1 files changed, 48 insertions, 5 deletions
diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c
index b2e1b4a99..535526409 100644
--- a/src/firejail/fs_hostname.c
+++ b/src/firejail/fs_hostname.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2016 Firejail Authors
+ * Copyright (C) 2014-2017 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -42,7 +42,7 @@ void fs_hostname(const char *hostname) {
        }
        
        // create a new /etc/hosts
-        if (stat("/etc/hosts", &s) == 0) {
+        if (cfg.hosts_file == NULL && stat("/etc/hosts", &s) == 0) {
                if (arg_debug)
                        printf("Creating a new /etc/hosts file\n");
                // copy /etc/host into our new file, and modify it on the fly
@@ -79,9 +79,7 @@ void fs_hostname(const char *hostname) {
                fclose(fp2);
                
                // bind-mount the file on top of /etc/hostname
-                if (mount(RUN_HOSTS_FILE, "/etc/hosts", NULL, MS_BIND|MS_REC, NULL) < 0)
+                fs_mount_hosts_file();
-                        errExit("mount bind /etc/hosts");
-                fs_logger("create /etc/hosts");
        }
        return;
@@ -129,4 +127,49 @@ void fs_resolvconf(void) {
        }
 }
+char *fs_check_hosts_fiile(const char *fname) {
+        assert(fname);
+        invalid_filename(fname);
+        char *rv = expand_home(fname, cfg.homedir);
+        // no a link
+        if (is_link(rv))
+                goto errexit;
        
+        // the user has read access to the file
+        if (access(rv, R_OK))
+                goto errexit;
+        return rv;
+errexit:
+        fprintf(stderr, "Error: invalid file %s\n", fname);
+        exit(1);
+}
+void fs_store_hosts_file(void) {
+        copy_file_from_user_to_root(cfg.hosts_file, RUN_HOSTS_FILE, 0, 0, 0644); // root needed
+}
+void fs_mount_hosts_file(void) {
+        // check /etc/hosts file
+        struct stat s;
+        if (stat("/etc/hosts", &s) == -1)
+                goto errexit;
+        // not a link
+        if (is_link("/etc/hosts"))
+                goto errexit;
+        // owned by root
+        if (s.st_uid != 0)
+                goto errexit;
+        // bind-mount the file on top of /etc/hostname
+        if (mount(RUN_HOSTS_FILE, "/etc/hosts", NULL, MS_BIND|MS_REC, NULL) < 0)
+                errExit("mount bind /etc/hosts");
+        fs_logger("create /etc/hosts");
+        return;
+errexit:
+        fprintf(stderr, "Error: invalid /etc/hosts file\n");
+        exit(1);
+}

diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c index b2e1b4a99..535526409 100644 --- a/src/firejail/fs_hostname.c +++ b/src/firejail/fs_hostname.c
@@ -1,5 +1,5 @@
1	/*	1	/*
2	* Copyright (C) 2014-2016 Firejail Authors	2	* Copyright (C) 2014-2017 Firejail Authors
3	*	3	*
4	* This file is part of firejail project	4	* This file is part of firejail project
5	*	5	*
@@ -42,7 +42,7 @@ void fs_hostname(const char *hostname) {
42	}	42	}
43		43
44	// create a new /etc/hosts	44	// create a new /etc/hosts
45	if (stat("/etc/hosts", &s) == 0) {	45	if (cfg.hosts_file == NULL && stat("/etc/hosts", &s) == 0) {
46	if (arg_debug)	46	if (arg_debug)
47	printf("Creating a new /etc/hosts file\n");	47	printf("Creating a new /etc/hosts file\n");
48	// copy /etc/host into our new file, and modify it on the fly	48	// copy /etc/host into our new file, and modify it on the fly
@@ -79,9 +79,7 @@ void fs_hostname(const char *hostname) {
79	fclose(fp2);	79	fclose(fp2);
80		80
81	// bind-mount the file on top of /etc/hostname	81	// bind-mount the file on top of /etc/hostname
82	if (mount(RUN_HOSTS_FILE, "/etc/hosts", NULL, MS_BIND\|MS_REC, NULL) < 0)	82	fs_mount_hosts_file();
83	errExit("mount bind /etc/hosts");
84	fs_logger("create /etc/hosts");
85	}	83	}
86	return;	84	return;
87		85
@@ -129,4 +127,49 @@ void fs_resolvconf(void) {
129	}	127	}
130	}	128	}
131		129
		130	char fs_check_hosts_fiile(const char fname) {
		131	assert(fname);
		132	invalid_filename(fname);
		133	char *rv = expand_home(fname, cfg.homedir);
		134
		135	// no a link
		136	if (is_link(rv))
		137	goto errexit;
132		138
		139	// the user has read access to the file
		140	if (access(rv, R_OK))
		141	goto errexit;
		142
		143	return rv;
		144	errexit:
		145	fprintf(stderr, "Error: invalid file %s\n", fname);
		146	exit(1);
		147	}
		148
		149	void fs_store_hosts_file(void) {
		150	copy_file_from_user_to_root(cfg.hosts_file, RUN_HOSTS_FILE, 0, 0, 0644); // root needed
		151	}
		152
		153	void fs_mount_hosts_file(void) {
		154	// check /etc/hosts file
		155	struct stat s;
		156	if (stat("/etc/hosts", &s) == -1)
		157	goto errexit;
		158	// not a link
		159	if (is_link("/etc/hosts"))
		160	goto errexit;
		161	// owned by root
		162	if (s.st_uid != 0)
		163	goto errexit;
		164
		165	// bind-mount the file on top of /etc/hostname
		166	if (mount(RUN_HOSTS_FILE, "/etc/hosts", NULL, MS_BIND\|MS_REC, NULL) < 0)
		167	errExit("mount bind /etc/hosts");
		168	fs_logger("create /etc/hosts");
		169	return;
		170
		171	errexit:
		172	fprintf(stderr, "Error: invalid /etc/hosts file\n");
		173	exit(1);
		174	}
		175