4 files changed, 17 insertions, 15 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 316057ec5..ce1ee4618 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -521,12 +521,16 @@ void fs_remount(const char *dir, OPERATION op, unsigned check_mnt) {
                if (mount(dir, dir, NULL, MS_BIND|MS_REC, NULL) < 0 ||
                    mount(NULL, dir, NULL, flags|MS_BIND|MS_REMOUNT, NULL) < 0)
                        errExit("remounting");
+                // run a sanity check on /proc/self/mountinfo
                if (check_mnt) {
-                        // run a sanity check on /proc/self/mountinfo
+                        // confirm target of the last mount operation was dir; if there are other
+                        // mount points contained inside dir, one of those will show up as target
+                        // of the last mount operation instead
                        MountData *mptr = get_last_mount();
                        size_t len = strlen(dir);
-                        if (strncmp(mptr->dir, dir, len) != 0 ||
+                        if ((strncmp(mptr->dir, dir, len) != 0 ||
                           (*(mptr->dir + len) != '\0' && *(mptr->dir + len) != '/'))
+                           && strcmp(dir, "/") != 0) // support read-only=/
                                errLogExit("invalid %s mount", opstr[op]);
                }
                fs_logger2(opstr[op], dir);
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index cfa0af078..45feadce1 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -508,7 +508,7 @@ static void duplicate(char *name) {
                ptr++;
                if (asprintf(&path, "%s/%s", RUN_HOME_DIR, ptr) == -1)
                        errExit("asprintf");
-                mkdir_attr(path, 0755, getuid(), getgid());
+                create_empty_dir_as_user(path, 0755);
                sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 3, PATH_FCOPY, fname, path);
                free(path);
        }
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 995e98f9f..da942207e 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -623,7 +623,8 @@ int sandbox(void* sandbox_arg) {
        // ... and mount a tmpfs on top of /run/firejail/mnt directory
        preproc_mount_mnt_dir();
        // bind-mount firejail binaries and helper programs
-        if (mount(LIBDIR "/firejail", RUN_FIREJAIL_LIB_DIR, "none", MS_BIND, NULL) < 0)
+        if (mount(LIBDIR "/firejail", RUN_FIREJAIL_LIB_DIR, NULL, MS_BIND, NULL) < 0 ||
+            mount(NULL, RUN_FIREJAIL_LIB_DIR, NULL, MS_RDONLY|MS_NOSUID|MS_NODEV|MS_BIND|MS_REMOUNT, NULL) < 0)
                errExit("mounting " RUN_FIREJAIL_LIB_DIR);
        //****************************
diff --git a/src/firejail/x11.c b/src/firejail/x11.c
index b390ad38e..d80f4df38 100644
--- a/src/firejail/x11.c
+++ b/src/firejail/x11.c
@@ -1175,16 +1175,15 @@ void x11_xorg(void) {
        // move the temporary file in RUN_XAUTHORITY_SEC_FILE in order to have it deleted
        // automatically when the sandbox is closed (rename doesn't work)
-                                                  // root needed
+        if (arg_debug)
-        if (copy_file(tmpfname, RUN_XAUTHORITY_SEC_FILE, getuid(), getgid(), 0600)) {
+                printf("Copying the new .Xauthority file\n");
-                fprintf(stderr, "Error: cannot create the new .Xauthority file\n");
+        copy_file_from_user_to_root(tmpfname, RUN_XAUTHORITY_SEC_FILE, getuid(), getgid(), 0600);
-                exit(1);
+        
-        }
        /* coverity[toctou] */
        unlink(tmpfname);
        umount("/tmp");
-        // remount RUN_XAUTHORITY_SEC_FILE noexec, nodev, nosuid
+        // mount RUN_XAUTHORITY_SEC_FILE noexec, nodev, nosuid
        fs_remount(RUN_XAUTHORITY_SEC_FILE, MOUNT_NOEXEC, 0);
        // Ensure there is already a file in the usual location, so that bind-mount below will work.
@@ -1294,19 +1293,17 @@ void fs_x11(void) {
        if (mount("/tmp/.X11-unix", RUN_WHITELIST_X11_DIR, 0, MS_BIND|MS_REC, 0) < 0)
                errExit("mount bind");
-        // This directory must be mode 1777, or Xlib will barf.
+        // This directory must be mode 1777
        if (mount("tmpfs", "/tmp/.X11-unix", "tmpfs",
                MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_STRICTATIME,
                "mode=1777,uid=0,gid=0") < 0)
                errExit("mounting tmpfs on /tmp/.X11-unix");
        fs_logger("tmpfs /tmp/.X11-unix");
-        // create an empty file which will have the desired socket bind-mounted over it
+        // create an empty root-owned file which will have the desired socket bind-mounted over it
-        int fd = open(x11file, O_RDWR|O_CREAT|O_EXCL, x11stat.st_mode & ~S_IFMT);
+        int fd = open(x11file, O_RDONLY|O_CREAT|O_EXCL, S_IRUSR | S_IWUSR);
        if (fd < 0)
                errExit(x11file);
-        if (fchown(fd, x11stat.st_uid, x11stat.st_gid))
-                errExit("fchown");
        close(fd);
        // the mount source is under control of the user, so be careful and

diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 316057ec5..ce1ee4618 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c
@@ -521,12 +521,16 @@ void fs_remount(const char *dir, OPERATION op, unsigned check_mnt) {
521	if (mount(dir, dir, NULL, MS_BIND\|MS_REC, NULL) < 0 \|\|	521	if (mount(dir, dir, NULL, MS_BIND\|MS_REC, NULL) < 0 \|\|
522	mount(NULL, dir, NULL, flags\|MS_BIND\|MS_REMOUNT, NULL) < 0)	522	mount(NULL, dir, NULL, flags\|MS_BIND\|MS_REMOUNT, NULL) < 0)
523	errExit("remounting");	523	errExit("remounting");
		524	// run a sanity check on /proc/self/mountinfo
524	if (check_mnt) {	525	if (check_mnt) {
525	// run a sanity check on /proc/self/mountinfo	526	// confirm target of the last mount operation was dir; if there are other
		527	// mount points contained inside dir, one of those will show up as target
		528	// of the last mount operation instead
526	MountData *mptr = get_last_mount();	529	MountData *mptr = get_last_mount();
527	size_t len = strlen(dir);	530	size_t len = strlen(dir);
528	if (strncmp(mptr->dir, dir, len) != 0 \|\|	531	if ((strncmp(mptr->dir, dir, len) != 0 \|\|
529	((mptr->dir + len) != '\0' && (mptr->dir + len) != '/'))	532	((mptr->dir + len) != '\0' && (mptr->dir + len) != '/'))
		533	&& strcmp(dir, "/") != 0) // support read-only=/
530	errLogExit("invalid %s mount", opstr[op]);	534	errLogExit("invalid %s mount", opstr[op]);
531	}	535	}
532	fs_logger2(opstr[op], dir);	536	fs_logger2(opstr[op], dir);


diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index cfa0af078..45feadce1 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c
@@ -508,7 +508,7 @@ static void duplicate(char *name) {
508	ptr++;	508	ptr++;
509	if (asprintf(&path, "%s/%s", RUN_HOME_DIR, ptr) == -1)	509	if (asprintf(&path, "%s/%s", RUN_HOME_DIR, ptr) == -1)
510	errExit("asprintf");	510	errExit("asprintf");
511	mkdir_attr(path, 0755, getuid(), getgid());	511	create_empty_dir_as_user(path, 0755);
512	sbox_run(SBOX_USER\| SBOX_CAPS_NONE \| SBOX_SECCOMP, 3, PATH_FCOPY, fname, path);	512	sbox_run(SBOX_USER\| SBOX_CAPS_NONE \| SBOX_SECCOMP, 3, PATH_FCOPY, fname, path);
513	free(path);	513	free(path);
514	}	514	}


diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 995e98f9f..da942207e 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c
@@ -623,7 +623,8 @@ int sandbox(void* sandbox_arg) {
623	// ... and mount a tmpfs on top of /run/firejail/mnt directory	623	// ... and mount a tmpfs on top of /run/firejail/mnt directory
624	preproc_mount_mnt_dir();	624	preproc_mount_mnt_dir();
625	// bind-mount firejail binaries and helper programs	625	// bind-mount firejail binaries and helper programs
626	if (mount(LIBDIR "/firejail", RUN_FIREJAIL_LIB_DIR, "none", MS_BIND, NULL) < 0)	626	if (mount(LIBDIR "/firejail", RUN_FIREJAIL_LIB_DIR, NULL, MS_BIND, NULL) < 0 \|\|
		627	mount(NULL, RUN_FIREJAIL_LIB_DIR, NULL, MS_RDONLY\|MS_NOSUID\|MS_NODEV\|MS_BIND\|MS_REMOUNT, NULL) < 0)
627	errExit("mounting " RUN_FIREJAIL_LIB_DIR);	628	errExit("mounting " RUN_FIREJAIL_LIB_DIR);
628		629
629	//****************************	630	//****************************


diff --git a/src/firejail/x11.c b/src/firejail/x11.c index b390ad38e..d80f4df38 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c
@@ -1175,16 +1175,15 @@ void x11_xorg(void) {
1175		1175
1176	// move the temporary file in RUN_XAUTHORITY_SEC_FILE in order to have it deleted	1176	// move the temporary file in RUN_XAUTHORITY_SEC_FILE in order to have it deleted
1177	// automatically when the sandbox is closed (rename doesn't work)	1177	// automatically when the sandbox is closed (rename doesn't work)
1178	// root needed	1178	if (arg_debug)
1179	if (copy_file(tmpfname, RUN_XAUTHORITY_SEC_FILE, getuid(), getgid(), 0600)) {	1179	printf("Copying the new .Xauthority file\n");
1180	fprintf(stderr, "Error: cannot create the new .Xauthority file\n");	1180	copy_file_from_user_to_root(tmpfname, RUN_XAUTHORITY_SEC_FILE, getuid(), getgid(), 0600);
1181	exit(1);	1181
1182	}
1183	/* coverity[toctou] */	1182	/* coverity[toctou] */
1184	unlink(tmpfname);	1183	unlink(tmpfname);
1185	umount("/tmp");	1184	umount("/tmp");
1186		1185
1187	// remount RUN_XAUTHORITY_SEC_FILE noexec, nodev, nosuid	1186	// mount RUN_XAUTHORITY_SEC_FILE noexec, nodev, nosuid
1188	fs_remount(RUN_XAUTHORITY_SEC_FILE, MOUNT_NOEXEC, 0);	1187	fs_remount(RUN_XAUTHORITY_SEC_FILE, MOUNT_NOEXEC, 0);
1189		1188
1190	// Ensure there is already a file in the usual location, so that bind-mount below will work.	1189	// Ensure there is already a file in the usual location, so that bind-mount below will work.
@@ -1294,19 +1293,17 @@ void fs_x11(void) {
1294	if (mount("/tmp/.X11-unix", RUN_WHITELIST_X11_DIR, 0, MS_BIND\|MS_REC, 0) < 0)	1293	if (mount("/tmp/.X11-unix", RUN_WHITELIST_X11_DIR, 0, MS_BIND\|MS_REC, 0) < 0)
1295	errExit("mount bind");	1294	errExit("mount bind");
1296		1295
1297	// This directory must be mode 1777, or Xlib will barf.	1296	// This directory must be mode 1777
1298	if (mount("tmpfs", "/tmp/.X11-unix", "tmpfs",	1297	if (mount("tmpfs", "/tmp/.X11-unix", "tmpfs",
1299	MS_NOSUID \| MS_NOEXEC \| MS_NODEV \| MS_STRICTATIME,	1298	MS_NOSUID \| MS_NOEXEC \| MS_NODEV \| MS_STRICTATIME,
1300	"mode=1777,uid=0,gid=0") < 0)	1299	"mode=1777,uid=0,gid=0") < 0)
1301	errExit("mounting tmpfs on /tmp/.X11-unix");	1300	errExit("mounting tmpfs on /tmp/.X11-unix");
1302	fs_logger("tmpfs /tmp/.X11-unix");	1301	fs_logger("tmpfs /tmp/.X11-unix");
1303		1302
1304	// create an empty file which will have the desired socket bind-mounted over it	1303	// create an empty root-owned file which will have the desired socket bind-mounted over it
1305	int fd = open(x11file, O_RDWR\|O_CREAT\|O_EXCL, x11stat.st_mode & ~S_IFMT);	1304	int fd = open(x11file, O_RDONLY\|O_CREAT\|O_EXCL, S_IRUSR \| S_IWUSR);
1306	if (fd < 0)	1305	if (fd < 0)
1307	errExit(x11file);	1306	errExit(x11file);
1308	if (fchown(fd, x11stat.st_uid, x11stat.st_gid))
1309	errExit("fchown");
1310	close(fd);	1307	close(fd);
1311		1308
1312	// the mount source is under control of the user, so be careful and	1309	// the mount source is under control of the user, so be careful and