diff options
Diffstat (limited to 'src/firejail/fs_trace.c')
| -rw-r--r-- | src/firejail/fs_trace.c | 25 |
1 files changed, 8 insertions, 17 deletions
diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c index f6ca28227..719b55048 100644 --- a/src/firejail/fs_trace.c +++ b/src/firejail/fs_trace.c | |||
| @@ -37,19 +37,13 @@ void fs_trace_preload(void) { | |||
| 37 | FILE *fp = fopen("/etc/ld.so.preload", "w"); | 37 | FILE *fp = fopen("/etc/ld.so.preload", "w"); |
| 38 | if (!fp) | 38 | if (!fp) |
| 39 | errExit("fopen"); | 39 | errExit("fopen"); |
| 40 | SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | ||
| 40 | fclose(fp); | 41 | fclose(fp); |
| 41 | if (chown("/etc/ld.so.preload", 0, 0) < 0) | ||
| 42 | errExit("chown"); | ||
| 43 | if (chmod("/etc/ld.so.preload", S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH ) < 0) | ||
| 44 | errExit("chmod"); | ||
| 45 | fs_logger("touch /etc/ld.so.preload"); | 42 | fs_logger("touch /etc/ld.so.preload"); |
| 46 | } | 43 | } |
| 47 | } | 44 | } |
| 48 | 45 | ||
| 49 | void fs_trace(void) { | 46 | void fs_trace(void) { |
| 50 | // create /tmp/firejail/mnt directory | ||
| 51 | fs_build_mnt_dir(); | ||
| 52 | |||
| 53 | // create the new ld.so.preload file and mount-bind it | 47 | // create the new ld.so.preload file and mount-bind it |
| 54 | if (arg_debug) | 48 | if (arg_debug) |
| 55 | printf("Create the new ld.so.preload file\n"); | 49 | printf("Create the new ld.so.preload file\n"); |
| @@ -57,21 +51,20 @@ void fs_trace(void) { | |||
| 57 | FILE *fp = fopen(RUN_LDPRELOAD_FILE, "w"); | 51 | FILE *fp = fopen(RUN_LDPRELOAD_FILE, "w"); |
| 58 | if (!fp) | 52 | if (!fp) |
| 59 | errExit("fopen"); | 53 | errExit("fopen"); |
| 60 | if (arg_trace) | 54 | if (arg_trace) { |
| 61 | fprintf(fp, "%s/firejail/libtrace.so\n", LIBDIR); | 55 | fprintf(fp, "%s/firejail/libtrace.so\n", LIBDIR); |
| 56 | } | ||
| 62 | else if (arg_tracelog) { | 57 | else if (arg_tracelog) { |
| 63 | fprintf(fp, "%s/firejail/libtracelog.so\n", LIBDIR); | 58 | fprintf(fp, "%s/firejail/libtracelog.so\n", LIBDIR); |
| 64 | if (!arg_quiet) | 59 | if (!arg_quiet) |
| 65 | printf("Blacklist violations are logged to syslog\n"); | 60 | printf("Blacklist violations are logged to syslog\n"); |
| 66 | } | 61 | } |
| 67 | else | 62 | |
| 68 | assert(0); | 63 | if (mask_x11_abstract_socket) |
| 69 | 64 | fprintf(fp, "%s/firejail/libconnect.so\n", LIBDIR); | |
| 65 | |||
| 66 | SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | ||
| 70 | fclose(fp); | 67 | fclose(fp); |
| 71 | if (chown(RUN_LDPRELOAD_FILE, 0, 0) < 0) | ||
| 72 | errExit("chown"); | ||
| 73 | if (chmod(RUN_LDPRELOAD_FILE, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH ) < 0) | ||
| 74 | errExit("chmod"); | ||
| 75 | 68 | ||
| 76 | // mount the new preload file | 69 | // mount the new preload file |
| 77 | if (arg_debug) | 70 | if (arg_debug) |
| @@ -81,5 +74,3 @@ void fs_trace(void) { | |||
| 81 | fs_logger("create /etc/ld.so.preload"); | 74 | fs_logger("create /etc/ld.so.preload"); |
| 82 | } | 75 | } |
| 83 | 76 | ||
| 84 | |||
| 85 | \ No newline at end of file | ||