diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs_mkdir.c | 39 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 8 |
2 files changed, 36 insertions, 11 deletions
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c index 50bcc613b..5bc2df2cc 100644 --- a/src/firejail/fs_mkdir.c +++ b/src/firejail/fs_mkdir.c | |||
@@ -22,8 +22,38 @@ | |||
22 | #include <sys/stat.h> | 22 | #include <sys/stat.h> |
23 | #include <unistd.h> | 23 | #include <unistd.h> |
24 | #include <grp.h> | 24 | #include <grp.h> |
25 | #include <sys/wait.h> | 25 | #include <sys/wait.h> |
26 | 26 | #include <string.h> | |
27 | |||
28 | static void mkdir_recursive(char *path) { | ||
29 | char *subdir = NULL; | ||
30 | struct stat s; | ||
31 | |||
32 | if (chdir("/")) { | ||
33 | fprintf(stderr, "Error: can't chdir to /"); | ||
34 | return; | ||
35 | } | ||
36 | |||
37 | subdir = strtok(path, "/"); | ||
38 | while(subdir) { | ||
39 | if (stat(subdir, &s) == -1) { | ||
40 | if (mkdir(subdir, 0700) == -1) { | ||
41 | fprintf(stderr, "Warning: cannot create %s directory\n", subdir); | ||
42 | return; | ||
43 | } | ||
44 | } else if (!S_ISDIR(s.st_mode)) { | ||
45 | fprintf(stderr, "Warning: '%s' exists, but is no directory\n", subdir); | ||
46 | return; | ||
47 | } | ||
48 | if (chdir(subdir)) { | ||
49 | fprintf(stderr, "Error: can't chdir to %s", subdir); | ||
50 | return; | ||
51 | } | ||
52 | |||
53 | subdir = strtok(NULL, "/"); | ||
54 | } | ||
55 | } | ||
56 | |||
27 | void fs_mkdir(const char *name) { | 57 | void fs_mkdir(const char *name) { |
28 | EUID_ASSERT(); | 58 | EUID_ASSERT(); |
29 | 59 | ||
@@ -50,8 +80,7 @@ void fs_mkdir(const char *name) { | |||
50 | drop_privs(0); | 80 | drop_privs(0); |
51 | 81 | ||
52 | // create directory | 82 | // create directory |
53 | if (mkdir(expanded, 0700) == -1) | 83 | mkdir_recursive(expanded); |
54 | fprintf(stderr, "Warning: cannot create %s directory\n", expanded); | ||
55 | exit(0); | 84 | exit(0); |
56 | } | 85 | } |
57 | // wait for the child to finish | 86 | // wait for the child to finish |
@@ -101,4 +130,4 @@ void fs_mkfile(const char *name) { | |||
101 | 130 | ||
102 | doexit: | 131 | doexit: |
103 | free(expanded); | 132 | free(expanded); |
104 | } \ No newline at end of file | 133 | } |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 504842a9e..7e33a6b45 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -136,7 +136,7 @@ The directory is created if it doesn't already exist. | |||
136 | .br | 136 | .br |
137 | Use this command for whitelisted directories you need to preserve | 137 | Use this command for whitelisted directories you need to preserve |
138 | when the sandbox is closed. Without it, the application will create the directory, and the directory | 138 | when the sandbox is closed. Without it, the application will create the directory, and the directory |
139 | will be deleted when the sandbox is closed. Subdirectories also need to be created using mkdir. Example from | 139 | will be deleted when the sandbox is closed. Subdirectories are recursively created. Example from |
140 | firefox profile: | 140 | firefox profile: |
141 | .br | 141 | .br |
142 | 142 | ||
@@ -145,17 +145,13 @@ mkdir ~/.mozilla | |||
145 | .br | 145 | .br |
146 | whitelist ~/.mozilla | 146 | whitelist ~/.mozilla |
147 | .br | 147 | .br |
148 | mkdir ~/.cache | ||
149 | .br | ||
150 | mkdir ~/.cache/mozilla | ||
151 | .br | ||
152 | mkdir ~/.cache/mozilla/firefox | 148 | mkdir ~/.cache/mozilla/firefox |
153 | .br | 149 | .br |
154 | whitelist ~/.cache/mozilla/firefox | 150 | whitelist ~/.cache/mozilla/firefox |
155 | .TP | 151 | .TP |
156 | \fBmkfile file | 152 | \fBmkfile file |
157 | Similar to mkdir, this command creates a file in user home before the sandbox is started. | 153 | Similar to mkdir, this command creates a file in user home before the sandbox is started. |
158 | The file is created if it doesn't already exist. | 154 | The file is created if it doesn't already exist, but it's target directory has to exist. |
159 | .TP | 155 | .TP |
160 | \fBnoexec file_or_directory | 156 | \fBnoexec file_or_directory |
161 | Remount the file or the directory noexec, nodev and nosuid. | 157 | Remount the file or the directory noexec, nodev and nosuid. |