diff options
Diffstat (limited to 'src/firejail/fs_bin.c')
| -rw-r--r-- | src/firejail/fs_bin.c | 35 |
1 files changed, 22 insertions, 13 deletions
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c index 87d63c6e6..c3d24aaac 100644 --- a/src/firejail/fs_bin.c +++ b/src/firejail/fs_bin.c | |||
| @@ -26,10 +26,11 @@ | |||
| 26 | 26 | ||
| 27 | static char *paths[] = { | 27 | static char *paths[] = { |
| 28 | "/usr/local/bin", | 28 | "/usr/local/bin", |
| 29 | "/bin", | ||
| 30 | "/usr/bin", | 29 | "/usr/bin", |
| 31 | "/sbin", | 30 | "/bin", |
| 31 | "/usr/local/sbin", | ||
| 32 | "/usr/sbin", | 32 | "/usr/sbin", |
| 33 | "/sbin", | ||
| 33 | NULL | 34 | NULL |
| 34 | }; | 35 | }; |
| 35 | 36 | ||
| @@ -173,6 +174,7 @@ void fs_private_bin_list(void) { | |||
| 173 | 174 | ||
| 174 | // check bin paths | 175 | // check bin paths |
| 175 | int i = 0; | 176 | int i = 0; |
| 177 | #if 0 | ||
| 176 | while (paths[i]) { | 178 | while (paths[i]) { |
| 177 | struct stat s; | 179 | struct stat s; |
| 178 | if (stat(paths[i], &s) == -1) { | 180 | if (stat(paths[i], &s) == -1) { |
| @@ -181,6 +183,7 @@ void fs_private_bin_list(void) { | |||
| 181 | } | 183 | } |
| 182 | i++; | 184 | i++; |
| 183 | } | 185 | } |
| 186 | #endif | ||
| 184 | 187 | ||
| 185 | // create /tmp/firejail/mnt/bin directory | 188 | // create /tmp/firejail/mnt/bin directory |
| 186 | fs_build_mnt_dir(); | 189 | fs_build_mnt_dir(); |
| @@ -230,12 +233,15 @@ void fs_private_bin_list(void) { | |||
| 230 | // mount-bind | 233 | // mount-bind |
| 231 | i = 0; | 234 | i = 0; |
| 232 | while (paths[i]) { | 235 | while (paths[i]) { |
| 233 | if (arg_debug) | 236 | struct stat s; |
| 234 | printf("Mount-bind %s on top of %s\n", RUN_BIN_DIR, paths[i]); | 237 | if (stat(paths[i], &s) == 0) { |
| 235 | if (mount(RUN_BIN_DIR, paths[i], NULL, MS_BIND|MS_REC, NULL) < 0) | 238 | if (arg_debug) |
| 236 | errExit("mount bind"); | 239 | printf("Mount-bind %s on top of %s\n", RUN_BIN_DIR, paths[i]); |
| 237 | fs_logger2("tmpfs", paths[i]); | 240 | if (mount(RUN_BIN_DIR, paths[i], NULL, MS_BIND|MS_REC, NULL) < 0) |
| 238 | fs_logger2("mount", paths[i]); | 241 | errExit("mount bind"); |
| 242 | fs_logger2("tmpfs", paths[i]); | ||
| 243 | fs_logger2("mount", paths[i]); | ||
| 244 | } | ||
| 239 | i++; | 245 | i++; |
| 240 | } | 246 | } |
| 241 | 247 | ||
| @@ -249,11 +255,14 @@ void fs_private_bin_list(void) { | |||
| 249 | while (ptr) { | 255 | while (ptr) { |
| 250 | i = 0; | 256 | i = 0; |
| 251 | while (paths[i]) { | 257 | while (paths[i]) { |
| 252 | char *fname; | 258 | struct stat s; |
| 253 | if (asprintf(&fname, "%s/%s", paths[i], ptr) == -1) | 259 | if (stat(paths[i], &s) == 0) { |
| 254 | errExit("asprintf"); | 260 | char *fname; |
| 255 | fs_logger2("clone", fname); | 261 | if (asprintf(&fname, "%s/%s", paths[i], ptr) == -1) |
| 256 | free(fname); | 262 | errExit("asprintf"); |
| 263 | fs_logger2("clone", fname); | ||
| 264 | free(fname); | ||
| 265 | } | ||
| 257 | i++; | 266 | i++; |
| 258 | } | 267 | } |
| 259 | ptr = strtok(NULL, ","); | 268 | ptr = strtok(NULL, ","); |