 +995,7 @@ int sandbox(void* sandbox_arg) { | |||
992 | 995 | ||
993 | // create /etc/ld.so.preload file again | 996 | // create /etc/ld.so.preload file again |
994 | if (need_preload) | 997 | if (need_preload) |
995 | fs_trace_preload(); | 998 | fs_trace_touch_preload(); |
996 | 999 | ||
997 | // openSUSE configuration is split between /etc and /usr/etc | 1000 | // openSUSE configuration is split between /etc and /usr/etc |
998 | // process private-etc a second time | 1001 | // process private-etc a second time |