diff options
Diffstat (limited to 'src/firejail/mountinfo.c')
-rw-r--r-- | src/firejail/mountinfo.c | 50 |
1 files changed, 30 insertions, 20 deletions
diff --git a/src/firejail/mountinfo.c b/src/firejail/mountinfo.c index ab1e501a7..a7dc714df 100644 --- a/src/firejail/mountinfo.c +++ b/src/firejail/mountinfo.c | |||
@@ -69,7 +69,7 @@ static void unmangle_path(char *path) { | |||
69 | static void parse_line(char *line, MountData *output) { | 69 | static void parse_line(char *line, MountData *output) { |
70 | assert(line && output); | 70 | assert(line && output); |
71 | memset(output, 0, sizeof(*output)); | 71 | memset(output, 0, sizeof(*output)); |
72 | // extract filesystem name, directory and filesystem types | 72 | // extract mount id, filesystem name, directory and filesystem types |
73 | // examples: | 73 | // examples: |
74 | // 587 543 8:1 /tmp /etc rw,relatime master:1 - ext4 /dev/sda1 rw,errors=remount-ro,data=ordered | 74 | // 587 543 8:1 /tmp /etc rw,relatime master:1 - ext4 /dev/sda1 rw,errors=remount-ro,data=ordered |
75 | // output.mountid: 587 | 75 | // output.mountid: 587 |
@@ -153,6 +153,8 @@ MountData *get_last_mount(void) { | |||
153 | 153 | ||
154 | // Extract the mount id from /proc/self/fdinfo and return it. | 154 | // Extract the mount id from /proc/self/fdinfo and return it. |
155 | int get_mount_id(const char *path) { | 155 | int get_mount_id(const char *path) { |
156 | assert(path); | ||
157 | |||
156 | int fd = open(path, O_PATH|O_CLOEXEC); | 158 | int fd = open(path, O_PATH|O_CLOEXEC); |
157 | if (fd == -1) | 159 | if (fd == -1) |
158 | return -1; | 160 | return -1; |
@@ -197,8 +199,12 @@ int get_mount_id(const char *path) { | |||
197 | return -2; | 199 | return -2; |
198 | } | 200 | } |
199 | 201 | ||
200 | // Return array with all paths that might need a remount. | 202 | // Check /proc/self/mountinfo if path has any submounts (or if path would have submounts |
201 | char **build_mount_array(const int mountid, const char *path) { | 203 | // if it was made a mount point). |
204 | // Returns an array that can be iterated over for recursive remounting. | ||
205 | char **build_mount_array(const int mount_id, const char *path) { | ||
206 | assert(path); | ||
207 | |||
202 | // open /proc/self/mountinfo | 208 | // open /proc/self/mountinfo |
203 | FILE *fp = fopen("/proc/self/mountinfo", "re"); | 209 | FILE *fp = fopen("/proc/self/mountinfo", "re"); |
204 | if (!fp) { | 210 | if (!fp) { |
@@ -207,29 +213,33 @@ char **build_mount_array(const int mountid, const char *path) { | |||
207 | exit(1); | 213 | exit(1); |
208 | } | 214 | } |
209 | 215 | ||
210 | size_t size = 32; | 216 | // array to be returned |
211 | size_t cnt = 0; | 217 | size_t cnt = 0; |
218 | size_t size = 32; | ||
212 | char **rv = malloc(size * sizeof(*rv)); | 219 | char **rv = malloc(size * sizeof(*rv)); |
213 | if (!rv) | 220 | if (!rv) |
214 | errExit("malloc"); | 221 | errExit("malloc"); |
215 | 222 | ||
216 | // read /proc/self/mountinfo | 223 | // read /proc/self/mountinfo |
217 | size_t pathlen = strlen(path); | 224 | size_t pathlen = strlen(path); |
225 | char buf[MAX_BUF]; | ||
226 | MountData mntp; | ||
218 | int found = 0; | 227 | int found = 0; |
219 | if (fgets(mbuf, MAX_BUF, fp) == NULL) { | 228 | |
229 | if (fgets(buf, MAX_BUF, fp) == NULL) { | ||
220 | fprintf(stderr, "Error: cannot read /proc/self/mountinfo\n"); | 230 | fprintf(stderr, "Error: cannot read /proc/self/mountinfo\n"); |
221 | exit(1); | 231 | exit(1); |
222 | } | 232 | } |
223 | do { | 233 | do { |
224 | // find mount point with mount id | 234 | // find mount point with mount id |
225 | if (!found) { | 235 | if (!found) { |
226 | parse_line(mbuf, &mdata); | 236 | parse_line(buf, &mntp); |
227 | if (mdata.mountid == mountid) { | 237 | if (mntp.mountid == mount_id) { |
228 | // don't remount blacklisted paths, | 238 | // give up if mount id has been reassigned, |
229 | // give up if mount id has been reassigned | 239 | // don't remount blacklisted path |
230 | if (strstr(mdata.fsname, "firejail.ro.dir") || | 240 | if (strncmp(mntp.dir, path, strlen(mntp.dir)) || |
231 | strstr(mdata.fsname, "firejail.ro.file") || | 241 | strstr(mntp.fsname, "firejail.ro.dir") || |
232 | strncmp(mdata.dir, path, strlen(mdata.dir))) | 242 | strstr(mntp.fsname, "firejail.ro.file")) |
233 | break; | 243 | break; |
234 | 244 | ||
235 | *rv = strdup(path); | 245 | *rv = strdup(path); |
@@ -244,24 +254,24 @@ char **build_mount_array(const int mountid, const char *path) { | |||
244 | } | 254 | } |
245 | // from here on add all mount points below path, | 255 | // from here on add all mount points below path, |
246 | // don't remount blacklisted paths | 256 | // don't remount blacklisted paths |
247 | parse_line(mbuf, &mdata); | 257 | parse_line(buf, &mntp); |
248 | if (strncmp(mdata.dir, path, pathlen) == 0 && | 258 | if (strncmp(mntp.dir, path, pathlen) == 0 && |
249 | mdata.dir[pathlen] == '/' && | 259 | mntp.dir[pathlen] == '/' && |
250 | strstr(mdata.fsname, "firejail.ro.dir") == NULL && | 260 | strstr(mntp.fsname, "firejail.ro.dir") == NULL && |
251 | strstr(mdata.fsname, "firejail.ro.file") == NULL) { | 261 | strstr(mntp.fsname, "firejail.ro.file") == NULL) { |
252 | 262 | ||
253 | if (cnt >= size) { | 263 | if (cnt == size) { |
254 | size *= 2; | 264 | size *= 2; |
255 | rv = realloc(rv, size * sizeof(*rv)); | 265 | rv = realloc(rv, size * sizeof(*rv)); |
256 | if (!rv) | 266 | if (!rv) |
257 | errExit("realloc"); | 267 | errExit("realloc"); |
258 | } | 268 | } |
259 | rv[cnt] = strdup(mdata.dir); | 269 | rv[cnt] = strdup(mntp.dir); |
260 | if (rv[cnt] == NULL) | 270 | if (rv[cnt] == NULL) |
261 | errExit("strdup"); | 271 | errExit("strdup"); |
262 | cnt++; | 272 | cnt++; |
263 | } | 273 | } |
264 | } while (fgets(mbuf, MAX_BUF, fp)); | 274 | } while (fgets(buf, MAX_BUF, fp)); |
265 | 275 | ||
266 | if (cnt == size) { | 276 | if (cnt == size) { |
267 | size++; | 277 | size++; |