diff options
Diffstat (limited to 'src/firejail/fs.c')
-rw-r--r-- | src/firejail/fs.c | 66 |
1 files changed, 4 insertions, 62 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 49074f525..c689a49fa 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -767,26 +767,7 @@ void fs_proc_sys_dev_boot(void) { | |||
767 | char *fnamegpg; | 767 | char *fnamegpg; |
768 | if (asprintf(&fnamegpg, "/run/user/%d/gnupg", getuid()) == -1) | 768 | if (asprintf(&fnamegpg, "/run/user/%d/gnupg", getuid()) == -1) |
769 | errExit("asprintf"); | 769 | errExit("asprintf"); |
770 | if (stat(fnamegpg, &s) == -1) { | 770 | create_empty_dir_as_user(fnamegpg, 0700); |
771 | pid_t child = fork(); | ||
772 | if (child < 0) | ||
773 | errExit("fork"); | ||
774 | if (child == 0) { | ||
775 | // drop privileges | ||
776 | drop_privs(0); | ||
777 | if (mkdir(fnamegpg, 0700) == 0) { | ||
778 | if (chmod(fnamegpg, 0700) == -1) | ||
779 | {;} // do nothing | ||
780 | } | ||
781 | #ifdef HAVE_GCOV | ||
782 | __gcov_flush(); | ||
783 | #endif | ||
784 | _exit(0); | ||
785 | } | ||
786 | // wait for the child to finish | ||
787 | waitpid(child, NULL, 0); | ||
788 | fs_logger2("create", fnamegpg); | ||
789 | } | ||
790 | if (stat(fnamegpg, &s) == 0) | 771 | if (stat(fnamegpg, &s) == 0) |
791 | disable_file(BLACKLIST_FILE, fnamegpg); | 772 | disable_file(BLACKLIST_FILE, fnamegpg); |
792 | free(fnamegpg); | 773 | free(fnamegpg); |
@@ -795,26 +776,7 @@ void fs_proc_sys_dev_boot(void) { | |||
795 | char *fnamesysd; | 776 | char *fnamesysd; |
796 | if (asprintf(&fnamesysd, "/run/user/%d/systemd", getuid()) == -1) | 777 | if (asprintf(&fnamesysd, "/run/user/%d/systemd", getuid()) == -1) |
797 | errExit("asprintf"); | 778 | errExit("asprintf"); |
798 | if (stat(fnamesysd, &s) == -1) { | 779 | create_empty_dir_as_user(fnamesysd, 0755); |
799 | pid_t child = fork(); | ||
800 | if (child < 0) | ||
801 | errExit("fork"); | ||
802 | if (child == 0) { | ||
803 | // drop privileges | ||
804 | drop_privs(0); | ||
805 | if (mkdir(fnamesysd, 0755) == 0) { | ||
806 | if (chmod(fnamesysd, 0755) == -1) | ||
807 | {;} // do nothing | ||
808 | } | ||
809 | #ifdef HAVE_GCOV | ||
810 | __gcov_flush(); | ||
811 | #endif | ||
812 | _exit(0); | ||
813 | } | ||
814 | // wait for the child to finish | ||
815 | waitpid(child, NULL, 0); | ||
816 | fs_logger2("create", fnamesysd); | ||
817 | } | ||
818 | if (stat(fnamesysd, &s) == 0) | 780 | if (stat(fnamesysd, &s) == 0) |
819 | disable_file(BLACKLIST_FILE, fnamesysd); | 781 | disable_file(BLACKLIST_FILE, fnamesysd); |
820 | free(fnamesysd); | 782 | free(fnamesysd); |
@@ -924,31 +886,11 @@ char *fs_check_overlay_dir(const char *subdirname, int allow_reuse) { | |||
924 | } | 886 | } |
925 | else { | 887 | else { |
926 | // create ~/.firejail directory | 888 | // create ~/.firejail directory |
927 | pid_t child = fork(); | 889 | create_empty_dir_as_user(dirname, 0700); |
928 | if (child < 0) | ||
929 | errExit("fork"); | ||
930 | if (child == 0) { | ||
931 | // drop privileges | ||
932 | drop_privs(0); | ||
933 | |||
934 | // create directory | ||
935 | if (mkdir(dirname, 0700)) | ||
936 | errExit("mkdir"); | ||
937 | if (chmod(dirname, 0700) == -1) | ||
938 | errExit("chmod"); | ||
939 | ASSERT_PERMS(dirname, getuid(), getgid(), 0700); | ||
940 | #ifdef HAVE_GCOV | ||
941 | __gcov_flush(); | ||
942 | #endif | ||
943 | _exit(0); | ||
944 | } | ||
945 | // wait for the child to finish | ||
946 | waitpid(child, NULL, 0); | ||
947 | if (stat(dirname, &s) == -1) { | 890 | if (stat(dirname, &s) == -1) { |
948 | fprintf(stderr, "Error: cannot create ~/.firejail directory\n"); | 891 | fprintf(stderr, "Error: cannot create directory %s\n", dirname); |
949 | exit(1); | 892 | exit(1); |
950 | } | 893 | } |
951 | fs_logger2("create", dirname); | ||
952 | } | 894 | } |
953 | free(dirname); | 895 | free(dirname); |
954 | 896 | ||