diff options
Diffstat (limited to 'src/firejail/util.c')
-rw-r--r-- | src/firejail/util.c | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/src/firejail/util.c b/src/firejail/util.c index 0adca5e33..c644f83a8 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -21,6 +21,7 @@ | |||
21 | #include "firejail.h" | 21 | #include "firejail.h" |
22 | #include <ftw.h> | 22 | #include <ftw.h> |
23 | #include <sys/stat.h> | 23 | #include <sys/stat.h> |
24 | #include <sys/mount.h> | ||
24 | #include <fcntl.h> | 25 | #include <fcntl.h> |
25 | #include <syslog.h> | 26 | #include <syslog.h> |
26 | #include <errno.h> | 27 | #include <errno.h> |
@@ -964,3 +965,33 @@ unsigned extract_timeout(const char *str) { | |||
964 | 965 | ||
965 | return h * 3600 + m * 60 + s; | 966 | return h * 3600 + m * 60 + s; |
966 | } | 967 | } |
968 | |||
969 | void disable_file_or_dir(const char *fname) { | ||
970 | if (arg_debug) | ||
971 | printf("blacklist %s\n", fname); | ||
972 | struct stat s; | ||
973 | if (stat(fname, &s) != -1) { | ||
974 | if (is_dir(fname)) { | ||
975 | if (mount(RUN_RO_DIR, fname, "none", MS_BIND, "mode=400,gid=0") < 0) | ||
976 | errExit("disable directory"); | ||
977 | } | ||
978 | else { | ||
979 | if (mount(RUN_RO_FILE, fname, "none", MS_BIND, "mode=400,gid=0") < 0) | ||
980 | errExit("disable file"); | ||
981 | } | ||
982 | } | ||
983 | fs_logger2("blacklist", fname); | ||
984 | } | ||
985 | |||
986 | void disable_file_path(const char *path, const char *file) { | ||
987 | assert(file); | ||
988 | assert(path); | ||
989 | |||
990 | char *fname; | ||
991 | if (asprintf(&fname, "%s/%s", path, file) == -1) | ||
992 | errExit("asprintf"); | ||
993 | |||
994 | disable_file_or_dir(fname); | ||
995 | free(fname); | ||
996 | } | ||
997 | |||