1 files changed, 28 insertions, 29 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 5b8093885..c38317371 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -82,30 +82,6 @@ void fs_build_mnt_dir(void) {
        }
 }
-// build /tmp/firejail/overlay directory
-void fs_build_overlay_dir(void) {
-        struct stat s;
-        fs_build_firejail_dir();
-        
-        // create /tmp/firejail directory
-        if (stat(OVERLAY_DIR, &s)) {
-                if (arg_debug)
-                        printf("Creating %s directory\n", MNT_DIR);
-                /* coverity[toctou] */
-                int rv = mkdir(OVERLAY_DIR, S_IRWXU | S_IRWXG | S_IRWXO);
-                if (rv == -1)
-                        errExit("mkdir");       
-                if (chown(OVERLAY_DIR, 0, 0) < 0)
-                        errExit("chown");
-                if (chmod(OVERLAY_DIR, S_IRWXU  | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) < 0)
-                        errExit("chmod");
-        }
-}
 //***********************************************
 // process profile file
 //***********************************************
@@ -629,8 +605,25 @@ void fs_overlayfs(void) {
        if (chmod(oroot, S_IRWXU  | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) < 0)
                errExit("chmod");
+        char *basedir = MNT_DIR;
+        if (arg_overlay_keep) {
+                // check the directory exists
+                struct stat s;
+                if (stat("/myoverlay", &s) == -1) {
+                        fprintf(stderr, "Error: overlay directory should already exist\n");
+                        exit(1);
+                }
+                // set base for working and diff directories
+                basedir = cfg.overlay_dir;
+                if (mkdir(basedir, S_IRWXU | S_IRWXG | S_IRWXO) != 0) {
+                        fprintf(stderr, "Error: cannot create overlay directory\n");
+                        exit(1);
+                }
+        }
        char *odiff;
-        if(asprintf(&odiff, "%s/odiff", MNT_DIR) == -1)
+        if(asprintf(&odiff, "%s/odiff", basedir) == -1)
                errExit("asprintf");
        if (mkdir(odiff, S_IRWXU | S_IRWXG | S_IRWXO))
                errExit("mkdir");
@@ -638,9 +631,9 @@ void fs_overlayfs(void) {
                errExit("chown");
        if (chmod(odiff, S_IRWXU  | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) < 0)
                errExit("chmod");
+        
        char *owork;
-        if(asprintf(&owork, "%s/owork", MNT_DIR) == -1)
+        if(asprintf(&owork, "%s/owork", basedir) == -1)
                errExit("asprintf");
        if (mkdir(owork, S_IRWXU | S_IRWXG | S_IRWXO))
                errExit("mkdir");
@@ -648,12 +641,16 @@ void fs_overlayfs(void) {
                errExit("chown");
        if (chmod(owork, S_IRWXU  | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) < 0)
                errExit("chmod");
+        
        // mount overlayfs
        if (arg_debug)
                printf("Mounting OverlayFS\n");
        char *option;
        if (oldkernel) { // old Ubuntu/OpenSUSE kernels
+                if (arg_overlay_keep) {
+                        fprintf(stderr, "Error: option --overlay= not available for kernels older than 3.18\n");
+                        exit(1);
+                }
                if (asprintf(&option, "lowerdir=/,upperdir=%s", odiff) == -1)
                        errExit("asprintf");
                if (mount("overlayfs", oroot, "overlayfs", MS_MGC_VAL, option) < 0)
@@ -662,10 +659,12 @@ void fs_overlayfs(void) {
        else { // kernel 3.18 or newer
                if (asprintf(&option, "lowerdir=/,upperdir=%s,workdir=%s", odiff, owork) == -1)
                        errExit("asprintf");
+//printf("option #%s#\n", option);                      
                if (mount("overlay", oroot, "overlay", MS_MGC_VAL, option) < 0)
                        errExit("mounting overlayfs");
        }
+        printf("OverlayFS configured in %s directory\n", basedir);
+        
        // mount-bind dev directory
        if (arg_debug)
                printf("Mounting /dev\n");

diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 5b8093885..c38317371 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c
@@ -82,30 +82,6 @@ void fs_build_mnt_dir(void) {
82	}	82	}
83	}	83	}
84		84
85	// build /tmp/firejail/overlay directory
86	void fs_build_overlay_dir(void) {
87	struct stat s;
88	fs_build_firejail_dir();
89
90	// create /tmp/firejail directory
91	if (stat(OVERLAY_DIR, &s)) {
92	if (arg_debug)
93	printf("Creating %s directory\n", MNT_DIR);
94	/* coverity[toctou] */
95	int rv = mkdir(OVERLAY_DIR, S_IRWXU \| S_IRWXG \| S_IRWXO);
96	if (rv == -1)
97	errExit("mkdir");
98	if (chown(OVERLAY_DIR, 0, 0) < 0)
99	errExit("chown");
100	if (chmod(OVERLAY_DIR, S_IRWXU \| S_IRGRP \| S_IXGRP \| S_IROTH \| S_IXOTH) < 0)
101	errExit("chmod");
102	}
103	}
104
105
106
107
108
109	//***********************************************	85	//***********************************************
110	// process profile file	86	// process profile file
111	//***********************************************	87	//***********************************************
@@ -629,8 +605,25 @@ void fs_overlayfs(void) {
629	if (chmod(oroot, S_IRWXU \| S_IRGRP \| S_IXGRP \| S_IROTH \| S_IXOTH) < 0)	605	if (chmod(oroot, S_IRWXU \| S_IRGRP \| S_IXGRP \| S_IROTH \| S_IXOTH) < 0)
630	errExit("chmod");	606	errExit("chmod");
631		607
		608	char *basedir = MNT_DIR;
		609	if (arg_overlay_keep) {
		610	// check the directory exists
		611	struct stat s;
		612	if (stat("/myoverlay", &s) == -1) {
		613	fprintf(stderr, "Error: overlay directory should already exist\n");
		614	exit(1);
		615	}
		616
		617	// set base for working and diff directories
		618	basedir = cfg.overlay_dir;
		619	if (mkdir(basedir, S_IRWXU \| S_IRWXG \| S_IRWXO) != 0) {
		620	fprintf(stderr, "Error: cannot create overlay directory\n");
		621	exit(1);
		622	}
		623	}
		624
632	char *odiff;	625	char *odiff;
633	if(asprintf(&odiff, "%s/odiff", MNT_DIR) == -1)	626	if(asprintf(&odiff, "%s/odiff", basedir) == -1)
634	errExit("asprintf");	627	errExit("asprintf");
635	if (mkdir(odiff, S_IRWXU \| S_IRWXG \| S_IRWXO))	628	if (mkdir(odiff, S_IRWXU \| S_IRWXG \| S_IRWXO))
636	errExit("mkdir");	629	errExit("mkdir");
@@ -638,9 +631,9 @@ void fs_overlayfs(void) {
638	errExit("chown");	631	errExit("chown");
639	if (chmod(odiff, S_IRWXU \| S_IRGRP \| S_IXGRP \| S_IROTH \| S_IXOTH) < 0)	632	if (chmod(odiff, S_IRWXU \| S_IRGRP \| S_IXGRP \| S_IROTH \| S_IXOTH) < 0)
640	errExit("chmod");	633	errExit("chmod");
641		634
642	char *owork;	635	char *owork;
643	if(asprintf(&owork, "%s/owork", MNT_DIR) == -1)	636	if(asprintf(&owork, "%s/owork", basedir) == -1)
644	errExit("asprintf");	637	errExit("asprintf");
645	if (mkdir(owork, S_IRWXU \| S_IRWXG \| S_IRWXO))	638	if (mkdir(owork, S_IRWXU \| S_IRWXG \| S_IRWXO))
646	errExit("mkdir");	639	errExit("mkdir");
@@ -648,12 +641,16 @@ void fs_overlayfs(void) {
648	errExit("chown");	641	errExit("chown");
649	if (chmod(owork, S_IRWXU \| S_IRGRP \| S_IXGRP \| S_IROTH \| S_IXOTH) < 0)	642	if (chmod(owork, S_IRWXU \| S_IRGRP \| S_IXGRP \| S_IROTH \| S_IXOTH) < 0)
650	errExit("chmod");	643	errExit("chmod");
651		644
652	// mount overlayfs	645	// mount overlayfs
653	if (arg_debug)	646	if (arg_debug)
654	printf("Mounting OverlayFS\n");	647	printf("Mounting OverlayFS\n");
655	char *option;	648	char *option;
656	if (oldkernel) { // old Ubuntu/OpenSUSE kernels	649	if (oldkernel) { // old Ubuntu/OpenSUSE kernels
		650	if (arg_overlay_keep) {
		651	fprintf(stderr, "Error: option --overlay= not available for kernels older than 3.18\n");
		652	exit(1);
		653	}
657	if (asprintf(&option, "lowerdir=/,upperdir=%s", odiff) == -1)	654	if (asprintf(&option, "lowerdir=/,upperdir=%s", odiff) == -1)
658	errExit("asprintf");	655	errExit("asprintf");
659	if (mount("overlayfs", oroot, "overlayfs", MS_MGC_VAL, option) < 0)	656	if (mount("overlayfs", oroot, "overlayfs", MS_MGC_VAL, option) < 0)
@@ -662,10 +659,12 @@ void fs_overlayfs(void) {
662	else { // kernel 3.18 or newer	659	else { // kernel 3.18 or newer
663	if (asprintf(&option, "lowerdir=/,upperdir=%s,workdir=%s", odiff, owork) == -1)	660	if (asprintf(&option, "lowerdir=/,upperdir=%s,workdir=%s", odiff, owork) == -1)
664	errExit("asprintf");	661	errExit("asprintf");
		662	//printf("option #%s#\n", option);
665	if (mount("overlay", oroot, "overlay", MS_MGC_VAL, option) < 0)	663	if (mount("overlay", oroot, "overlay", MS_MGC_VAL, option) < 0)
666	errExit("mounting overlayfs");	664	errExit("mounting overlayfs");
667	}	665	}
668		666	printf("OverlayFS configured in %s directory\n", basedir);
		667
669	// mount-bind dev directory	668	// mount-bind dev directory
670	if (arg_debug)	669	if (arg_debug)
671	printf("Mounting /dev\n");	670	printf("Mounting /dev\n");