diff options
Diffstat (limited to 'src/firejail/fs_home.c')
-rw-r--r-- | src/firejail/fs_home.c | 118 |
1 files changed, 97 insertions, 21 deletions
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index f5e545bf3..4de082b06 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -106,6 +106,14 @@ static int store_xauthority(void) { | |||
106 | // put a copy of .Xauthority in XAUTHORITY_FILE | 106 | // put a copy of .Xauthority in XAUTHORITY_FILE |
107 | char *src; | 107 | char *src; |
108 | char *dest = RUN_XAUTHORITY_FILE; | 108 | char *dest = RUN_XAUTHORITY_FILE; |
109 | // create an empty file | ||
110 | FILE *fp = fopen(dest, "w"); | ||
111 | if (fp) { | ||
112 | fprintf(fp, "\n"); | ||
113 | SET_PERMS_STREAM(fp, getuid(), getgid(), 0600); | ||
114 | fclose(fp); | ||
115 | } | ||
116 | |||
109 | if (asprintf(&src, "%s/.Xauthority", cfg.homedir) == -1) | 117 | if (asprintf(&src, "%s/.Xauthority", cfg.homedir) == -1) |
110 | errExit("asprintf"); | 118 | errExit("asprintf"); |
111 | 119 | ||
@@ -115,12 +123,28 @@ static int store_xauthority(void) { | |||
115 | fprintf(stderr, "Warning: invalid .Xauthority file\n"); | 123 | fprintf(stderr, "Warning: invalid .Xauthority file\n"); |
116 | return 0; | 124 | return 0; |
117 | } | 125 | } |
118 | 126 | ||
119 | int rv = copy_file(src, dest, -1, -1, 0600); | 127 | pid_t child = fork(); |
120 | if (rv) { | 128 | if (child < 0) |
121 | fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n"); | 129 | errExit("fork"); |
122 | return 0; | 130 | if (child == 0) { |
131 | // drop privileges | ||
132 | drop_privs(0); | ||
133 | |||
134 | // copy, set permissions and ownership | ||
135 | int rv = copy_file(src, dest, getuid(), getgid(), 0600); | ||
136 | if (rv) | ||
137 | fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n"); | ||
138 | else { | ||
139 | fs_logger2("clone", dest); | ||
140 | } | ||
141 | #ifdef HAVE_GCOV | ||
142 | __gcov_flush(); | ||
143 | #endif | ||
144 | _exit(0); | ||
123 | } | 145 | } |
146 | // wait for the child to finish | ||
147 | waitpid(child, NULL, 0); | ||
124 | return 1; // file copied | 148 | return 1; // file copied |
125 | } | 149 | } |
126 | 150 | ||
@@ -130,6 +154,14 @@ static int store_xauthority(void) { | |||
130 | static int store_asoundrc(void) { | 154 | static int store_asoundrc(void) { |
131 | char *src; | 155 | char *src; |
132 | char *dest = RUN_ASOUNDRC_FILE; | 156 | char *dest = RUN_ASOUNDRC_FILE; |
157 | // create an empty file | ||
158 | FILE *fp = fopen(dest, "w"); | ||
159 | if (fp) { | ||
160 | fprintf(fp, "\n"); | ||
161 | SET_PERMS_STREAM(fp, getuid(), getgid(), 0644); | ||
162 | fclose(fp); | ||
163 | } | ||
164 | |||
133 | if (asprintf(&src, "%s/.asoundrc", cfg.homedir) == -1) | 165 | if (asprintf(&src, "%s/.asoundrc", cfg.homedir) == -1) |
134 | errExit("asprintf"); | 166 | errExit("asprintf"); |
135 | 167 | ||
@@ -150,11 +182,27 @@ static int store_asoundrc(void) { | |||
150 | free(rp); | 182 | free(rp); |
151 | } | 183 | } |
152 | 184 | ||
153 | int rv = copy_file(src, dest, -1, -1, -0644); | 185 | pid_t child = fork(); |
154 | if (rv) { | 186 | if (child < 0) |
155 | fprintf(stderr, "Warning: cannot transfer .asoundrc in private home directory\n"); | 187 | errExit("fork"); |
156 | return 0; | 188 | if (child == 0) { |
189 | // drop privileges | ||
190 | drop_privs(0); | ||
191 | |||
192 | // copy, set permissions and ownership | ||
193 | int rv = copy_file(src, dest, getuid(), getgid(), 0644); | ||
194 | if (rv) | ||
195 | fprintf(stderr, "Warning: cannot transfer .asoundrc in private home directory\n"); | ||
196 | else { | ||
197 | fs_logger2("clone", dest); | ||
198 | } | ||
199 | #ifdef HAVE_GCOV | ||
200 | __gcov_flush(); | ||
201 | #endif | ||
202 | _exit(0); | ||
157 | } | 203 | } |
204 | // wait for the child to finish | ||
205 | waitpid(child, NULL, 0); | ||
158 | return 1; // file copied | 206 | return 1; // file copied |
159 | } | 207 | } |
160 | 208 | ||
@@ -174,13 +222,27 @@ static void copy_xauthority(void) { | |||
174 | exit(1); | 222 | exit(1); |
175 | } | 223 | } |
176 | 224 | ||
177 | // copy, set permissions and ownership | 225 | pid_t child = fork(); |
178 | int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR); | 226 | if (child < 0) |
179 | if (rv) | 227 | errExit("fork"); |
180 | fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n"); | 228 | if (child == 0) { |
181 | else { | 229 | // drop privileges |
182 | fs_logger2("clone", dest); | 230 | drop_privs(0); |
231 | |||
232 | // copy, set permissions and ownership | ||
233 | int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR); | ||
234 | if (rv) | ||
235 | fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n"); | ||
236 | else { | ||
237 | fs_logger2("clone", dest); | ||
238 | } | ||
239 | #ifdef HAVE_GCOV | ||
240 | __gcov_flush(); | ||
241 | #endif | ||
242 | _exit(0); | ||
183 | } | 243 | } |
244 | // wait for the child to finish | ||
245 | waitpid(child, NULL, 0); | ||
184 | 246 | ||
185 | // delete the temporary file | 247 | // delete the temporary file |
186 | unlink(src); | 248 | unlink(src); |
@@ -199,13 +261,27 @@ static void copy_asoundrc(void) { | |||
199 | exit(1); | 261 | exit(1); |
200 | } | 262 | } |
201 | 263 | ||
202 | // copy, set permissions and ownership | 264 | pid_t child = fork(); |
203 | int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR); | 265 | if (child < 0) |
204 | if (rv) | 266 | errExit("fork"); |
205 | fprintf(stderr, "Warning: cannot transfer .asoundrc in private home directory\n"); | 267 | if (child == 0) { |
206 | else { | 268 | // drop privileges |
207 | fs_logger2("clone", dest); | 269 | drop_privs(0); |
270 | |||
271 | // copy, set permissions and ownership | ||
272 | int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR); | ||
273 | if (rv) | ||
274 | fprintf(stderr, "Warning: cannot transfer .asoundrc in private home directory\n"); | ||
275 | else { | ||
276 | fs_logger2("clone", dest); | ||
277 | } | ||
278 | #ifdef HAVE_GCOV | ||
279 | __gcov_flush(); | ||
280 | #endif | ||
281 | _exit(0); | ||
208 | } | 282 | } |
283 | // wait for the child to finish | ||
284 | waitpid(child, NULL, 0); | ||
209 | 285 | ||
210 | // delete the temporary file | 286 | // delete the temporary file |
211 | unlink(src); | 287 | unlink(src); |