1 files changed, 176 insertions, 0 deletions
diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c
new file mode 100644
index 000000000..a658173eb
--- /dev/null
+++ b/src/firejail/appimage.c
@@ -0,0 +1,176 @@
+/*
+ * Copyright (C) 2014-2016 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+// http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=770fe30a46a12b6fb6b63fbe1737654d28e84844
+// sudo mount -o loop krita-3.0-x86_64.appimage mnt
+#include "firejail.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mount.h>
+#include <fcntl.h>
+#include <linux/loop.h>
+#include <errno.h>
+static char *devloop = NULL;    // device file 
+static char *mntdir = NULL;     // mount point in /tmp directory
+const char *appimage_getdir(void) {
+        return mntdir;
+}
+void appimage_set(const char *appimage_path) {
+        assert(appimage_path);
+        assert(devloop == NULL);        // don't call this twice!
+        EUID_ASSERT();
+        
+#ifdef LOOP_CTL_GET_FREE        // test for older kernels; this definition is found in /usr/include/linux/loop.h
+        // check appimage_path
+        if (access(appimage_path, R_OK) == -1) {
+                fprintf(stderr, "Error: cannot access AppImage file\n");
+                exit(1);
+        }
+        // get appimage type and ELF size
+        // a value of 0 means we are dealing with a type1 appimage
+        long unsigned int size = appimage2_size(appimage_path);
+        if (arg_debug)
+                printf("AppImage ELF size %lu\n", size);
+        // open as user to prevent race condition
+        int ffd = open(appimage_path, O_RDONLY|O_CLOEXEC);
+        if (ffd == -1) {
+                fprintf(stderr, "Error: /dev/loop-control interface is not supported by your kernel\n");
+                exit(1);
+        }
+        // find or allocate a free loop device to use
+        EUID_ROOT();
+        int cfd = open("/dev/loop-control", O_RDWR);
+        int devnr = ioctl(cfd, LOOP_CTL_GET_FREE);
+        if (devnr == -1) {
+                fprintf(stderr, "Error: cannot allocate a new loopback device\n");
+                exit(1);
+        }
+        close(cfd);
+        if (asprintf(&devloop, "/dev/loop%d", devnr) == -1)
+                errExit("asprintf");
+                
+        int lfd = open(devloop, O_RDONLY);
+        if (ioctl(lfd, LOOP_SET_FD, ffd) == -1) {
+                fprintf(stderr, "Error: cannot configure the loopback device\n");
+                exit(1);
+        }
+        
+        if (size) {
+                struct loop_info64 info;
+                memset(&info, 0, sizeof(struct loop_info64));
+                info.lo_offset = size;
+                if (ioctl(lfd,  LOOP_SET_STATUS64, &info) == -1)
+                        errExit("configure appimage offset");
+        }
+        
+        close(lfd);
+        close(ffd);
+        EUID_USER();
+        // creates appimage mount point perms 0700
+        if (asprintf(&mntdir, "%s/.appimage-%u",  RUN_FIREJAIL_APPIMAGE_DIR, getpid()) == -1)
+                errExit("asprintf");
+        EUID_ROOT();
+        mkdir_attr(mntdir, 0700, getuid(), getgid());
+        EUID_USER();
+        
+        // mount
+        char *mode;
+        if (asprintf(&mode, "mode=700,uid=%d,gid=%d", getuid(), getgid()) == -1)
+                errExit("asprintf");
+        EUID_ROOT();
+        
+        if (size == 0) {
+                if (mount(devloop, mntdir, "iso9660",MS_MGC_VAL|MS_RDONLY,  mode) < 0)
+                        errExit("mounting appimage");
+        }
+        else {
+                if (mount(devloop, mntdir, "squashfs",MS_MGC_VAL|MS_RDONLY,  mode) < 0)
+                        errExit("mounting appimage");
+        }
+        if (arg_debug)
+                printf("appimage mounted on %s\n", mntdir);
+        EUID_USER();
+        // set environment
+        if (appimage_path && setenv("APPIMAGE", appimage_path, 1) < 0)
+                errExit("setenv");
+        if (mntdir && setenv("APPDIR", mntdir, 1) < 0)
+                errExit("setenv");
+        // build new command line
+        if (asprintf(&cfg.command_line, "%s/AppRun", mntdir) == -1)
+                errExit("asprintf");
+        
+        free(mode);
+#ifdef HAVE_GCOV
+        __gcov_flush();
+#endif
+#else
+        fprintf(stderr, "Error: /dev/loop-control interface is not supported by your kernel\n");
+        exit(1);
+#endif
+}
+void appimage_clear(void) {
+        int rv;
+        EUID_ROOT();
+        if (mntdir) {
+                int i;
+                int rv = 0;
+                for (i = 0; i < 5; i++) {
+                        rv = umount2(mntdir, MNT_FORCE);
+                        if (rv == 0)
+                                break;
+                        if (rv == -1 && errno == EBUSY) {
+                                if (!arg_quiet)
+                                        printf("Warning: EBUSY error trying to unmount %s\n", mntdir);                  
+                                sleep(2);
+                                continue;
+                        }
+                        
+                        // rv = -1
+                        if (!arg_quiet) {
+                                printf("Warning: error trying to unmount %s\n", mntdir);
+                                perror("umount");
+                        }
+                }
+                
+                if (rv == 0) {
+                        rmdir(mntdir);
+                        free(mntdir);
+                }
+        }
+        if (devloop) {
+                int lfd = open(devloop, O_RDONLY);
+                rv = ioctl(lfd, LOOP_CLR_FD, 0);
+                (void) rv;
+                close(lfd);
+        }
+}

diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c new file mode 100644 index 000000000..a658173eb --- /dev/null +++ b/src/firejail/appimage.c
@@ -0,0 +1,176 @@
	1	/*
	2	* Copyright (C) 2014-2016 Firejail Authors
	3	*
	4	* This file is part of firejail project
	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License as published by
	8	* the Free Software Foundation; either version 2 of the License, or
	9	* (at your option) any later version.
	10	*
	11	* This program is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	* GNU General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU General Public License along
	17	* with this program; if not, write to the Free Software Foundation, Inc.,
	18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	19	*/
	20	// http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=770fe30a46a12b6fb6b63fbe1737654d28e84844
	21	// sudo mount -o loop krita-3.0-x86_64.appimage mnt
	22
	23	#include "firejail.h"
	24	#include <sys/types.h>
	25	#include <sys/stat.h>
	26	#include <sys/mount.h>
	27	#include <fcntl.h>
	28	#include <linux/loop.h>
	29	#include <errno.h>
	30
	31	static char *devloop = NULL; // device file
	32	static char *mntdir = NULL; // mount point in /tmp directory
	33
	34	const char *appimage_getdir(void) {
	35	return mntdir;
	36	}
	37
	38	void appimage_set(const char *appimage_path) {
	39	assert(appimage_path);
	40	assert(devloop == NULL); // don't call this twice!
	41	EUID_ASSERT();
	42
	43	#ifdef LOOP_CTL_GET_FREE // test for older kernels; this definition is found in /usr/include/linux/loop.h
	44	// check appimage_path
	45	if (access(appimage_path, R_OK) == -1) {
	46	fprintf(stderr, "Error: cannot access AppImage file\n");
	47	exit(1);
	48	}
	49
	50	// get appimage type and ELF size
	51	// a value of 0 means we are dealing with a type1 appimage
	52	long unsigned int size = appimage2_size(appimage_path);
	53	if (arg_debug)
	54	printf("AppImage ELF size %lu\n", size);
	55
	56	// open as user to prevent race condition
	57	int ffd = open(appimage_path, O_RDONLY\|O_CLOEXEC);
	58	if (ffd == -1) {
	59	fprintf(stderr, "Error: /dev/loop-control interface is not supported by your kernel\n");
	60	exit(1);
	61	}
	62
	63	// find or allocate a free loop device to use
	64	EUID_ROOT();
	65	int cfd = open("/dev/loop-control", O_RDWR);
	66	int devnr = ioctl(cfd, LOOP_CTL_GET_FREE);
	67	if (devnr == -1) {
	68	fprintf(stderr, "Error: cannot allocate a new loopback device\n");
	69	exit(1);
	70	}
	71	close(cfd);
	72	if (asprintf(&devloop, "/dev/loop%d", devnr) == -1)
	73	errExit("asprintf");
	74
	75	int lfd = open(devloop, O_RDONLY);
	76	if (ioctl(lfd, LOOP_SET_FD, ffd) == -1) {
	77	fprintf(stderr, "Error: cannot configure the loopback device\n");
	78	exit(1);
	79	}
	80
	81	if (size) {
	82	struct loop_info64 info;
	83	memset(&info, 0, sizeof(struct loop_info64));
	84	info.lo_offset = size;
	85	if (ioctl(lfd, LOOP_SET_STATUS64, &info) == -1)
	86	errExit("configure appimage offset");
	87	}
	88
	89	close(lfd);
	90	close(ffd);
	91	EUID_USER();
	92
	93	// creates appimage mount point perms 0700
	94	if (asprintf(&mntdir, "%s/.appimage-%u", RUN_FIREJAIL_APPIMAGE_DIR, getpid()) == -1)
	95	errExit("asprintf");
	96	EUID_ROOT();
	97	mkdir_attr(mntdir, 0700, getuid(), getgid());
	98	EUID_USER();
	99
	100	// mount
	101	char *mode;
	102	if (asprintf(&mode, "mode=700,uid=%d,gid=%d", getuid(), getgid()) == -1)
	103	errExit("asprintf");
	104	EUID_ROOT();
	105
	106	if (size == 0) {
	107	if (mount(devloop, mntdir, "iso9660",MS_MGC_VAL\|MS_RDONLY, mode) < 0)
	108	errExit("mounting appimage");
	109	}
	110	else {
	111	if (mount(devloop, mntdir, "squashfs",MS_MGC_VAL\|MS_RDONLY, mode) < 0)
	112	errExit("mounting appimage");
	113	}
	114
	115	if (arg_debug)
	116	printf("appimage mounted on %s\n", mntdir);
	117	EUID_USER();
	118
	119	// set environment
	120	if (appimage_path && setenv("APPIMAGE", appimage_path, 1) < 0)
	121	errExit("setenv");
	122	if (mntdir && setenv("APPDIR", mntdir, 1) < 0)
	123	errExit("setenv");
	124
	125	// build new command line
	126	if (asprintf(&cfg.command_line, "%s/AppRun", mntdir) == -1)
	127	errExit("asprintf");
	128
	129	free(mode);
	130	#ifdef HAVE_GCOV
	131	__gcov_flush();
	132	#endif
	133	#else
	134	fprintf(stderr, "Error: /dev/loop-control interface is not supported by your kernel\n");
	135	exit(1);
	136	#endif
	137	}
	138
	139	void appimage_clear(void) {
	140	int rv;
	141
	142	EUID_ROOT();
	143	if (mntdir) {
	144	int i;
	145	int rv = 0;
	146	for (i = 0; i < 5; i++) {
	147	rv = umount2(mntdir, MNT_FORCE);
	148	if (rv == 0)
	149	break;
	150	if (rv == -1 && errno == EBUSY) {
	151	if (!arg_quiet)
	152	printf("Warning: EBUSY error trying to unmount %s\n", mntdir);
	153	sleep(2);
	154	continue;
	155	}
	156
	157	// rv = -1
	158	if (!arg_quiet) {
	159	printf("Warning: error trying to unmount %s\n", mntdir);
	160	perror("umount");
	161	}
	162	}
	163
	164	if (rv == 0) {
	165	rmdir(mntdir);
	166	free(mntdir);
	167	}
	168	}
	169
	170	if (devloop) {
	171	int lfd = open(devloop, O_RDONLY);
	172	rv = ioctl(lfd, LOOP_CLR_FD, 0);
	173	(void) rv;
	174	close(lfd);
	175	}
	176	}