diff options
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/fs_whitelist.c | 14 | ||||
-rw-r--r-- | src/firejail/pulseaudio.c | 12 | ||||
-rw-r--r-- | src/firejail/util.c | 8 | ||||
-rw-r--r-- | src/firejail/x11.c | 12 |
5 files changed, 17 insertions, 30 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 2db171070..8c0b3ba4e 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -485,6 +485,7 @@ int arp_check(const char *dev, uint32_t destaddr); | |||
485 | uint32_t arp_assign(const char *dev, Bridge *br); | 485 | uint32_t arp_assign(const char *dev, Bridge *br); |
486 | 486 | ||
487 | // util.c | 487 | // util.c |
488 | void errLogExit(char* fmt, ...); | ||
488 | void fwarning(char* fmt, ...); | 489 | void fwarning(char* fmt, ...); |
489 | void fmessage(char* fmt, ...); | 490 | void fmessage(char* fmt, ...); |
490 | void drop_privs(int nogroups); | 491 | void drop_privs(int nogroups); |
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 3e093f616..a765be1b6 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -212,7 +212,7 @@ static void whitelist_path(ProfileEntry *entry) { | |||
212 | fname = path + 5; // strlen("/tmp/") | 212 | fname = path + 5; // strlen("/tmp/") |
213 | #ifndef TEST_MOUNTINFO | 213 | #ifndef TEST_MOUNTINFO |
214 | if (*fname == '\0') | 214 | if (*fname == '\0') |
215 | goto errexit; | 215 | errLogExit("whitelisting /tmp problem"); |
216 | #endif | 216 | #endif |
217 | 217 | ||
218 | if (asprintf(&wfile, "%s/%s", RUN_WHITELIST_TMP_DIR, fname) == -1) | 218 | if (asprintf(&wfile, "%s/%s", RUN_WHITELIST_TMP_DIR, fname) == -1) |
@@ -330,10 +330,8 @@ static void whitelist_path(ProfileEntry *entry) { | |||
330 | 330 | ||
331 | // No mounts are allowed on top level directories. A destination such as "/etc" is very bad! | 331 | // No mounts are allowed on top level directories. A destination such as "/etc" is very bad! |
332 | // - there should be more than one '/' char in dest string | 332 | // - there should be more than one '/' char in dest string |
333 | if (mptr->dir == strrchr(mptr->dir, '/')) { | 333 | if (mptr->dir == strrchr(mptr->dir, '/')) |
334 | fprintf(stderr, "Error: invalid mount on top of %s\n", mptr->dir); | 334 | errLogExit("invalid whitelist mount\n"); |
335 | exit(1); | ||
336 | } | ||
337 | 335 | ||
338 | free(wfile); | 336 | free(wfile); |
339 | return; | 337 | return; |
@@ -884,10 +882,8 @@ void fs_whitelist(void) { | |||
884 | // check again for files in /tmp directory | 882 | // check again for files in /tmp directory |
885 | if (strncmp(entry->link, "/tmp/", 5) == 0) { | 883 | if (strncmp(entry->link, "/tmp/", 5) == 0) { |
886 | char *path = realpath(entry->link, NULL); | 884 | char *path = realpath(entry->link, NULL); |
887 | if (path == NULL || strncmp(path, "/tmp/", 5) != 0) { | 885 | if (path == NULL || strncmp(path, "/tmp/", 5) != 0) |
888 | fprintf(stderr, "Error: invalid symbolic link %s\n", entry->link); | 886 | errLogExit("invalid whitelist symlink %s\n", entry->link); |
889 | exit(1); | ||
890 | } | ||
891 | free(path); | 887 | free(path); |
892 | } | 888 | } |
893 | } | 889 | } |
diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c index a3ba6184f..eaaba86c0 100644 --- a/src/firejail/pulseaudio.c +++ b/src/firejail/pulseaudio.c | |||
@@ -178,14 +178,10 @@ void pulseaudio_init(void) { | |||
178 | 178 | ||
179 | // check /proc/self/mountinfo to confirm the mount is ok | 179 | // check /proc/self/mountinfo to confirm the mount is ok |
180 | MountData *mptr = get_last_mount(); | 180 | MountData *mptr = get_last_mount(); |
181 | if (strncmp(mptr->dir, homeusercfg, strlen(homeusercfg)) != 0) { | 181 | if (strncmp(mptr->dir, homeusercfg, strlen(homeusercfg)) != 0) |
182 | fprintf(stderr, "Error: invalid mount on top of %s (should be %s)\n", mptr->dir, homeusercfg); | 182 | errLogExit("invalid mount on top of %s (should be %s)\n", mptr->dir, homeusercfg); |
183 | exit(1); | 183 | if (strncmp(mptr->fstype, "tmpfs", 5) != 0) |
184 | } | 184 | errLogExit("invalid mount on top of %s (filesystem type is %s)\n", mptr->dir, mptr->fstype); |
185 | if (strncmp(mptr->fstype, "tmpfs", 5) != 0) { | ||
186 | fprintf(stderr, "Error: invalid mount on top of %s (filesystem type is %s)\n", mptr->dir, mptr->fstype); | ||
187 | exit(1); | ||
188 | } | ||
189 | 185 | ||
190 | char *p; | 186 | char *p; |
191 | if (asprintf(&p, "%s/client.conf", homeusercfg) == -1) | 187 | if (asprintf(&p, "%s/client.conf", homeusercfg) == -1) |
diff --git a/src/firejail/util.c b/src/firejail/util.c index abebe36a3..b7868a9a3 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -43,15 +43,13 @@ void errLogExit(char* fmt, ...) { | |||
43 | char *msg1; | 43 | char *msg1; |
44 | char *msg2; | 44 | char *msg2; |
45 | if (vasprintf(&msg1, fmt, args) != -1 && | 45 | if (vasprintf(&msg1, fmt, args) != -1 && |
46 | asprintf(&msg2, "Access error: pid %d, last mount %s %s %s - %s", getuid(), m->fsname, m->dir, m->fstype, msg1) != -1) | 46 | asprintf(&msg2, "Access error: pid %d, last mount name:%s dir:%s type:%s - %s", getuid(), m->fsname, m->dir, m->fstype, msg1) != -1) |
47 | syslog(LOG_CRIT, "%s", msg2); | 47 | syslog(LOG_CRIT, "%s", msg2); |
48 | closelog(); | ||
49 | |||
50 | fprintf(stderr, "Access error pid %d - ", getuid()); | ||
51 | vfprintf(stderr, fmt, args); | ||
52 | va_end(args); | 48 | va_end(args); |
49 | closelog(); | ||
53 | 50 | ||
54 | sleep(2); | 51 | sleep(2); |
52 | fprintf(stderr, "%s\n", msg2); | ||
55 | exit(1); | 53 | exit(1); |
56 | } | 54 | } |
57 | 55 | ||
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 853bde43d..0eace3215 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -1196,14 +1196,10 @@ void x11_xorg(void) { | |||
1196 | 1196 | ||
1197 | // check /proc/self/mountinfo to confirm the mount is ok | 1197 | // check /proc/self/mountinfo to confirm the mount is ok |
1198 | MountData *mptr = get_last_mount(); | 1198 | MountData *mptr = get_last_mount(); |
1199 | if (strncmp(mptr->dir, dest, strlen(dest)) != 0) { | 1199 | if (strncmp(mptr->dir, dest, strlen(dest)) != 0) |
1200 | fprintf(stderr, "Error: invalid mount on top of %s (should be %s)\n", mptr->dir, dest); | 1200 | errLogExit("invalid mount on top of %s (should be %s)\n", mptr->dir, dest); |
1201 | exit(1); | 1201 | if (strncmp(mptr->fstype, "tmpfs", 5) != 0) |
1202 | } | 1202 | errLogExit("invalid mount on top of %s (filesystem type is %s)\n", mptr->dir, mptr->fstype); |
1203 | if (strncmp(mptr->fstype, "tmpfs", 5) != 0) { | ||
1204 | fprintf(stderr, "Error: invalid mount on top of %s (filesystem type is %s)\n", mptr->dir, mptr->fstype); | ||
1205 | exit(1); | ||
1206 | } | ||
1207 | free(dest); | 1203 | free(dest); |
1208 | #endif | 1204 | #endif |
1209 | } | 1205 | } |