diff options
Diffstat (limited to 'src/firejail/fs.c')
-rw-r--r-- | src/firejail/fs.c | 44 |
1 files changed, 40 insertions, 4 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 24ff553d7..8db14d502 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -641,8 +641,26 @@ void fs_proc_sys_dev_boot(void) { | |||
641 | char *fnamegpg; | 641 | char *fnamegpg; |
642 | if (asprintf(&fnamegpg, "/run/user/%d/gnupg", getuid()) == -1) | 642 | if (asprintf(&fnamegpg, "/run/user/%d/gnupg", getuid()) == -1) |
643 | errExit("asprintf"); | 643 | errExit("asprintf"); |
644 | if (stat(fnamegpg, &s) == -1) | 644 | if (stat(fnamegpg, &s) == -1) { |
645 | mkdir_attr(fnamegpg, 0700, getuid(), getgid()); | 645 | pid_t child = fork(); |
646 | if (child < 0) | ||
647 | errExit("fork"); | ||
648 | if (child == 0) { | ||
649 | // drop privileges | ||
650 | drop_privs(0); | ||
651 | if (mkdir(fnamegpg, 0700) == -1) | ||
652 | {;} // do nothing | ||
653 | if (set_perms(fnamegpg, -1, -1, 0700)) | ||
654 | {;} | ||
655 | #ifdef HAVE_GCOV | ||
656 | __gcov_flush(); | ||
657 | #endif | ||
658 | _exit(0); | ||
659 | } | ||
660 | // wait for the child to finish | ||
661 | waitpid(child, NULL, 0); | ||
662 | fs_logger2("create", fnamegpg); | ||
663 | } | ||
646 | if (stat(fnamegpg, &s) == 0) | 664 | if (stat(fnamegpg, &s) == 0) |
647 | disable_file(BLACKLIST_FILE, fnamegpg); | 665 | disable_file(BLACKLIST_FILE, fnamegpg); |
648 | free(fnamegpg); | 666 | free(fnamegpg); |
@@ -651,8 +669,26 @@ void fs_proc_sys_dev_boot(void) { | |||
651 | char *fnamesysd; | 669 | char *fnamesysd; |
652 | if (asprintf(&fnamesysd, "/run/user/%d/systemd", getuid()) == -1) | 670 | if (asprintf(&fnamesysd, "/run/user/%d/systemd", getuid()) == -1) |
653 | errExit("asprintf"); | 671 | errExit("asprintf"); |
654 | if (stat(fnamesysd, &s) == -1) | 672 | if (stat(fnamesysd, &s) == -1) { |
655 | mkdir_attr(fnamesysd, 0755, getuid(), getgid()); | 673 | pid_t child = fork(); |
674 | if (child < 0) | ||
675 | errExit("fork"); | ||
676 | if (child == 0) { | ||
677 | // drop privileges | ||
678 | drop_privs(0); | ||
679 | if (mkdir(fnamesysd, 0755) == -1) | ||
680 | {;} // do nothing | ||
681 | if (set_perms(fnamesysd, -1, -1, 0755)) | ||
682 | {;} | ||
683 | #ifdef HAVE_GCOV | ||
684 | __gcov_flush(); | ||
685 | #endif | ||
686 | _exit(0); | ||
687 | } | ||
688 | // wait for the child to finish | ||
689 | waitpid(child, NULL, 0); | ||
690 | fs_logger2("create", fnamesysd); | ||
691 | } | ||
656 | if (stat(fnamesysd, &s) == 0) | 692 | if (stat(fnamesysd, &s) == 0) |
657 | disable_file(BLACKLIST_FILE, fnamesysd); | 693 | disable_file(BLACKLIST_FILE, fnamesysd); |
658 | free(fnamesysd); | 694 | free(fnamesysd); |