1 files changed, 125 insertions, 0 deletions
diff --git a/src/jailcheck/virtual.c b/src/jailcheck/virtual.c
new file mode 100644
index 000000000..09092f9ce
--- /dev/null
+++ b/src/jailcheck/virtual.c
@@ -0,0 +1,125 @@
+/*
+ * Copyright (C) 2014-2021 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#include "jailcheck.h"
+#include <dirent.h>
+#include <sys/wait.h>
+#define MAX_TEST_FILES 16
+static char *dirs[MAX_TEST_FILES];
+static char *files[MAX_TEST_FILES];
+static int files_cnt = 0;
+void virtual_setup(const char *directory) {
+        // I am root!
+        assert(directory);
+        assert(*directory == '/');
+        assert(files_cnt < MAX_TEST_FILES);
+        // try to open the dir as root
+        DIR *dir = opendir(directory);
+        if (!dir) {
+                fprintf(stderr, "Warning: directory %s not found, skipping\n", directory);
+                return;
+        }
+        closedir(dir);
+        // create a test file
+        char *test_file;
+        if (asprintf(&test_file, "%s/jailcheck-private-%d", directory, getpid()) == -1)
+                errExit("asprintf");
+        FILE *fp = fopen(test_file, "w");
+        if (!fp) {
+                printf("Warning: I cannot create test file in directory %s, skipping...\n", directory);
+                return;
+        }
+        fprintf(fp, "this file was created by firetest utility, you can safely delete it\n");
+        fclose(fp);
+        if (strcmp(directory, user_home_dir) == 0) {
+                int rv = chown(test_file, user_uid, user_gid);
+                if (rv)
+                        errExit("chown");
+        }
+        char *dname = strdup(directory);
+        if (!dname)
+                errExit("strdup");
+        dirs[files_cnt] = dname;
+        files[files_cnt] = test_file;
+        files_cnt++;
+}
+void virtual_destroy(void) {
+        // remove test files
+        int i;
+        for (i = 0; i < files_cnt; i++) {
+                int rv = unlink(files[i]);
+                (void) rv;
+        }
+        files_cnt = 0;
+}
+void virtual_test(void) {
+        // I am root in sandbox mount namespace
+        assert(user_uid);
+        int i;
+        int cnt = 0;
+        cnt += printf("   Virtual dirs: "); fflush(0);
+        for (i = 0; i < files_cnt; i++) {
+                assert(files[i]);
+                // I am root!
+                pid_t child = fork();
+                if (child == -1)
+                        errExit("fork");
+                if (child == 0) { // child
+                        // drop privileges
+                        if (setgid(user_gid) != 0)
+                                errExit("setgid");
+                        if (setuid(user_uid) != 0)
+                                errExit("setuid");
+                        // try to open the file for reading
+                        FILE *fp = fopen(files[i], "r");
+                        if (fp)
+                                fclose(fp);
+                        else {
+                                if (cnt == 0)
+                                        cnt += printf("\n                 ");
+                                cnt += printf("%s, ", dirs[i]);
+                                if (cnt > 60)
+                                        cnt = 0;
+                        }
+                        fflush(0);
+                        exit(cnt);
+                }
+                // wait for the child to finish
+                int status;
+                wait(&status);
+                cnt = WEXITSTATUS(status);
+        }
+        printf("\n");
+}

diff --git a/src/jailcheck/virtual.c b/src/jailcheck/virtual.c new file mode 100644 index 000000000..09092f9ce --- /dev/null +++ b/src/jailcheck/virtual.c
@@ -0,0 +1,125 @@
	1	/*
	2	* Copyright (C) 2014-2021 Firejail Authors
	3	*
	4	* This file is part of firejail project
	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License as published by
	8	* the Free Software Foundation; either version 2 of the License, or
	9	* (at your option) any later version.
	10	*
	11	* This program is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	* GNU General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU General Public License along
	17	* with this program; if not, write to the Free Software Foundation, Inc.,
	18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	19	*/
	20	#include "jailcheck.h"
	21	#include <dirent.h>
	22	#include <sys/wait.h>
	23
	24
	25	#define MAX_TEST_FILES 16
	26	static char *dirs[MAX_TEST_FILES];
	27	static char *files[MAX_TEST_FILES];
	28	static int files_cnt = 0;
	29
	30	void virtual_setup(const char *directory) {
	31	// I am root!
	32	assert(directory);
	33	assert(*directory == '/');
	34	assert(files_cnt < MAX_TEST_FILES);
	35
	36	// try to open the dir as root
	37	DIR *dir = opendir(directory);
	38	if (!dir) {
	39	fprintf(stderr, "Warning: directory %s not found, skipping\n", directory);
	40	return;
	41	}
	42	closedir(dir);
	43
	44	// create a test file
	45	char *test_file;
	46	if (asprintf(&test_file, "%s/jailcheck-private-%d", directory, getpid()) == -1)
	47	errExit("asprintf");
	48
	49	FILE *fp = fopen(test_file, "w");
	50	if (!fp) {
	51	printf("Warning: I cannot create test file in directory %s, skipping...\n", directory);
	52	return;
	53	}
	54	fprintf(fp, "this file was created by firetest utility, you can safely delete it\n");
	55	fclose(fp);
	56	if (strcmp(directory, user_home_dir) == 0) {
	57	int rv = chown(test_file, user_uid, user_gid);
	58	if (rv)
	59	errExit("chown");
	60	}
	61
	62	char *dname = strdup(directory);
	63	if (!dname)
	64	errExit("strdup");
	65	dirs[files_cnt] = dname;
	66	files[files_cnt] = test_file;
	67	files_cnt++;
	68	}
	69
	70	void virtual_destroy(void) {
	71	// remove test files
	72	int i;
	73
	74	for (i = 0; i < files_cnt; i++) {
	75	int rv = unlink(files[i]);
	76	(void) rv;
	77	}
	78	files_cnt = 0;
	79	}
	80
	81	void virtual_test(void) {
	82	// I am root in sandbox mount namespace
	83	assert(user_uid);
	84	int i;
	85
	86	int cnt = 0;
	87	cnt += printf(" Virtual dirs: "); fflush(0);
	88
	89	for (i = 0; i < files_cnt; i++) {
	90	assert(files[i]);
	91
	92	// I am root!
	93	pid_t child = fork();
	94	if (child == -1)
	95	errExit("fork");
	96
	97	if (child == 0) { // child
	98	// drop privileges
	99	if (setgid(user_gid) != 0)
	100	errExit("setgid");
	101	if (setuid(user_uid) != 0)
	102	errExit("setuid");
	103
	104	// try to open the file for reading
	105	FILE *fp = fopen(files[i], "r");
	106	if (fp)
	107	fclose(fp);
	108	else {
	109	if (cnt == 0)
	110	cnt += printf("\n ");
	111	cnt += printf("%s, ", dirs[i]);
	112	if (cnt > 60)
	113	cnt = 0;
	114	}
	115	fflush(0);
	116	exit(cnt);
	117	}
	118
	119	// wait for the child to finish
	120	int status;
	121	wait(&status);
	122	cnt = WEXITSTATUS(status);
	123	}
	124	printf("\n");
	125	}