diff options
-rw-r--r-- | src/firejail/fs.c | 27 | ||||
-rwxr-xr-x | test/features/3.5.exp | 4 |
2 files changed, 22 insertions, 9 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 3b1a87310..92cf4c1bc 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -73,6 +73,12 @@ void fs_build_firejail_dir(void) { | |||
73 | if (chmod(RUN_FIREJAIL_BASEDIR, 0755) < 0) | 73 | if (chmod(RUN_FIREJAIL_BASEDIR, 0755) < 0) |
74 | errExit("chmod"); | 74 | errExit("chmod"); |
75 | } | 75 | } |
76 | else { // check /tmp/firejail directory belongs to root end exit if doesn't! | ||
77 | if (s.st_uid != 0 || s.st_gid != 0) { | ||
78 | fprintf(stderr, "Error: non-root %s directory, exiting...\n", RUN_FIREJAIL_DIR); | ||
79 | exit(1); | ||
80 | } | ||
81 | } | ||
76 | 82 | ||
77 | if (stat(RUN_FIREJAIL_DIR, &s)) { | 83 | if (stat(RUN_FIREJAIL_DIR, &s)) { |
78 | if (arg_debug) | 84 | if (arg_debug) |
@@ -85,6 +91,11 @@ void fs_build_firejail_dir(void) { | |||
85 | errExit("chown"); | 91 | errExit("chown"); |
86 | if (chmod(RUN_FIREJAIL_DIR, 0755) < 0) | 92 | if (chmod(RUN_FIREJAIL_DIR, 0755) < 0) |
87 | errExit("chmod"); | 93 | errExit("chmod"); |
94 | } | ||
95 | |||
96 | if (stat(RUN_FIREJAIL_NETWORK_DIR, &s)) { | ||
97 | if (arg_debug) | ||
98 | printf("Creating %s directory\n", RUN_FIREJAIL_NETWORK_DIR); | ||
88 | 99 | ||
89 | if (mkdir(RUN_FIREJAIL_NETWORK_DIR, 0755) == -1) | 100 | if (mkdir(RUN_FIREJAIL_NETWORK_DIR, 0755) == -1) |
90 | errExit("mkdir"); | 101 | errExit("mkdir"); |
@@ -92,14 +103,22 @@ void fs_build_firejail_dir(void) { | |||
92 | errExit("chown"); | 103 | errExit("chown"); |
93 | if (chmod(RUN_FIREJAIL_NETWORK_DIR, 0755) < 0) | 104 | if (chmod(RUN_FIREJAIL_NETWORK_DIR, 0755) < 0) |
94 | errExit("chmod"); | 105 | errExit("chmod"); |
95 | 106 | } | |
107 | |||
108 | if (stat(RUN_FIREJAIL_BANDWIDTH_DIR, &s)) { | ||
109 | if (arg_debug) | ||
110 | printf("Creating %s directory\n", RUN_FIREJAIL_BANDWIDTH_DIR); | ||
96 | if (mkdir(RUN_FIREJAIL_BANDWIDTH_DIR, 0755) == -1) | 111 | if (mkdir(RUN_FIREJAIL_BANDWIDTH_DIR, 0755) == -1) |
97 | errExit("mkdir"); | 112 | errExit("mkdir"); |
98 | if (chown(RUN_FIREJAIL_BANDWIDTH_DIR, 0, 0) < 0) | 113 | if (chown(RUN_FIREJAIL_BANDWIDTH_DIR, 0, 0) < 0) |
99 | errExit("chown"); | 114 | errExit("chown"); |
100 | if (chmod(RUN_FIREJAIL_BANDWIDTH_DIR, 0755) < 0) | 115 | if (chmod(RUN_FIREJAIL_BANDWIDTH_DIR, 0755) < 0) |
101 | errExit("chmod"); | 116 | errExit("chmod"); |
117 | } | ||
102 | 118 | ||
119 | if (stat(RUN_FIREJAIL_NAME_DIR, &s)) { | ||
120 | if (arg_debug) | ||
121 | printf("Creating %s directory\n", RUN_FIREJAIL_NAME_DIR); | ||
103 | if (mkdir(RUN_FIREJAIL_NAME_DIR, 0755) == -1) | 122 | if (mkdir(RUN_FIREJAIL_NAME_DIR, 0755) == -1) |
104 | errExit("mkdir"); | 123 | errExit("mkdir"); |
105 | if (chown(RUN_FIREJAIL_NAME_DIR, 0, 0) < 0) | 124 | if (chown(RUN_FIREJAIL_NAME_DIR, 0, 0) < 0) |
@@ -107,12 +126,6 @@ void fs_build_firejail_dir(void) { | |||
107 | if (chmod(RUN_FIREJAIL_NAME_DIR, 0755) < 0) | 126 | if (chmod(RUN_FIREJAIL_NAME_DIR, 0755) < 0) |
108 | errExit("chmod"); | 127 | errExit("chmod"); |
109 | } | 128 | } |
110 | else { // check /tmp/firejail directory belongs to root end exit if doesn't! | ||
111 | if (s.st_uid != 0 || s.st_gid != 0) { | ||
112 | fprintf(stderr, "Error: non-root %s directory, exiting...\n", RUN_FIREJAIL_DIR); | ||
113 | exit(1); | ||
114 | } | ||
115 | } | ||
116 | 129 | ||
117 | create_empty_dir(); | 130 | create_empty_dir(); |
118 | create_empty_file(); | 131 | create_empty_file(); |
diff --git a/test/features/3.5.exp b/test/features/3.5.exp index 35de90429..eb831efda 100755 --- a/test/features/3.5.exp +++ b/test/features/3.5.exp | |||
@@ -43,7 +43,7 @@ if { $overlay == "overlay" } { | |||
43 | send -- "ls -l /dev | wc -l\r" | 43 | send -- "ls -l /dev | wc -l\r" |
44 | expect { | 44 | expect { |
45 | timeout {puts "TESTING ERROR 3.1\n";exit} | 45 | timeout {puts "TESTING ERROR 3.1\n";exit} |
46 | "12" | 46 | "11" |
47 | } | 47 | } |
48 | 48 | ||
49 | after 100 | 49 | after 100 |
@@ -65,7 +65,7 @@ if { $chroot == "chroot" } { | |||
65 | send -- "ls -l /dev | wc -l\r" | 65 | send -- "ls -l /dev | wc -l\r" |
66 | expect { | 66 | expect { |
67 | timeout {puts "TESTING ERROR 5.1\n";exit} | 67 | timeout {puts "TESTING ERROR 5.1\n";exit} |
68 | "12" | 68 | "11" |
69 | } | 69 | } |
70 | 70 | ||
71 | after 100 | 71 | after 100 |