diff options
-rw-r--r-- | src/firejail/main.c | 18 | ||||
-rw-r--r-- | src/firejail/preproc.c | 51 | ||||
-rw-r--r-- | src/firejail/run_files.c | 2 |
3 files changed, 44 insertions, 27 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index dad9befd3..38db165e8 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -835,12 +835,24 @@ int main(int argc, char **argv) { | |||
835 | // get starting timestamp | 835 | // get starting timestamp |
836 | start_timestamp = getticks(); | 836 | start_timestamp = getticks(); |
837 | 837 | ||
838 | if (check_arg(argc, argv, "--quiet", 1)) | ||
839 | arg_quiet = 1; | ||
840 | |||
838 | // build /run/firejail directory structure | 841 | // build /run/firejail directory structure |
839 | preproc_build_firejail_dir(); | 842 | preproc_build_firejail_dir(); |
840 | preproc_clean_run(); | 843 | char *container_name = getenv("container"); |
844 | if (!container_name || strcmp(container_name, "firejail")) { | ||
845 | lockfd_directory = open(RUN_DIRECTORY_LOCK_FILE, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR); | ||
846 | if (lockfd_directory != -1) { | ||
847 | int rv = fchown(lockfd_directory, 0, 0); | ||
848 | (void) rv; | ||
849 | flock(lockfd_directory, LOCK_EX); | ||
850 | } | ||
851 | preproc_clean_run(); | ||
852 | flock(lockfd_directory, LOCK_UN); | ||
853 | close(lockfd_directory); | ||
854 | } | ||
841 | 855 | ||
842 | if (check_arg(argc, argv, "--quiet", 1)) | ||
843 | arg_quiet = 1; | ||
844 | if (check_arg(argc, argv, "--allow-debuggers", 1)) { | 856 | if (check_arg(argc, argv, "--allow-debuggers", 1)) { |
845 | // check kernel version | 857 | // check kernel version |
846 | struct utsname u; | 858 | struct utsname u; |
diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c index 1f4cf9e54..45399bd48 100644 --- a/src/firejail/preproc.c +++ b/src/firejail/preproc.c | |||
@@ -107,6 +107,31 @@ void preproc_mount_mnt_dir(void) { | |||
107 | } | 107 | } |
108 | } | 108 | } |
109 | 109 | ||
110 | static void clean_dir(const char *name, int *pidarr, int start_pid, int max_pids) { | ||
111 | DIR *dir; | ||
112 | if (!(dir = opendir(name))) { | ||
113 | fwarning("cannot clean %s directory\n", name); | ||
114 | return; // we live to fight another day! | ||
115 | } | ||
116 | |||
117 | // clean leftover files | ||
118 | struct dirent *entry; | ||
119 | char *end; | ||
120 | while ((entry = readdir(dir)) != NULL) { | ||
121 | pid_t pid = strtol(entry->d_name, &end, 10); | ||
122 | pid %= max_pids; | ||
123 | if (end == entry->d_name || *end) | ||
124 | continue; | ||
125 | |||
126 | if (pid < start_pid) | ||
127 | continue; | ||
128 | if (pidarr[pid] == 0) | ||
129 | delete_run_files(pid); | ||
130 | } | ||
131 | closedir(dir); | ||
132 | } | ||
133 | |||
134 | |||
110 | // clean run directory | 135 | // clean run directory |
111 | void preproc_clean_run(void) { | 136 | void preproc_clean_run(void) { |
112 | int max_pids=32769; | 137 | int max_pids=32769; |
@@ -153,29 +178,9 @@ void preproc_clean_run(void) { | |||
153 | } | 178 | } |
154 | closedir(dir); | 179 | closedir(dir); |
155 | 180 | ||
156 | // open /run/firejail/profile directory | 181 | // clean profile and name directories |
157 | if (!(dir = opendir(RUN_FIREJAIL_PROFILE_DIR))) { | 182 | clean_dir(RUN_FIREJAIL_PROFILE_DIR, pidarr, start_pid, max_pids); |
158 | // sleep 2 seconds and try again | 183 | clean_dir(RUN_FIREJAIL_NAME_DIR, pidarr, start_pid, max_pids); |
159 | sleep(2); | ||
160 | if (!(dir = opendir(RUN_FIREJAIL_PROFILE_DIR))) { | ||
161 | fprintf(stderr, "Error: cannot open %s directory\n", RUN_FIREJAIL_PROFILE_DIR); | ||
162 | exit(1); | ||
163 | } | ||
164 | } | ||
165 | |||
166 | // read /run/firejail/profile directory and clean leftover files | ||
167 | while ((entry = readdir(dir)) != NULL) { | ||
168 | pid_t pid = strtol(entry->d_name, &end, 10); | ||
169 | pid %= max_pids; | ||
170 | if (end == entry->d_name || *end) | ||
171 | continue; | ||
172 | |||
173 | if (pid < start_pid) | ||
174 | continue; | ||
175 | if (pidarr[pid] == 0) | ||
176 | delete_run_files(pid); | ||
177 | } | ||
178 | closedir(dir); | ||
179 | 184 | ||
180 | free(pidarr); | 185 | free(pidarr); |
181 | } | 186 | } |
diff --git a/src/firejail/run_files.c b/src/firejail/run_files.c index 42303c07b..57a0e19df 100644 --- a/src/firejail/run_files.c +++ b/src/firejail/run_files.c | |||
@@ -70,8 +70,8 @@ void delete_run_files(pid_t pid) { | |||
70 | delete_bandwidth_run_file(pid); | 70 | delete_bandwidth_run_file(pid); |
71 | delete_network_run_file(pid); | 71 | delete_network_run_file(pid); |
72 | delete_name_run_file(pid); | 72 | delete_name_run_file(pid); |
73 | delete_profile_run_file(pid); | ||
74 | delete_x11_run_file(pid); | 73 | delete_x11_run_file(pid); |
74 | delete_profile_run_file(pid); | ||
75 | } | 75 | } |
76 | 76 | ||
77 | void set_name_run_file(pid_t pid) { | 77 | void set_name_run_file(pid_t pid) { |