diff options
Diffstat (limited to 'src/firejail/fs.c')
| -rw-r--r-- | src/firejail/fs.c | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index f6aba7048..fa66da617 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
| @@ -97,7 +97,7 @@ static void disable_file(OPERATION op, const char *filename) { | |||
| 97 | return; | 97 | return; |
| 98 | if (stat(fname, &s) == -1) { | 98 | if (stat(fname, &s) == -1) { |
| 99 | if (arg_debug) | 99 | if (arg_debug) |
| 100 | printf("Warning: %s does not exist, skipping...\n", fname); | 100 | fwarning("%s does not exist, skipping...\n", fname); |
| 101 | free(fname); | 101 | free(fname); |
| 102 | return; | 102 | return; |
| 103 | } | 103 | } |
| @@ -108,8 +108,7 @@ static void disable_file(OPERATION op, const char *filename) { | |||
| 108 | if ((strcmp(fname, "/bin") == 0 || strcmp(fname, "/usr/bin") == 0) && | 108 | if ((strcmp(fname, "/bin") == 0 || strcmp(fname, "/usr/bin") == 0) && |
| 109 | is_link(filename) && | 109 | is_link(filename) && |
| 110 | S_ISDIR(s.st_mode)) { | 110 | S_ISDIR(s.st_mode)) { |
| 111 | if (!arg_quiet) | 111 | fwarning("%s directory link was not blacklisted\n", filename); |
| 112 | fprintf(stderr, "Warning: %s directory link was not blacklisted\n", filename); | ||
| 113 | } | 112 | } |
| 114 | else { | 113 | else { |
| 115 | if (arg_debug) { | 114 | if (arg_debug) { |
| @@ -175,7 +174,7 @@ static void disable_file(OPERATION op, const char *filename) { | |||
| 175 | fs_logger2("tmpfs", fname); | 174 | fs_logger2("tmpfs", fname); |
| 176 | } | 175 | } |
| 177 | else | 176 | else |
| 178 | printf("Warning: %s is not a directory; cannot mount a tmpfs on top of it.\n", fname); | 177 | fwarning("%s is not a directory; cannot mount a tmpfs on top of it.\n", fname); |
| 179 | } | 178 | } |
| 180 | else | 179 | else |
| 181 | assert(0); | 180 | assert(0); |
| @@ -444,8 +443,7 @@ static void fs_rdwr(const char *dir) { | |||
| 444 | // if the file is outside /home directory, allow only root user | 443 | // if the file is outside /home directory, allow only root user |
| 445 | uid_t u = getuid(); | 444 | uid_t u = getuid(); |
| 446 | if (u != 0 && s.st_uid != u) { | 445 | if (u != 0 && s.st_uid != u) { |
| 447 | if (!arg_quiet) | 446 | fwarning("you are not allowed to change %s to read-write\n", dir); |
| 448 | fprintf(stderr, "Warning: you are not allowed to change %s to read-write\n", dir); | ||
| 449 | return; | 447 | return; |
| 450 | } | 448 | } |
| 451 | 449 | ||
| @@ -501,9 +499,9 @@ void fs_proc_sys_dev_boot(void) { | |||
| 501 | if (arg_debug) | 499 | if (arg_debug) |
| 502 | printf("Remounting /sys directory\n"); | 500 | printf("Remounting /sys directory\n"); |
| 503 | if (umount2("/sys", MNT_DETACH) < 0) | 501 | if (umount2("/sys", MNT_DETACH) < 0) |
| 504 | fprintf(stderr, "Warning: failed to unmount /sys\n"); | 502 | fwarning("failed to unmount /sys\n"); |
| 505 | if (mount("sysfs", "/sys", "sysfs", MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REC, NULL) < 0) | 503 | if (mount("sysfs", "/sys", "sysfs", MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REC, NULL) < 0) |
| 506 | fprintf(stderr, "Warning: failed to mount /sys\n"); | 504 | fwarning("failed to mount /sys\n"); |
| 507 | else | 505 | else |
| 508 | fs_logger("remount /sys"); | 506 | fs_logger("remount /sys"); |
| 509 | 507 | ||
| @@ -913,7 +911,8 @@ void fs_overlayfs(void) { | |||
| 913 | // issue #263 end code | 911 | // issue #263 end code |
| 914 | //*************************** | 912 | //*************************** |
| 915 | } | 913 | } |
| 916 | printf("OverlayFS configured in %s directory\n", basedir); | 914 | if (!arg_quiet) |
| 915 | printf("OverlayFS configured in %s directory\n", basedir); | ||
| 917 | 916 | ||
| 918 | // mount-bind dev directory | 917 | // mount-bind dev directory |
| 919 | if (arg_debug) | 918 | if (arg_debug) |
| @@ -943,7 +942,7 @@ void fs_overlayfs(void) { | |||
| 943 | if (asprintf(&x11, "%s/tmp/.X11-unix", oroot) == -1) | 942 | if (asprintf(&x11, "%s/tmp/.X11-unix", oroot) == -1) |
| 944 | errExit("asprintf"); | 943 | errExit("asprintf"); |
| 945 | if (mount("/tmp/.X11-unix", x11, NULL, MS_BIND|MS_REC, NULL) < 0) | 944 | if (mount("/tmp/.X11-unix", x11, NULL, MS_BIND|MS_REC, NULL) < 0) |
| 946 | fprintf(stderr, "Warning: cannot mount /tmp/.X11-unix in overlay\n"); | 945 | fwarning("cannot mount /tmp/.X11-unix in overlay\n"); |
| 947 | else | 946 | else |
| 948 | fs_logger("whitelist /tmp/.X11-unix"); | 947 | fs_logger("whitelist /tmp/.X11-unix"); |
| 949 | free(x11); | 948 | free(x11); |
| @@ -1172,7 +1171,7 @@ void fs_chroot(const char *rootdir) { | |||
| 1172 | exit(1); | 1171 | exit(1); |
| 1173 | } | 1172 | } |
| 1174 | if (copy_file("/etc/resolv.conf", fname, 0, 0, 0644) == -1) // root needed | 1173 | if (copy_file("/etc/resolv.conf", fname, 0, 0, 0644) == -1) // root needed |
| 1175 | fprintf(stderr, "Warning: /etc/resolv.conf not initialized\n"); | 1174 | fwarning("/etc/resolv.conf not initialized\n"); |
| 1176 | } | 1175 | } |
| 1177 | 1176 | ||
| 1178 | // chroot into the new directory | 1177 | // chroot into the new directory |