diff options
-rw-r--r-- | src/firejail/appimage.c | 27 | ||||
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/fs.c | 4 |
3 files changed, 21 insertions, 11 deletions
diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c index 05bd8a1d8..d654e51fc 100644 --- a/src/firejail/appimage.c +++ b/src/firejail/appimage.c | |||
@@ -54,9 +54,13 @@ void appimage_set(const char *appimage_path) { | |||
54 | exit(1); | 54 | exit(1); |
55 | } | 55 | } |
56 | 56 | ||
57 | // populate /run/firejail directory | ||
57 | EUID_ROOT(); | 58 | EUID_ROOT(); |
59 | fs_build_firejail_dir(); | ||
60 | EUID_USER(); | ||
58 | 61 | ||
59 | // find or allocate a free loop device to use | 62 | // find or allocate a free loop device to use |
63 | EUID_ROOT(); | ||
60 | int cfd = open("/dev/loop-control", O_RDWR); | 64 | int cfd = open("/dev/loop-control", O_RDWR); |
61 | int devnr = ioctl(cfd, LOOP_CTL_GET_FREE); | 65 | int devnr = ioctl(cfd, LOOP_CTL_GET_FREE); |
62 | if (devnr == -1) { | 66 | if (devnr == -1) { |
@@ -74,36 +78,37 @@ void appimage_set(const char *appimage_path) { | |||
74 | } | 78 | } |
75 | close(lfd); | 79 | close(lfd); |
76 | close(ffd); | 80 | close(ffd); |
77 | |||
78 | EUID_USER(); | 81 | EUID_USER(); |
79 | 82 | ||
80 | // creates directory with perms 0700 | 83 | // creates appimage mount point perms 0700 |
81 | char dirname[] = "/tmp/firejail-mnt-XXXXXX"; | 84 | if (asprintf(&mntdir, "%s/appimage-%u", RUN_FIREJAIL_APPIMAGE_DIR, getpid()) == -1) |
82 | mntdir = strdup(mkdtemp(dirname)); | 85 | errExit("asprintf"); |
83 | if (mntdir == NULL) { | 86 | EUID_ROOT(); |
84 | fprintf(stderr, "Error: cannot create temporary directory\n"); | 87 | if (mkdir(mntdir, 0700) == -1) { |
88 | fprintf(stderr, "Error: cannot create appimage mount point\n"); | ||
85 | exit(1); | 89 | exit(1); |
86 | } | 90 | } |
87 | if (chmod(mntdir, 0700) == -1) | 91 | if (chmod(mntdir, 0700) == -1) |
88 | errExit("chmod"); | 92 | errExit("chmod"); |
93 | if (chown(mntdir, getuid(), getgid()) == -1) | ||
94 | errExit("chown"); | ||
95 | EUID_USER(); | ||
89 | ASSERT_PERMS(mntdir, getuid(), getgid(), 0700); | 96 | ASSERT_PERMS(mntdir, getuid(), getgid(), 0700); |
90 | 97 | ||
98 | // mount | ||
91 | char *mode; | 99 | char *mode; |
92 | if (asprintf(&mode, "mode=700,uid=%d,gid=%d", getuid(), getgid()) == -1) | 100 | if (asprintf(&mode, "mode=700,uid=%d,gid=%d", getuid(), getgid()) == -1) |
93 | errExit("asprintf"); | 101 | errExit("asprintf"); |
94 | |||
95 | EUID_ROOT(); | 102 | EUID_ROOT(); |
96 | if (mount(devloop, mntdir, "iso9660",MS_MGC_VAL|MS_RDONLY, mode) < 0) | 103 | if (mount(devloop, mntdir, "iso9660",MS_MGC_VAL|MS_RDONLY, mode) < 0) |
97 | errExit("mounting appimage"); | 104 | errExit("mounting appimage"); |
98 | |||
99 | |||
100 | if (arg_debug) | 105 | if (arg_debug) |
101 | printf("appimage mounted on %s\n", mntdir); | 106 | printf("appimage mounted on %s\n", mntdir); |
102 | EUID_USER(); | 107 | EUID_USER(); |
103 | 108 | ||
109 | // set environment | ||
104 | if (appimage_path && setenv("APPIMAGE", appimage_path, 1) < 0) | 110 | if (appimage_path && setenv("APPIMAGE", appimage_path, 1) < 0) |
105 | errExit("setenv"); | 111 | errExit("setenv"); |
106 | |||
107 | if (mntdir && setenv("APPDIR", mntdir, 1) < 0) | 112 | if (mntdir && setenv("APPDIR", mntdir, 1) < 0) |
108 | errExit("setenv"); | 113 | errExit("setenv"); |
109 | 114 | ||
@@ -124,7 +129,7 @@ void appimage_clear(void) { | |||
124 | if (mntdir) { | 129 | if (mntdir) { |
125 | rv = umount2(mntdir, MNT_FORCE); | 130 | rv = umount2(mntdir, MNT_FORCE); |
126 | if (rv == -1 && errno == EBUSY) { | 131 | if (rv == -1 && errno == EBUSY) { |
127 | sleep(1); | 132 | sleep(5); |
128 | rv = umount2(mntdir, MNT_FORCE); | 133 | rv = umount2(mntdir, MNT_FORCE); |
129 | (void) rv; | 134 | (void) rv; |
130 | 135 | ||
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index c801ea262..15e108056 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -28,6 +28,7 @@ | |||
28 | // filesystem | 28 | // filesystem |
29 | #define RUN_FIREJAIL_BASEDIR "/run" | 29 | #define RUN_FIREJAIL_BASEDIR "/run" |
30 | #define RUN_FIREJAIL_DIR "/run/firejail" | 30 | #define RUN_FIREJAIL_DIR "/run/firejail" |
31 | #define RUN_FIREJAIL_APPIMAGE_DIR "/run/firejail/appimage" | ||
31 | #define RUN_FIREJAIL_NAME_DIR "/run/firejail/name" | 32 | #define RUN_FIREJAIL_NAME_DIR "/run/firejail/name" |
32 | #define RUN_FIREJAIL_X11_DIR "/run/firejail/x11" | 33 | #define RUN_FIREJAIL_X11_DIR "/run/firejail/x11" |
33 | #define RUN_FIREJAIL_NETWORK_DIR "/run/firejail/network" | 34 | #define RUN_FIREJAIL_NETWORK_DIR "/run/firejail/network" |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index b40f8a3fa..d63ed104f 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -104,6 +104,10 @@ void fs_build_firejail_dir(void) { | |||
104 | create_dir_as_root(RUN_FIREJAIL_X11_DIR, 0755); | 104 | create_dir_as_root(RUN_FIREJAIL_X11_DIR, 0755); |
105 | } | 105 | } |
106 | 106 | ||
107 | if (stat(RUN_FIREJAIL_APPIMAGE_DIR, &s)) { | ||
108 | create_dir_as_root(RUN_FIREJAIL_APPIMAGE_DIR, 0755); | ||
109 | } | ||
110 | |||
107 | create_empty_dir(); | 111 | create_empty_dir(); |
108 | create_empty_file(); | 112 | create_empty_file(); |
109 | } | 113 | } |