diff options
Diffstat (limited to 'src/firejail/fs_hostname.c')
-rw-r--r-- | src/firejail/fs_hostname.c | 53 |
1 files changed, 48 insertions, 5 deletions
diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c index b2e1b4a99..535526409 100644 --- a/src/firejail/fs_hostname.c +++ b/src/firejail/fs_hostname.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2016 Firejail Authors | 2 | * Copyright (C) 2014-2017 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
@@ -42,7 +42,7 @@ void fs_hostname(const char *hostname) { | |||
42 | } | 42 | } |
43 | 43 | ||
44 | // create a new /etc/hosts | 44 | // create a new /etc/hosts |
45 | if (stat("/etc/hosts", &s) == 0) { | 45 | if (cfg.hosts_file == NULL && stat("/etc/hosts", &s) == 0) { |
46 | if (arg_debug) | 46 | if (arg_debug) |
47 | printf("Creating a new /etc/hosts file\n"); | 47 | printf("Creating a new /etc/hosts file\n"); |
48 | // copy /etc/host into our new file, and modify it on the fly | 48 | // copy /etc/host into our new file, and modify it on the fly |
@@ -79,9 +79,7 @@ void fs_hostname(const char *hostname) { | |||
79 | fclose(fp2); | 79 | fclose(fp2); |
80 | 80 | ||
81 | // bind-mount the file on top of /etc/hostname | 81 | // bind-mount the file on top of /etc/hostname |
82 | if (mount(RUN_HOSTS_FILE, "/etc/hosts", NULL, MS_BIND|MS_REC, NULL) < 0) | 82 | fs_mount_hosts_file(); |
83 | errExit("mount bind /etc/hosts"); | ||
84 | fs_logger("create /etc/hosts"); | ||
85 | } | 83 | } |
86 | return; | 84 | return; |
87 | 85 | ||
@@ -129,4 +127,49 @@ void fs_resolvconf(void) { | |||
129 | } | 127 | } |
130 | } | 128 | } |
131 | 129 | ||
130 | char *fs_check_hosts_fiile(const char *fname) { | ||
131 | assert(fname); | ||
132 | invalid_filename(fname); | ||
133 | char *rv = expand_home(fname, cfg.homedir); | ||
134 | |||
135 | // no a link | ||
136 | if (is_link(rv)) | ||
137 | goto errexit; | ||
132 | 138 | ||
139 | // the user has read access to the file | ||
140 | if (access(rv, R_OK)) | ||
141 | goto errexit; | ||
142 | |||
143 | return rv; | ||
144 | errexit: | ||
145 | fprintf(stderr, "Error: invalid file %s\n", fname); | ||
146 | exit(1); | ||
147 | } | ||
148 | |||
149 | void fs_store_hosts_file(void) { | ||
150 | copy_file_from_user_to_root(cfg.hosts_file, RUN_HOSTS_FILE, 0, 0, 0644); // root needed | ||
151 | } | ||
152 | |||
153 | void fs_mount_hosts_file(void) { | ||
154 | // check /etc/hosts file | ||
155 | struct stat s; | ||
156 | if (stat("/etc/hosts", &s) == -1) | ||
157 | goto errexit; | ||
158 | // not a link | ||
159 | if (is_link("/etc/hosts")) | ||
160 | goto errexit; | ||
161 | // owned by root | ||
162 | if (s.st_uid != 0) | ||
163 | goto errexit; | ||
164 | |||
165 | // bind-mount the file on top of /etc/hostname | ||
166 | if (mount(RUN_HOSTS_FILE, "/etc/hosts", NULL, MS_BIND|MS_REC, NULL) < 0) | ||
167 | errExit("mount bind /etc/hosts"); | ||
168 | fs_logger("create /etc/hosts"); | ||
169 | return; | ||
170 | |||
171 | errexit: | ||
172 | fprintf(stderr, "Error: invalid /etc/hosts file\n"); | ||
173 | exit(1); | ||
174 | } | ||
175 | |||