diff options
Diffstat (limited to 'src/firejail/sandbox.c')
| -rw-r--r-- | src/firejail/sandbox.c | 19 |
1 files changed, 7 insertions, 12 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index b23c5d742..d9ce717e0 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
| @@ -46,23 +46,18 @@ void save_nogroups(void) { | |||
| 46 | if (arg_nogroups == 0) | 46 | if (arg_nogroups == 0) |
| 47 | return; | 47 | return; |
| 48 | 48 | ||
| 49 | char *fname; | 49 | FILE *fp = fopen(GROUPS_CFG, "w"); |
| 50 | if (asprintf(&fname, "%s/groups", MNT_DIR) == -1) | ||
| 51 | errExit("asprintf"); | ||
| 52 | FILE *fp = fopen(fname, "w"); | ||
| 53 | if (fp) { | 50 | if (fp) { |
| 54 | fprintf(fp, "\n"); | 51 | fprintf(fp, "\n"); |
| 55 | fclose(fp); | 52 | fclose(fp); |
| 56 | if (chown(fname, 0, 0) < 0) | 53 | if (chown(GROUPS_CFG, 0, 0) < 0) |
| 57 | errExit("chown"); | 54 | errExit("chown"); |
| 58 | } | 55 | } |
| 59 | else { | 56 | else { |
| 60 | fprintf(stderr, "Error: cannot save nogroups state\n"); | 57 | fprintf(stderr, "Error: cannot save nogroups state\n"); |
| 61 | free(fname); | ||
| 62 | exit(1); | 58 | exit(1); |
| 63 | } | 59 | } |
| 64 | 60 | ||
| 65 | free(fname); | ||
| 66 | } | 61 | } |
| 67 | 62 | ||
| 68 | static void sandbox_if_up(Bridge *br) { | 63 | static void sandbox_if_up(Bridge *br) { |
| @@ -436,21 +431,21 @@ int sandbox(void* sandbox_arg) { | |||
| 436 | // if a keep list is available, disregard the drop list | 431 | // if a keep list is available, disregard the drop list |
| 437 | if (arg_seccomp == 1) { | 432 | if (arg_seccomp == 1) { |
| 438 | if (cfg.seccomp_list_keep) | 433 | if (cfg.seccomp_list_keep) |
| 439 | seccomp_filter_keep(); // this will also save the fmyilter to MNT_DIR/seccomp file | 434 | seccomp_filter_keep(); |
| 440 | else if (cfg.seccomp_list_errno) | 435 | else if (cfg.seccomp_list_errno) |
| 441 | seccomp_filter_errno(); // this will also save the filter to MNT_DIR/seccomp file | 436 | seccomp_filter_errno(); |
| 442 | else | 437 | else |
| 443 | seccomp_filter_drop(); // this will also save the filter to MNT_DIR/seccomp file | 438 | seccomp_filter_drop(); |
| 444 | } | 439 | } |
| 445 | #endif | 440 | #endif |
| 446 | 441 | ||
| 447 | // set cpu affinity | 442 | // set cpu affinity |
| 448 | if (cfg.cpus) { | 443 | if (cfg.cpus) { |
| 449 | save_cpu(); // save cpu affinity mask to MNT_DIR/cpu file | 444 | save_cpu(); // save cpu affinity mask to CPU_CFG file |
| 450 | set_cpu_affinity(); | 445 | set_cpu_affinity(); |
| 451 | } | 446 | } |
| 452 | 447 | ||
| 453 | // save cgroup in MNT_DIR/cgroup file | 448 | // save cgroup in CGROUP_CFG file |
| 454 | if (cfg.cgroup) | 449 | if (cfg.cgroup) |
| 455 | save_cgroup(); | 450 | save_cgroup(); |
| 456 | 451 | ||