1 files changed, 33 insertions, 2 deletions
diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c
index 6784ff5ac..2873571a9 100644
--- a/src/firejail/preproc.c
+++ b/src/firejail/preproc.c
@@ -56,14 +56,16 @@ void preproc_build_firejail_dir(void) {
                create_empty_dir_as_root(RUN_FIREJAIL_APPIMAGE_DIR, 0755);
        }
        
+        if (stat(RUN_MNT_DIR, &s)) {
+                create_empty_dir_as_root(RUN_MNT_DIR, 0755);
+        }
        create_empty_file_as_root(RUN_RO_FILE, S_IRUSR);
        create_empty_dir_as_root(RUN_RO_DIR, S_IRUSR);
 }
 // build /run/firejail/mnt directory
 void preproc_mount_mnt_dir(void) {
-        struct stat s;
-        
        // mount tmpfs on top of /run/firejail/mnt
        if (!tmpfs_mounted) {
                if (arg_debug)
@@ -72,6 +74,35 @@ void preproc_mount_mnt_dir(void) {
                        errExit("mounting /run/firejail/mnt");
                tmpfs_mounted = 1;
                fs_logger2("tmpfs", RUN_MNT_DIR);
+                
+                // create all seccomp files
+                // as root, create RUN_SECCOMP_I386 file
+                create_empty_file_as_root(RUN_SECCOMP_I386, 0644);
+                if (chown(RUN_SECCOMP_I386, getuid(), getgid()) == -1)
+                        errExit("chown");
+                if (chmod(RUN_SECCOMP_I386, 0644) == -1)
+                        errExit("chmod");
+                // as root, create RUN_SECCOMP_AMD64 file
+                create_empty_file_as_root(RUN_SECCOMP_AMD64, 0644);
+                if (chown(RUN_SECCOMP_AMD64, getuid(), getgid()) == -1)
+                        errExit("chown");
+                if (chmod(RUN_SECCOMP_AMD64, 0644) == -1)
+                        errExit("chmod");
+                // as root, create RUN_SECCOMP file
+                create_empty_file_as_root(RUN_SECCOMP_CFG, 0644);
+                if (chown(RUN_SECCOMP_CFG, getuid(), getgid()) == -1)
+                        errExit("chown");
+                if (chmod(RUN_SECCOMP_CFG, 0644) == -1)
+                        errExit("chmod");
+                // as root, create RUN_SECCOMP_PROTOCOL file
+                create_empty_file_as_root(RUN_SECCOMP_PROTOCOL, 0644);
+                if (chown(RUN_SECCOMP_PROTOCOL, getuid(), getgid()) == -1)
+                        errExit("chown");
+                if (chmod(RUN_SECCOMP_PROTOCOL, 0644) == -1)
+                        errExit("chmod");
        }
 }

diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c index 6784ff5ac..2873571a9 100644 --- a/src/firejail/preproc.c +++ b/src/firejail/preproc.c
@@ -56,14 +56,16 @@ void preproc_build_firejail_dir(void) {
56	create_empty_dir_as_root(RUN_FIREJAIL_APPIMAGE_DIR, 0755);	56	create_empty_dir_as_root(RUN_FIREJAIL_APPIMAGE_DIR, 0755);
57	}	57	}
58		58
		59	if (stat(RUN_MNT_DIR, &s)) {
		60	create_empty_dir_as_root(RUN_MNT_DIR, 0755);
		61	}
		62
59	create_empty_file_as_root(RUN_RO_FILE, S_IRUSR);	63	create_empty_file_as_root(RUN_RO_FILE, S_IRUSR);
60	create_empty_dir_as_root(RUN_RO_DIR, S_IRUSR);	64	create_empty_dir_as_root(RUN_RO_DIR, S_IRUSR);
61	}	65	}
62		66
63	// build /run/firejail/mnt directory	67	// build /run/firejail/mnt directory
64	void preproc_mount_mnt_dir(void) {	68	void preproc_mount_mnt_dir(void) {
65	struct stat s;
66
67	// mount tmpfs on top of /run/firejail/mnt	69	// mount tmpfs on top of /run/firejail/mnt
68	if (!tmpfs_mounted) {	70	if (!tmpfs_mounted) {
69	if (arg_debug)	71	if (arg_debug)
@@ -72,6 +74,35 @@ void preproc_mount_mnt_dir(void) {
72	errExit("mounting /run/firejail/mnt");	74	errExit("mounting /run/firejail/mnt");
73	tmpfs_mounted = 1;	75	tmpfs_mounted = 1;
74	fs_logger2("tmpfs", RUN_MNT_DIR);	76	fs_logger2("tmpfs", RUN_MNT_DIR);
		77
		78	// create all seccomp files
		79	// as root, create RUN_SECCOMP_I386 file
		80	create_empty_file_as_root(RUN_SECCOMP_I386, 0644);
		81	if (chown(RUN_SECCOMP_I386, getuid(), getgid()) == -1)
		82	errExit("chown");
		83	if (chmod(RUN_SECCOMP_I386, 0644) == -1)
		84	errExit("chmod");
		85
		86	// as root, create RUN_SECCOMP_AMD64 file
		87	create_empty_file_as_root(RUN_SECCOMP_AMD64, 0644);
		88	if (chown(RUN_SECCOMP_AMD64, getuid(), getgid()) == -1)
		89	errExit("chown");
		90	if (chmod(RUN_SECCOMP_AMD64, 0644) == -1)
		91	errExit("chmod");
		92
		93	// as root, create RUN_SECCOMP file
		94	create_empty_file_as_root(RUN_SECCOMP_CFG, 0644);
		95	if (chown(RUN_SECCOMP_CFG, getuid(), getgid()) == -1)
		96	errExit("chown");
		97	if (chmod(RUN_SECCOMP_CFG, 0644) == -1)
		98	errExit("chmod");
		99
		100	// as root, create RUN_SECCOMP_PROTOCOL file
		101	create_empty_file_as_root(RUN_SECCOMP_PROTOCOL, 0644);
		102	if (chown(RUN_SECCOMP_PROTOCOL, getuid(), getgid()) == -1)
		103	errExit("chown");
		104	if (chmod(RUN_SECCOMP_PROTOCOL, 0644) == -1)
		105	errExit("chmod");
75	}	106	}
76	}	107	}
77		108