diff options
Diffstat (limited to 'src/firejail/restrict_users.c')
-rw-r--r-- | src/firejail/restrict_users.c | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c index d2d106f27..733dbef41 100644 --- a/src/firejail/restrict_users.c +++ b/src/firejail/restrict_users.c | |||
@@ -73,11 +73,11 @@ static void sanitize_home(void) { | |||
73 | } | 73 | } |
74 | 74 | ||
75 | fs_build_mnt_dir(); | 75 | fs_build_mnt_dir(); |
76 | if (mkdir(WHITELIST_HOME_DIR, 0755) == -1) | 76 | if (mkdir(RUN_WHITELIST_HOME_DIR, 0755) == -1) |
77 | errExit("mkdir"); | 77 | errExit("mkdir"); |
78 | 78 | ||
79 | // keep a copy of the user home directory | 79 | // keep a copy of the user home directory |
80 | if (mount(cfg.homedir, WHITELIST_HOME_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) | 80 | if (mount(cfg.homedir, RUN_WHITELIST_HOME_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) |
81 | errExit("mount bind"); | 81 | errExit("mount bind"); |
82 | 82 | ||
83 | // mount tmpfs in the new home | 83 | // mount tmpfs in the new home |
@@ -95,11 +95,11 @@ static void sanitize_home(void) { | |||
95 | errExit("chmod"); | 95 | errExit("chmod"); |
96 | 96 | ||
97 | // mount user home directory | 97 | // mount user home directory |
98 | if (mount(WHITELIST_HOME_DIR, cfg.homedir, NULL, MS_BIND|MS_REC, NULL) < 0) | 98 | if (mount(RUN_WHITELIST_HOME_DIR, cfg.homedir, NULL, MS_BIND|MS_REC, NULL) < 0) |
99 | errExit("mount bind"); | 99 | errExit("mount bind"); |
100 | 100 | ||
101 | // mask home dir under /run | 101 | // mask home dir under /run |
102 | if (mount("tmpfs", WHITELIST_HOME_DIR, "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) | 102 | if (mount("tmpfs", RUN_WHITELIST_HOME_DIR, "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) |
103 | errExit("mount tmpfs"); | 103 | errExit("mount tmpfs"); |
104 | } | 104 | } |
105 | 105 | ||
@@ -118,7 +118,7 @@ static void sanitize_passwd(void) { | |||
118 | fpin = fopen("/etc/passwd", "r"); | 118 | fpin = fopen("/etc/passwd", "r"); |
119 | if (!fpin) | 119 | if (!fpin) |
120 | goto errout; | 120 | goto errout; |
121 | fpout = fopen(PASSWD_FILE, "w"); | 121 | fpout = fopen(RUN_PASSWD_FILE, "w"); |
122 | if (!fpout) | 122 | if (!fpout) |
123 | goto errout; | 123 | goto errout; |
124 | 124 | ||
@@ -172,13 +172,13 @@ static void sanitize_passwd(void) { | |||
172 | } | 172 | } |
173 | fclose(fpin); | 173 | fclose(fpin); |
174 | fclose(fpout); | 174 | fclose(fpout); |
175 | if (chown(PASSWD_FILE, 0, 0) == -1) | 175 | if (chown(RUN_PASSWD_FILE, 0, 0) == -1) |
176 | errExit("chown"); | 176 | errExit("chown"); |
177 | if (chmod(PASSWD_FILE, 0644) == -1) | 177 | if (chmod(RUN_PASSWD_FILE, 0644) == -1) |
178 | errExit("chmod"); | 178 | errExit("chmod"); |
179 | 179 | ||
180 | // mount-bind tne new password file | 180 | // mount-bind tne new password file |
181 | if (mount(PASSWD_FILE, "/etc/passwd", "none", MS_BIND, "mode=400,gid=0") < 0) | 181 | if (mount(RUN_PASSWD_FILE, "/etc/passwd", "none", MS_BIND, "mode=400,gid=0") < 0) |
182 | errExit("mount"); | 182 | errExit("mount"); |
183 | 183 | ||
184 | return; | 184 | return; |
@@ -249,7 +249,7 @@ static void sanitize_group(void) { | |||
249 | fpin = fopen("/etc/group", "r"); | 249 | fpin = fopen("/etc/group", "r"); |
250 | if (!fpin) | 250 | if (!fpin) |
251 | goto errout; | 251 | goto errout; |
252 | fpout = fopen(GROUP_FILE, "w"); | 252 | fpout = fopen(RUN_GROUP_FILE, "w"); |
253 | if (!fpout) | 253 | if (!fpout) |
254 | goto errout; | 254 | goto errout; |
255 | 255 | ||
@@ -298,13 +298,13 @@ static void sanitize_group(void) { | |||
298 | } | 298 | } |
299 | fclose(fpin); | 299 | fclose(fpin); |
300 | fclose(fpout); | 300 | fclose(fpout); |
301 | if (chown(GROUP_FILE, 0, 0) == -1) | 301 | if (chown(RUN_GROUP_FILE, 0, 0) == -1) |
302 | errExit("chown"); | 302 | errExit("chown"); |
303 | if (chmod(GROUP_FILE, 0644) == -1) | 303 | if (chmod(RUN_GROUP_FILE, 0644) == -1) |
304 | errExit("chmod"); | 304 | errExit("chmod"); |
305 | 305 | ||
306 | // mount-bind tne new group file | 306 | // mount-bind tne new group file |
307 | if (mount(GROUP_FILE, "/etc/group", "none", MS_BIND, "mode=400,gid=0") < 0) | 307 | if (mount(RUN_GROUP_FILE, "/etc/group", "none", MS_BIND, "mode=400,gid=0") < 0) |
308 | errExit("mount"); | 308 | errExit("mount"); |
309 | 309 | ||
310 | return; | 310 | return; |