diff options
-rw-r--r-- | src/firejail/bandwidth.c | 21 | ||||
-rw-r--r-- | src/firejail/firejail.h | 16 | ||||
-rw-r--r-- | src/firejail/fs_dev.c | 2 | ||||
-rw-r--r-- | src/firejail/join.c | 2 | ||||
-rw-r--r-- | src/firejail/main.c | 114 | ||||
-rw-r--r-- | src/firejail/preproc.c | 2 | ||||
-rw-r--r-- | src/firejail/profile.c | 23 | ||||
-rw-r--r-- | src/firejail/run_files.c | 133 | ||||
-rw-r--r-- | src/firejail/shutdown.c | 2 |
9 files changed, 174 insertions, 141 deletions
diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c index 542faa06e..0045b444f 100644 --- a/src/firejail/bandwidth.c +++ b/src/firejail/bandwidth.c | |||
@@ -141,22 +141,6 @@ static void bandwidth_create_run_file(pid_t pid) { | |||
141 | free(fname); | 141 | free(fname); |
142 | } | 142 | } |
143 | 143 | ||
144 | // delete bandwidth file | ||
145 | void bandwidth_del_run_file(pid_t pid) { | ||
146 | char *fname; | ||
147 | if (asprintf(&fname, "%s/%d-bandwidth", RUN_FIREJAIL_BANDWIDTH_DIR, (int) pid) == -1) | ||
148 | errExit("asprintf"); | ||
149 | unlink(fname); | ||
150 | free(fname); | ||
151 | } | ||
152 | |||
153 | void network_del_run_file(pid_t pid) { | ||
154 | char *fname; | ||
155 | if (asprintf(&fname, "%s/%d-netmap", RUN_FIREJAIL_NETWORK_DIR, (int) pid) == -1) | ||
156 | errExit("asprintf"); | ||
157 | unlink(fname); | ||
158 | free(fname); | ||
159 | } | ||
160 | 144 | ||
161 | void network_set_run_file(pid_t pid) { | 145 | void network_set_run_file(pid_t pid) { |
162 | char *fname; | 146 | char *fname; |
@@ -268,9 +252,8 @@ void bandwidth_remove(pid_t pid, const char *dev) { | |||
268 | } | 252 | } |
269 | 253 | ||
270 | // remove the file if there are no entries in the list | 254 | // remove the file if there are no entries in the list |
271 | if (ifbw == NULL) { | 255 | if (ifbw == NULL) |
272 | bandwidth_del_run_file(pid); | 256 | delete_bandwidth_run_file(pid); |
273 | } | ||
274 | } | 257 | } |
275 | 258 | ||
276 | // add interface to run file | 259 | // add interface to run file |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index ca3b73ffc..ca3cf18ac 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -22,6 +22,7 @@ | |||
22 | #include "../include/common.h" | 22 | #include "../include/common.h" |
23 | #include "../include/euid_common.h" | 23 | #include "../include/euid_common.h" |
24 | #include <stdarg.h> | 24 | #include <stdarg.h> |
25 | #include <sys/stat.h> | ||
25 | 26 | ||
26 | // debug restricted shell | 27 | // debug restricted shell |
27 | //#define DEBUG_RESTRICTED_SHELL | 28 | //#define DEBUG_RESTRICTED_SHELL |
@@ -35,7 +36,8 @@ | |||
35 | #define RUN_FIREJAIL_NETWORK_DIR "/run/firejail/network" | 36 | #define RUN_FIREJAIL_NETWORK_DIR "/run/firejail/network" |
36 | #define RUN_FIREJAIL_BANDWIDTH_DIR "/run/firejail/bandwidth" | 37 | #define RUN_FIREJAIL_BANDWIDTH_DIR "/run/firejail/bandwidth" |
37 | #define RUN_FIREJAIL_PROFILE_DIR "/run/firejail/profile" | 38 | #define RUN_FIREJAIL_PROFILE_DIR "/run/firejail/profile" |
38 | #define RUN_NETWORK_LOCK_FILE "/run/firejail/firejail.lock" | 39 | #define RUN_NETWORK_LOCK_FILE "/run/firejail/firejail-network.lock" |
40 | #define RUN_DIRECTORY_LOCK_FILE "/run/firejail/firejail-run.lock" | ||
39 | #define RUN_RO_DIR "/run/firejail/firejail.ro.dir" | 41 | #define RUN_RO_DIR "/run/firejail/firejail.ro.dir" |
40 | #define RUN_RO_FILE "/run/firejail/firejail.ro.file" | 42 | #define RUN_RO_FILE "/run/firejail/firejail.ro.file" |
41 | #define RUN_MNT_DIR "/run/firejail/mnt" // a tmpfs is mounted on this directory before any of the files below are created | 43 | #define RUN_MNT_DIR "/run/firejail/mnt" // a tmpfs is mounted on this directory before any of the files below are created |
@@ -303,7 +305,6 @@ static inline int any_interface_configured(void) { | |||
303 | else | 305 | else |
304 | return 0; | 306 | return 0; |
305 | } | 307 | } |
306 | void clear_run_files(pid_t pid); | ||
307 | 308 | ||
308 | extern int arg_private; // mount private /home | 309 | extern int arg_private; // mount private /home |
309 | extern int arg_private_template; // private /home template | 310 | extern int arg_private_template; // private /home template |
@@ -393,7 +394,6 @@ extern char *fullargv[MAX_ARGS]; | |||
393 | extern int fullargc; | 394 | extern int fullargc; |
394 | 395 | ||
395 | // main.c | 396 | // main.c |
396 | void set_x11_file(pid_t pid, int display); | ||
397 | void check_user_namespace(void); | 397 | void check_user_namespace(void); |
398 | char *guess_shell(void); | 398 | char *guess_shell(void); |
399 | 399 | ||
@@ -617,9 +617,7 @@ void netns(const char *nsname); | |||
617 | void netns_mounts(const char *nsname); | 617 | void netns_mounts(const char *nsname); |
618 | 618 | ||
619 | // bandwidth.c | 619 | // bandwidth.c |
620 | void bandwidth_del_run_file(pid_t pid); | ||
621 | void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, int up); | 620 | void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, int up); |
622 | void network_del_run_file(pid_t pid); | ||
623 | void network_set_run_file(pid_t pid); | 621 | void network_set_run_file(pid_t pid); |
624 | 622 | ||
625 | // fs_etc.c | 623 | // fs_etc.c |
@@ -791,9 +789,15 @@ void build_appimage_cmdline(char **command_line, char **window_title, int argc, | |||
791 | // run sbox | 789 | // run sbox |
792 | int sbox_run(unsigned filter, int num, ...); | 790 | int sbox_run(unsigned filter, int num, ...); |
793 | 791 | ||
794 | |||
795 | // git.c | 792 | // git.c |
796 | void git_install(); | 793 | void git_install(); |
797 | void git_uninstall(); | 794 | void git_uninstall(); |
798 | 795 | ||
796 | // run_files.c | ||
797 | void delete_run_files(pid_t pid); | ||
798 | void delete_bandwidth_run_file(pid_t pid); | ||
799 | void set_name_run_file(pid_t pid); | ||
800 | void set_x11_run_file(pid_t pid, int display); | ||
801 | void set_profile_run_file(pid_t pid, const char *fname); | ||
802 | |||
799 | #endif | 803 | #endif |
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c index 947f12472..6eac78d96 100644 --- a/src/firejail/fs_dev.c +++ b/src/firejail/fs_dev.c | |||
@@ -146,7 +146,7 @@ static void create_link(const char *oldpath, const char *newpath) { | |||
146 | exit(1); | 146 | exit(1); |
147 | } | 147 | } |
148 | 148 | ||
149 | if (chown(newpath, 0, 0) < 0); | 149 | if (chown(newpath, 0, 0) < 0) {;} |
150 | 150 | ||
151 | fs_logger2("create", newpath); | 151 | fs_logger2("create", newpath); |
152 | return; | 152 | return; |
diff --git a/src/firejail/join.c b/src/firejail/join.c index a21293214..12ee4a9a0 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c | |||
@@ -64,7 +64,7 @@ static void extract_x11_display(pid_t pid) { | |||
64 | 64 | ||
65 | // store the display number for join process in /run/firejail/x11 | 65 | // store the display number for join process in /run/firejail/x11 |
66 | EUID_ROOT(); | 66 | EUID_ROOT(); |
67 | set_x11_file(getpid(), display); | 67 | set_x11_run_file(getpid(), display); |
68 | EUID_USER(); | 68 | EUID_USER(); |
69 | } | 69 | } |
70 | 70 | ||
diff --git a/src/firejail/main.c b/src/firejail/main.c index e8556de2d..dad9befd3 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -132,22 +132,9 @@ static pid_t child = 0; | |||
132 | pid_t sandbox_pid; | 132 | pid_t sandbox_pid; |
133 | unsigned long long start_timestamp; | 133 | unsigned long long start_timestamp; |
134 | 134 | ||
135 | static void set_name_file(pid_t pid); | ||
136 | static void delete_name_file(pid_t pid); | ||
137 | static void delete_profile_file(pid_t pid); | ||
138 | static void delete_x11_file(pid_t pid); | ||
139 | |||
140 | void clear_run_files(pid_t pid) { | ||
141 | bandwidth_del_run_file(pid); // bandwidth file | ||
142 | network_del_run_file(pid); // network map file | ||
143 | delete_name_file(pid); | ||
144 | delete_profile_file(pid); | ||
145 | delete_x11_file(pid); | ||
146 | } | ||
147 | |||
148 | static void clear_atexit(void) { | 135 | static void clear_atexit(void) { |
149 | EUID_ROOT(); | 136 | EUID_ROOT(); |
150 | clear_run_files(getpid()); | 137 | delete_run_files(getpid()); |
151 | } | 138 | } |
152 | 139 | ||
153 | static void myexit(int rv) { | 140 | static void myexit(int rv) { |
@@ -158,7 +145,7 @@ static void myexit(int rv) { | |||
158 | 145 | ||
159 | // delete sandbox files in shared memory | 146 | // delete sandbox files in shared memory |
160 | EUID_ROOT(); | 147 | EUID_ROOT(); |
161 | clear_run_files(sandbox_pid); | 148 | delete_run_files(sandbox_pid); |
162 | appimage_clear(); | 149 | appimage_clear(); |
163 | flush_stdin(); | 150 | flush_stdin(); |
164 | exit(rv); | 151 | exit(rv); |
@@ -755,68 +742,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
755 | 742 | ||
756 | } | 743 | } |
757 | 744 | ||
758 | static void set_name_file(pid_t pid) { | ||
759 | char *fname; | ||
760 | if (asprintf(&fname, "%s/%d", RUN_FIREJAIL_NAME_DIR, pid) == -1) | ||
761 | errExit("asprintf"); | ||
762 | |||
763 | // the file is deleted first | ||
764 | FILE *fp = fopen(fname, "w"); | ||
765 | if (!fp) { | ||
766 | fprintf(stderr, "Error: cannot create %s\n", fname); | ||
767 | exit(1); | ||
768 | } | ||
769 | fprintf(fp, "%s\n", cfg.name); | ||
770 | |||
771 | // mode and ownership | ||
772 | SET_PERMS_STREAM(fp, 0, 0, 0644); | ||
773 | fclose(fp); | ||
774 | } | ||
775 | |||
776 | static void delete_name_file(pid_t pid) { | ||
777 | char *fname; | ||
778 | if (asprintf(&fname, "%s/%d", RUN_FIREJAIL_NAME_DIR, pid) == -1) | ||
779 | errExit("asprintf"); | ||
780 | int rv = unlink(fname); | ||
781 | (void) rv; | ||
782 | free(fname); | ||
783 | } | ||
784 | 745 | ||
785 | static void delete_profile_file(pid_t pid) { | ||
786 | char *fname; | ||
787 | if (asprintf(&fname, "%s/%d", RUN_FIREJAIL_PROFILE_DIR, pid) == -1) | ||
788 | errExit("asprintf"); | ||
789 | int rv = unlink(fname); | ||
790 | (void) rv; | ||
791 | free(fname); | ||
792 | } | ||
793 | |||
794 | void set_x11_file(pid_t pid, int display) { | ||
795 | char *fname; | ||
796 | if (asprintf(&fname, "%s/%d", RUN_FIREJAIL_X11_DIR, pid) == -1) | ||
797 | errExit("asprintf"); | ||
798 | |||
799 | // the file is deleted first | ||
800 | FILE *fp = fopen(fname, "w"); | ||
801 | if (!fp) { | ||
802 | fprintf(stderr, "Error: cannot create %s\n", fname); | ||
803 | exit(1); | ||
804 | } | ||
805 | fprintf(fp, "%d\n", display); | ||
806 | |||
807 | // mode and ownership | ||
808 | SET_PERMS_STREAM(fp, 0, 0, 0644); | ||
809 | fclose(fp); | ||
810 | } | ||
811 | |||
812 | static void delete_x11_file(pid_t pid) { | ||
813 | char *fname; | ||
814 | if (asprintf(&fname, "%s/%d", RUN_FIREJAIL_X11_DIR, pid) == -1) | ||
815 | errExit("asprintf"); | ||
816 | int rv = unlink(fname); | ||
817 | (void) rv; | ||
818 | free(fname); | ||
819 | } | ||
820 | 746 | ||
821 | char *guess_shell(void) { | 747 | char *guess_shell(void) { |
822 | char *shell = NULL; | 748 | char *shell = NULL; |
@@ -898,7 +824,8 @@ static void run_builder(int argc, char **argv) { | |||
898 | int main(int argc, char **argv) { | 824 | int main(int argc, char **argv) { |
899 | int i; | 825 | int i; |
900 | int prog_index = -1; // index in argv where the program command starts | 826 | int prog_index = -1; // index in argv where the program command starts |
901 | int lockfd = -1; | 827 | int lockfd_network = -1; |
828 | int lockfd_directory = -1; | ||
902 | int option_cgroup = 0; | 829 | int option_cgroup = 0; |
903 | int option_force = 0; | 830 | int option_force = 0; |
904 | int custom_profile = 0; // custom profile loaded | 831 | int custom_profile = 0; // custom profile loaded |
@@ -1002,10 +929,7 @@ int main(int argc, char **argv) { | |||
1002 | 929 | ||
1003 | // check firejail directories | 930 | // check firejail directories |
1004 | EUID_ROOT(); | 931 | EUID_ROOT(); |
1005 | bandwidth_del_run_file(sandbox_pid); | 932 | delete_run_files(sandbox_pid); |
1006 | network_del_run_file(sandbox_pid); | ||
1007 | delete_name_file(sandbox_pid); | ||
1008 | delete_x11_file(sandbox_pid); | ||
1009 | 933 | ||
1010 | EUID_USER(); | 934 | EUID_USER(); |
1011 | 935 | ||
@@ -2470,11 +2394,11 @@ int main(int argc, char **argv) { | |||
2470 | // check and assign an IP address - for macvlan it will be done again in the sandbox! | 2394 | // check and assign an IP address - for macvlan it will be done again in the sandbox! |
2471 | if (any_bridge_configured()) { | 2395 | if (any_bridge_configured()) { |
2472 | EUID_ROOT(); | 2396 | EUID_ROOT(); |
2473 | lockfd = open(RUN_NETWORK_LOCK_FILE, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR); | 2397 | lockfd_network = open(RUN_NETWORK_LOCK_FILE, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR); |
2474 | if (lockfd != -1) { | 2398 | if (lockfd_network != -1) { |
2475 | int rv = fchown(lockfd, 0, 0); | 2399 | int rv = fchown(lockfd_network, 0, 0); |
2476 | (void) rv; | 2400 | (void) rv; |
2477 | flock(lockfd, LOCK_EX); | 2401 | flock(lockfd_network, LOCK_EX); |
2478 | } | 2402 | } |
2479 | 2403 | ||
2480 | check_network(&cfg.bridge0); | 2404 | check_network(&cfg.bridge0); |
@@ -2503,13 +2427,21 @@ int main(int argc, char **argv) { | |||
2503 | } | 2427 | } |
2504 | 2428 | ||
2505 | 2429 | ||
2506 | // set name file | 2430 | // set name and x11 run files |
2507 | EUID_ROOT(); | 2431 | EUID_ROOT(); |
2432 | lockfd_directory = open(RUN_DIRECTORY_LOCK_FILE, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR); | ||
2433 | if (lockfd_directory != -1) { | ||
2434 | int rv = fchown(lockfd_directory, 0, 0); | ||
2435 | (void) rv; | ||
2436 | flock(lockfd_directory, LOCK_EX); | ||
2437 | } | ||
2508 | if (cfg.name) | 2438 | if (cfg.name) |
2509 | set_name_file(sandbox_pid); | 2439 | set_name_run_file(sandbox_pid); |
2510 | int display = x11_display(); | 2440 | int display = x11_display(); |
2511 | if (display > 0) | 2441 | if (display > 0) |
2512 | set_x11_file(sandbox_pid, display); | 2442 | set_x11_run_file(sandbox_pid, display); |
2443 | flock(lockfd_directory, LOCK_UN); | ||
2444 | close(lockfd_directory); | ||
2513 | EUID_USER(); | 2445 | EUID_USER(); |
2514 | 2446 | ||
2515 | // clone environment | 2447 | // clone environment |
@@ -2650,9 +2582,9 @@ int main(int argc, char **argv) { | |||
2650 | close(parent_to_child_fds[1]); | 2582 | close(parent_to_child_fds[1]); |
2651 | 2583 | ||
2652 | EUID_ROOT(); | 2584 | EUID_ROOT(); |
2653 | if (lockfd != -1) { | 2585 | if (lockfd_network != -1) { |
2654 | flock(lockfd, LOCK_UN); | 2586 | flock(lockfd_network, LOCK_UN); |
2655 | close(lockfd); | 2587 | close(lockfd_network); |
2656 | } | 2588 | } |
2657 | 2589 | ||
2658 | // handle CTRL-C in parent | 2590 | // handle CTRL-C in parent |
diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c index d13209873..1f4cf9e54 100644 --- a/src/firejail/preproc.c +++ b/src/firejail/preproc.c | |||
@@ -173,7 +173,7 @@ void preproc_clean_run(void) { | |||
173 | if (pid < start_pid) | 173 | if (pid < start_pid) |
174 | continue; | 174 | continue; |
175 | if (pidarr[pid] == 0) | 175 | if (pidarr[pid] == 0) |
176 | clear_run_files(pid); | 176 | delete_run_files(pid); |
177 | } | 177 | } |
178 | closedir(dir); | 178 | closedir(dir); |
179 | 179 | ||
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 77308b7ac..5566b9860 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -1241,27 +1241,8 @@ void profile_read(const char *fname) { | |||
1241 | } | 1241 | } |
1242 | 1242 | ||
1243 | // save the name of the file for --profile.print option | 1243 | // save the name of the file for --profile.print option |
1244 | if (include_level == 0) { | 1244 | if (include_level == 0) |
1245 | char *runfile; | 1245 | set_profile_run_file(getpid(), fname); |
1246 | if (asprintf(&runfile, "%s/%d", RUN_FIREJAIL_PROFILE_DIR, getpid()) == -1) | ||
1247 | errExit("asprintf"); | ||
1248 | |||
1249 | EUID_ROOT(); | ||
1250 | // the file is deleted first | ||
1251 | FILE *fp = fopen(runfile, "w"); | ||
1252 | if (!fp) { | ||
1253 | fprintf(stderr, "Error: cannot create %s\n", runfile); | ||
1254 | exit(1); | ||
1255 | } | ||
1256 | fprintf(fp, "%s\n", fname); | ||
1257 | |||
1258 | // mode and ownership | ||
1259 | SET_PERMS_STREAM(fp, 0, 0, 0644); | ||
1260 | fclose(fp); | ||
1261 | EUID_USER(); | ||
1262 | free(runfile); | ||
1263 | } | ||
1264 | |||
1265 | 1246 | ||
1266 | int msg_printed = 0; | 1247 | int msg_printed = 0; |
1267 | 1248 | ||
diff --git a/src/firejail/run_files.c b/src/firejail/run_files.c new file mode 100644 index 000000000..42303c07b --- /dev/null +++ b/src/firejail/run_files.c | |||
@@ -0,0 +1,133 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014-2018 Firejail Authors | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | |||
21 | #include "firejail.h" | ||
22 | #include "../include/pid.h" | ||
23 | |||
24 | static void delete_x11_run_file(pid_t pid) { | ||
25 | char *fname; | ||
26 | if (asprintf(&fname, "%s/%d", RUN_FIREJAIL_X11_DIR, pid) == -1) | ||
27 | errExit("asprintf"); | ||
28 | int rv = unlink(fname); | ||
29 | (void) rv; | ||
30 | free(fname); | ||
31 | } | ||
32 | |||
33 | static void delete_profile_run_file(pid_t pid) { | ||
34 | char *fname; | ||
35 | if (asprintf(&fname, "%s/%d", RUN_FIREJAIL_PROFILE_DIR, pid) == -1) | ||
36 | errExit("asprintf"); | ||
37 | int rv = unlink(fname); | ||
38 | (void) rv; | ||
39 | free(fname); | ||
40 | } | ||
41 | |||
42 | static void delete_name_run_file(pid_t pid) { | ||
43 | char *fname; | ||
44 | if (asprintf(&fname, "%s/%d", RUN_FIREJAIL_NAME_DIR, pid) == -1) | ||
45 | errExit("asprintf"); | ||
46 | int rv = unlink(fname); | ||
47 | (void) rv; | ||
48 | free(fname); | ||
49 | } | ||
50 | |||
51 | void delete_bandwidth_run_file(pid_t pid) { | ||
52 | char *fname; | ||
53 | if (asprintf(&fname, "%s/%d-bandwidth", RUN_FIREJAIL_BANDWIDTH_DIR, (int) pid) == -1) | ||
54 | errExit("asprintf"); | ||
55 | unlink(fname); | ||
56 | free(fname); | ||
57 | } | ||
58 | |||
59 | static void delete_network_run_file(pid_t pid) { | ||
60 | char *fname; | ||
61 | if (asprintf(&fname, "%s/%d-netmap", RUN_FIREJAIL_NETWORK_DIR, (int) pid) == -1) | ||
62 | errExit("asprintf"); | ||
63 | unlink(fname); | ||
64 | free(fname); | ||
65 | } | ||
66 | |||
67 | |||
68 | |||
69 | void delete_run_files(pid_t pid) { | ||
70 | delete_bandwidth_run_file(pid); | ||
71 | delete_network_run_file(pid); | ||
72 | delete_name_run_file(pid); | ||
73 | delete_profile_run_file(pid); | ||
74 | delete_x11_run_file(pid); | ||
75 | } | ||
76 | |||
77 | void set_name_run_file(pid_t pid) { | ||
78 | char *fname; | ||
79 | if (asprintf(&fname, "%s/%d", RUN_FIREJAIL_NAME_DIR, pid) == -1) | ||
80 | errExit("asprintf"); | ||
81 | |||
82 | // the file is deleted first | ||
83 | FILE *fp = fopen(fname, "w"); | ||
84 | if (!fp) { | ||
85 | fprintf(stderr, "Error: cannot create %s\n", fname); | ||
86 | exit(1); | ||
87 | } | ||
88 | fprintf(fp, "%s\n", cfg.name); | ||
89 | |||
90 | // mode and ownership | ||
91 | SET_PERMS_STREAM(fp, 0, 0, 0644); | ||
92 | fclose(fp); | ||
93 | } | ||
94 | |||
95 | |||
96 | void set_x11_run_file(pid_t pid, int display) { | ||
97 | char *fname; | ||
98 | if (asprintf(&fname, "%s/%d", RUN_FIREJAIL_X11_DIR, pid) == -1) | ||
99 | errExit("asprintf"); | ||
100 | |||
101 | // the file is deleted first | ||
102 | FILE *fp = fopen(fname, "w"); | ||
103 | if (!fp) { | ||
104 | fprintf(stderr, "Error: cannot create %s\n", fname); | ||
105 | exit(1); | ||
106 | } | ||
107 | fprintf(fp, "%d\n", display); | ||
108 | |||
109 | // mode and ownership | ||
110 | SET_PERMS_STREAM(fp, 0, 0, 0644); | ||
111 | fclose(fp); | ||
112 | } | ||
113 | |||
114 | void set_profile_run_file(pid_t pid, const char *fname) { | ||
115 | char *runfile; | ||
116 | if (asprintf(&runfile, "%s/%d", RUN_FIREJAIL_PROFILE_DIR, pid) == -1) | ||
117 | errExit("asprintf"); | ||
118 | |||
119 | EUID_ROOT(); | ||
120 | // the file is deleted first | ||
121 | FILE *fp = fopen(runfile, "w"); | ||
122 | if (!fp) { | ||
123 | fprintf(stderr, "Error: cannot create %s\n", runfile); | ||
124 | exit(1); | ||
125 | } | ||
126 | fprintf(fp, "%s\n", fname); | ||
127 | |||
128 | // mode and ownership | ||
129 | SET_PERMS_STREAM(fp, 0, 0, 0644); | ||
130 | fclose(fp); | ||
131 | EUID_USER(); | ||
132 | free(runfile); | ||
133 | } | ||
diff --git a/src/firejail/shutdown.c b/src/firejail/shutdown.c index 12dfdf450..be20cd353 100644 --- a/src/firejail/shutdown.c +++ b/src/firejail/shutdown.c | |||
@@ -103,5 +103,5 @@ void shut(pid_t pid) { | |||
103 | } | 103 | } |
104 | } | 104 | } |
105 | 105 | ||
106 | clear_run_files(parent); | 106 | delete_run_files(parent); |
107 | } | 107 | } |