diff options
Diffstat (limited to 'src/firejail/fs.c')
-rw-r--r-- | src/firejail/fs.c | 36 |
1 files changed, 34 insertions, 2 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index d7764accd..0da4cc111 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -711,10 +711,36 @@ char *fs_check_overlay_dir(const char *subdirname, int allow_reuse) { | |||
711 | // create ~/.firejail directory | 711 | // create ~/.firejail directory |
712 | if (asprintf(&dirname, "%s/.firejail", cfg.homedir) == -1) | 712 | if (asprintf(&dirname, "%s/.firejail", cfg.homedir) == -1) |
713 | errExit("asprintf"); | 713 | errExit("asprintf"); |
714 | |||
715 | if (is_link(dirname)) { | ||
716 | fprintf(stderr, "Error: invalid ~/.firejail directory\n"); | ||
717 | exit(1); | ||
718 | } | ||
714 | if (stat(dirname, &s) == -1) { | 719 | if (stat(dirname, &s) == -1) { |
715 | mkdir_attr(dirname, 0700, 0, 0); | 720 | // create directory |
721 | pid_t child = fork(); | ||
722 | if (child < 0) | ||
723 | errExit("fork"); | ||
724 | if (child == 0) { | ||
725 | // drop privileges | ||
726 | drop_privs(0); | ||
727 | |||
728 | // create directory | ||
729 | if (mkdir(dirname, 0700)) | ||
730 | errExit("mkdir"); | ||
731 | if (chmod(dirname, 0700) == -1) | ||
732 | errExit("chmod"); | ||
733 | ASSERT_PERMS(dirname, getuid(), getgid(), 0700); | ||
734 | _exit(0); | ||
735 | } | ||
736 | // wait for the child to finish | ||
737 | waitpid(child, NULL, 0); | ||
738 | if (stat(dirname, &s) == -1) { | ||
739 | fprintf(stderr, "Error: cannot create ~/.firejail directory\n"); | ||
740 | exit(1); | ||
741 | } | ||
716 | } | 742 | } |
717 | else if (is_link(dirname)) { | 743 | else if (s.st_uid != getuid()) { |
718 | fprintf(stderr, "Error: invalid ~/.firejail directory\n"); | 744 | fprintf(stderr, "Error: invalid ~/.firejail directory\n"); |
719 | exit(1); | 745 | exit(1); |
720 | } | 746 | } |
@@ -1141,10 +1167,16 @@ void fs_chroot(const char *rootdir) { | |||
1141 | free(newx11); | 1167 | free(newx11); |
1142 | } | 1168 | } |
1143 | 1169 | ||
1170 | // some older distros don't have a /run directory | ||
1171 | // create one by default | ||
1144 | // create /run/firejail directory in chroot | 1172 | // create /run/firejail directory in chroot |
1145 | char *rundir; | 1173 | char *rundir; |
1146 | if (asprintf(&rundir, "%s/run", rootdir) == -1) | 1174 | if (asprintf(&rundir, "%s/run", rootdir) == -1) |
1147 | errExit("asprintf"); | 1175 | errExit("asprintf"); |
1176 | if (is_link(rundir)) { | ||
1177 | fprintf(stderr, "Error: invalid run directory inside chroot\n"); | ||
1178 | exit(1); | ||
1179 | } | ||
1148 | create_empty_dir_as_root(rundir, 0755); | 1180 | create_empty_dir_as_root(rundir, 0755); |
1149 | free(rundir); | 1181 | free(rundir); |
1150 | if (asprintf(&rundir, "%s/run/firejail", rootdir) == -1) | 1182 | if (asprintf(&rundir, "%s/run/firejail", rootdir) == -1) |