diff options
Diffstat (limited to 'src/firejail/x11.c')
| -rw-r--r-- | src/firejail/x11.c | 24 |
1 files changed, 8 insertions, 16 deletions
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 2b1121958..9da6d3e30 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
| @@ -137,10 +137,8 @@ void fs_x11(void) { | |||
| 137 | int rv = mkdir(RUN_WHITELIST_X11_DIR, 1777); | 137 | int rv = mkdir(RUN_WHITELIST_X11_DIR, 1777); |
| 138 | if (rv == -1) | 138 | if (rv == -1) |
| 139 | errExit("mkdir"); | 139 | errExit("mkdir"); |
| 140 | if (chown(RUN_WHITELIST_X11_DIR, 0, 0) < 0) | 140 | if (set_perms(RUN_WHITELIST_X11_DIR, 0, 0, 1777)) |
| 141 | errExit("chown"); | 141 | errExit("set_perms"); |
| 142 | if (chmod(RUN_WHITELIST_X11_DIR, 1777) < 0) | ||
| 143 | errExit("chmod"); | ||
| 144 | 142 | ||
| 145 | if (mount("/tmp/.X11-unix", RUN_WHITELIST_X11_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) | 143 | if (mount("/tmp/.X11-unix", RUN_WHITELIST_X11_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) |
| 146 | errExit("mount bind"); | 144 | errExit("mount bind"); |
| @@ -706,10 +704,8 @@ void x11_xorg(void) { | |||
| 706 | fprintf(stderr, "Error: cannot create the new .Xauthority file\n"); | 704 | fprintf(stderr, "Error: cannot create the new .Xauthority file\n"); |
| 707 | exit(1); | 705 | exit(1); |
| 708 | } | 706 | } |
| 709 | if (chown(tmpfname, getuid(), getgid()) == -1) | 707 | if (set_perms(tmpfname, getuid(), getgid(), 0600)) |
| 710 | errExit("chown"); | 708 | errExit("set_perms"); |
| 711 | if (chmod(tmpfname, 0600) == -1) | ||
| 712 | errExit("chmod"); | ||
| 713 | 709 | ||
| 714 | // move the temporary file in RUN_XAUTHORITY_SEC_FILE in order to have it deleted | 710 | // move the temporary file in RUN_XAUTHORITY_SEC_FILE in order to have it deleted |
| 715 | // automatically when the sandbox is closed | 711 | // automatically when the sandbox is closed |
| @@ -717,10 +713,8 @@ void x11_xorg(void) { | |||
| 717 | fprintf(stderr, "Error: cannot create the new .Xauthority file\n"); | 713 | fprintf(stderr, "Error: cannot create the new .Xauthority file\n"); |
| 718 | exit(1); | 714 | exit(1); |
| 719 | } | 715 | } |
| 720 | if (chown(RUN_XAUTHORITY_SEC_FILE, getuid(), getgid()) == -1) | 716 | if (set_perms(RUN_XAUTHORITY_SEC_FILE, getuid(), getgid(), 0600)) |
| 721 | errExit("chown"); | 717 | errExit("set_perms"); |
| 722 | if (chmod(RUN_XAUTHORITY_SEC_FILE, 0600) == -1) | ||
| 723 | errExit("chmod"); | ||
| 724 | unlink(tmpfname); | 718 | unlink(tmpfname); |
| 725 | 719 | ||
| 726 | // mount | 720 | // mount |
| @@ -728,10 +722,8 @@ void x11_xorg(void) { | |||
| 728 | fprintf(stderr, "Error: cannot mount the new .Xauthority file\n"); | 722 | fprintf(stderr, "Error: cannot mount the new .Xauthority file\n"); |
| 729 | exit(1); | 723 | exit(1); |
| 730 | } | 724 | } |
| 731 | if (chown(dest, getuid(), getgid()) == -1) | 725 | if (set_perms(dest, getuid(), getgid(), 0600)) |
| 732 | errExit("chown"); | 726 | errExit("set_perms"); |
| 733 | if (chmod(dest, 0600) == -1) | ||
| 734 | errExit("chmod"); | ||
| 735 | free(dest); | 727 | free(dest); |
| 736 | #endif | 728 | #endif |
| 737 | } | 729 | } |