diff options
-rw-r--r-- | src/firejail/bandwidth.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_bin.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_etc.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_home.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_var.c | 4 | ||||
-rw-r--r-- | src/firejail/main.c | 4 | ||||
-rw-r--r-- | src/firejail/pulseaudio.c | 4 |
7 files changed, 10 insertions, 10 deletions
diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c index c372dd455..da894b321 100644 --- a/src/firejail/bandwidth.c +++ b/src/firejail/bandwidth.c | |||
@@ -118,7 +118,7 @@ void shm_create_firejail_dir(void) { | |||
118 | struct stat s; | 118 | struct stat s; |
119 | if (stat("/dev/shm/firejail", &s) == -1) { | 119 | if (stat("/dev/shm/firejail", &s) == -1) { |
120 | /* coverity[toctou] */ | 120 | /* coverity[toctou] */ |
121 | if (mkdir("/dev/shm/firejail", 0777) == -1) | 121 | if (mkdir("/dev/shm/firejail", 0644) == -1) |
122 | errExit("mkdir"); | 122 | errExit("mkdir"); |
123 | if (chown("/dev/shm/firejail", 0, 0) == -1) | 123 | if (chown("/dev/shm/firejail", 0, 0) == -1) |
124 | errExit("chown"); | 124 | errExit("chown"); |
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c index e88d5c53b..af67ac290 100644 --- a/src/firejail/fs_bin.c +++ b/src/firejail/fs_bin.c | |||
@@ -169,7 +169,7 @@ void fs_private_bin_list(void) { | |||
169 | 169 | ||
170 | // create /tmp/firejail/mnt/bin directory | 170 | // create /tmp/firejail/mnt/bin directory |
171 | fs_build_mnt_dir(); | 171 | fs_build_mnt_dir(); |
172 | int rv = mkdir(RUN_BIN_DIR, S_IRWXU | S_IRWXG | S_IRWXO); | 172 | int rv = mkdir(RUN_BIN_DIR, 0755); |
173 | if (rv == -1) | 173 | if (rv == -1) |
174 | errExit("mkdir"); | 174 | errExit("mkdir"); |
175 | if (chown(RUN_BIN_DIR, 0, 0) < 0) | 175 | if (chown(RUN_BIN_DIR, 0, 0) < 0) |
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index 3d9abaf72..c3a247331 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c | |||
@@ -113,7 +113,7 @@ void fs_private_etc_list(void) { | |||
113 | 113 | ||
114 | // create /tmp/firejail/mnt/etc directory | 114 | // create /tmp/firejail/mnt/etc directory |
115 | fs_build_mnt_dir(); | 115 | fs_build_mnt_dir(); |
116 | int rv = mkdir(RUN_ETC_DIR, S_IRWXU | S_IRWXG | S_IRWXO); | 116 | int rv = mkdir(RUN_ETC_DIR, 0755); |
117 | if (rv == -1) | 117 | if (rv == -1) |
118 | errExit("mkdir"); | 118 | errExit("mkdir"); |
119 | if (chown(RUN_ETC_DIR, 0, 0) < 0) | 119 | if (chown(RUN_ETC_DIR, 0, 0) < 0) |
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index e42ce5255..ad849da3f 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -497,7 +497,7 @@ void fs_private_home_list(void) { | |||
497 | 497 | ||
498 | // create /tmp/firejail/mnt/home directory | 498 | // create /tmp/firejail/mnt/home directory |
499 | fs_build_mnt_dir(); | 499 | fs_build_mnt_dir(); |
500 | int rv = mkdir(RUN_HOME_DIR, S_IRWXU | S_IRWXG | S_IRWXO); | 500 | int rv = mkdir(RUN_HOME_DIR, 0755); |
501 | if (rv == -1) | 501 | if (rv == -1) |
502 | errExit("mkdir"); | 502 | errExit("mkdir"); |
503 | if (chown(RUN_HOME_DIR, u, g) < 0) | 503 | if (chown(RUN_HOME_DIR, u, g) < 0) |
diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c index 8ecd159e8..82d453308 100644 --- a/src/firejail/fs_var.c +++ b/src/firejail/fs_var.c | |||
@@ -232,14 +232,14 @@ void fs_var_cache(void) { | |||
232 | gid = p->pw_gid; | 232 | gid = p->pw_gid; |
233 | } | 233 | } |
234 | 234 | ||
235 | int rv = mkdir("/var/cache/lighttpd/compress", S_IRWXU | S_IRWXG | S_IRWXO); | 235 | int rv = mkdir("/var/cache/lighttpd/compress", 0755); |
236 | if (rv == -1) | 236 | if (rv == -1) |
237 | errExit("mkdir"); | 237 | errExit("mkdir"); |
238 | if (chown("/var/cache/lighttpd/compress", uid, gid) < 0) | 238 | if (chown("/var/cache/lighttpd/compress", uid, gid) < 0) |
239 | errExit("chown"); | 239 | errExit("chown"); |
240 | fs_logger("mkdir /var/cache/lighttpd/compress"); | 240 | fs_logger("mkdir /var/cache/lighttpd/compress"); |
241 | 241 | ||
242 | rv = mkdir("/var/cache/lighttpd/uploads", S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH); | 242 | rv = mkdir("/var/cache/lighttpd/uploads", 0755); |
243 | if (rv == -1) | 243 | if (rv == -1) |
244 | errExit("mkdir"); | 244 | errExit("mkdir"); |
245 | if (chown("/var/cache/lighttpd/uploads", uid, gid) < 0) | 245 | if (chown("/var/cache/lighttpd/uploads", uid, gid) < 0) |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 4a86e9a2b..2c63bf7b0 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -759,11 +759,11 @@ int main(int argc, char **argv) { | |||
759 | struct stat s; | 759 | struct stat s; |
760 | if (stat(dirname, &s) == -1) { | 760 | if (stat(dirname, &s) == -1) { |
761 | /* coverity[toctou] */ | 761 | /* coverity[toctou] */ |
762 | if (mkdir(dirname, S_IRWXU | S_IRWXG | S_IRWXO)) | 762 | if (mkdir(dirname, 0700)) |
763 | errExit("mkdir"); | 763 | errExit("mkdir"); |
764 | if (chown(dirname, getuid(), getgid()) < 0) | 764 | if (chown(dirname, getuid(), getgid()) < 0) |
765 | errExit("chown"); | 765 | errExit("chown"); |
766 | if (chmod(dirname, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) < 0) | 766 | if (chmod(dirname, 0700) < 0) |
767 | errExit("chmod"); | 767 | errExit("chmod"); |
768 | } | 768 | } |
769 | free(dirname); | 769 | free(dirname); |
diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c index a3348baf4..8bf8d8303 100644 --- a/src/firejail/pulseaudio.c +++ b/src/firejail/pulseaudio.c | |||
@@ -93,8 +93,8 @@ void pulseaudio_init(void) { | |||
93 | 93 | ||
94 | // create the new user pulseaudio directory | 94 | // create the new user pulseaudio directory |
95 | fs_build_mnt_dir(); | 95 | fs_build_mnt_dir(); |
96 | int rv = mkdir(RUN_PULSE_DIR, S_IRWXU | S_IRWXG | S_IRWXO); | 96 | int rv = mkdir(RUN_PULSE_DIR, 0700); |
97 | (void) rv; // in --chroot mode the directory canalready be there | 97 | (void) rv; // in --chroot mode the directory can already be there |
98 | if (chown(RUN_PULSE_DIR, getuid(), getgid()) < 0) | 98 | if (chown(RUN_PULSE_DIR, getuid(), getgid()) < 0) |
99 | errExit("chown"); | 99 | errExit("chown"); |
100 | if (chmod(RUN_PULSE_DIR, 0700) < 0) | 100 | if (chmod(RUN_PULSE_DIR, 0700) < 0) |