diff options
Diffstat (limited to 'src/firejail/preproc.c')
-rw-r--r-- | src/firejail/preproc.c | 35 |
1 files changed, 33 insertions, 2 deletions
diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c index 6784ff5ac..2873571a9 100644 --- a/src/firejail/preproc.c +++ b/src/firejail/preproc.c | |||
@@ -56,14 +56,16 @@ void preproc_build_firejail_dir(void) { | |||
56 | create_empty_dir_as_root(RUN_FIREJAIL_APPIMAGE_DIR, 0755); | 56 | create_empty_dir_as_root(RUN_FIREJAIL_APPIMAGE_DIR, 0755); |
57 | } | 57 | } |
58 | 58 | ||
59 | if (stat(RUN_MNT_DIR, &s)) { | ||
60 | create_empty_dir_as_root(RUN_MNT_DIR, 0755); | ||
61 | } | ||
62 | |||
59 | create_empty_file_as_root(RUN_RO_FILE, S_IRUSR); | 63 | create_empty_file_as_root(RUN_RO_FILE, S_IRUSR); |
60 | create_empty_dir_as_root(RUN_RO_DIR, S_IRUSR); | 64 | create_empty_dir_as_root(RUN_RO_DIR, S_IRUSR); |
61 | } | 65 | } |
62 | 66 | ||
63 | // build /run/firejail/mnt directory | 67 | // build /run/firejail/mnt directory |
64 | void preproc_mount_mnt_dir(void) { | 68 | void preproc_mount_mnt_dir(void) { |
65 | struct stat s; | ||
66 | |||
67 | // mount tmpfs on top of /run/firejail/mnt | 69 | // mount tmpfs on top of /run/firejail/mnt |
68 | if (!tmpfs_mounted) { | 70 | if (!tmpfs_mounted) { |
69 | if (arg_debug) | 71 | if (arg_debug) |
@@ -72,6 +74,35 @@ void preproc_mount_mnt_dir(void) { | |||
72 | errExit("mounting /run/firejail/mnt"); | 74 | errExit("mounting /run/firejail/mnt"); |
73 | tmpfs_mounted = 1; | 75 | tmpfs_mounted = 1; |
74 | fs_logger2("tmpfs", RUN_MNT_DIR); | 76 | fs_logger2("tmpfs", RUN_MNT_DIR); |
77 | |||
78 | // create all seccomp files | ||
79 | // as root, create RUN_SECCOMP_I386 file | ||
80 | create_empty_file_as_root(RUN_SECCOMP_I386, 0644); | ||
81 | if (chown(RUN_SECCOMP_I386, getuid(), getgid()) == -1) | ||
82 | errExit("chown"); | ||
83 | if (chmod(RUN_SECCOMP_I386, 0644) == -1) | ||
84 | errExit("chmod"); | ||
85 | |||
86 | // as root, create RUN_SECCOMP_AMD64 file | ||
87 | create_empty_file_as_root(RUN_SECCOMP_AMD64, 0644); | ||
88 | if (chown(RUN_SECCOMP_AMD64, getuid(), getgid()) == -1) | ||
89 | errExit("chown"); | ||
90 | if (chmod(RUN_SECCOMP_AMD64, 0644) == -1) | ||
91 | errExit("chmod"); | ||
92 | |||
93 | // as root, create RUN_SECCOMP file | ||
94 | create_empty_file_as_root(RUN_SECCOMP_CFG, 0644); | ||
95 | if (chown(RUN_SECCOMP_CFG, getuid(), getgid()) == -1) | ||
96 | errExit("chown"); | ||
97 | if (chmod(RUN_SECCOMP_CFG, 0644) == -1) | ||
98 | errExit("chmod"); | ||
99 | |||
100 | // as root, create RUN_SECCOMP_PROTOCOL file | ||
101 | create_empty_file_as_root(RUN_SECCOMP_PROTOCOL, 0644); | ||
102 | if (chown(RUN_SECCOMP_PROTOCOL, getuid(), getgid()) == -1) | ||
103 | errExit("chown"); | ||
104 | if (chmod(RUN_SECCOMP_PROTOCOL, 0644) == -1) | ||
105 | errExit("chmod"); | ||
75 | } | 106 | } |
76 | } | 107 | } |
77 | 108 | ||