diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs_whitelist.c | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index b081752f4..fccb82735 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -27,14 +27,25 @@ | |||
27 | #include <fcntl.h> | 27 | #include <fcntl.h> |
28 | #include <errno.h> | 28 | #include <errno.h> |
29 | 29 | ||
30 | static int mkpath(const char* path, mode_t mode) { | 30 | static int mkpath(const char* path) { |
31 | assert(path && *path); | 31 | assert(path && *path); |
32 | 32 | ||
33 | // create directories with a 0755 mode | ||
34 | mode_t mode = 0755; | ||
35 | |||
36 | // create directories with uid/gid as root or as current user if inside home directory | ||
37 | uid_t uid = getuid(); | ||
38 | gid_t gid = getgid(); | ||
39 | if (strncmp(path, cfg.homedir, strlen(cfg.homedir)) != 0) { | ||
40 | uid = 0; | ||
41 | gid = 0; | ||
42 | } | ||
43 | |||
33 | // work on a copy of the path | 44 | // work on a copy of the path |
34 | char *file_path = strdup(path); | 45 | char *file_path = strdup(path); |
35 | if (!file_path) | 46 | if (!file_path) |
36 | errExit("strdup"); | 47 | errExit("strdup"); |
37 | 48 | ||
38 | char* p; | 49 | char* p; |
39 | for (p=strchr(file_path+1, '/'); p; p=strchr(p+1, '/')) { | 50 | for (p=strchr(file_path+1, '/'); p; p=strchr(p+1, '/')) { |
40 | *p='\0'; | 51 | *p='\0'; |
@@ -46,7 +57,10 @@ static int mkpath(const char* path, mode_t mode) { | |||
46 | } | 57 | } |
47 | } | 58 | } |
48 | else { | 59 | else { |
49 | // TODO: set correct directory mode and properties | 60 | if (chmod(file_path, mode) == -1) |
61 | errExit("chmod"); | ||
62 | if (chown(file_path, uid, gid) == -1) | ||
63 | errExit("chown"); | ||
50 | } | 64 | } |
51 | 65 | ||
52 | *p='/'; | 66 | *p='/'; |
@@ -128,7 +142,7 @@ static void whitelist_path(ProfileEntry *entry) { | |||
128 | } | 142 | } |
129 | 143 | ||
130 | // create the path if necessary | 144 | // create the path if necessary |
131 | mkpath(path, 0755); | 145 | mkpath(path); |
132 | 146 | ||
133 | // process directory | 147 | // process directory |
134 | if (S_ISDIR(s.st_mode)) { | 148 | if (S_ISDIR(s.st_mode)) { |
@@ -403,7 +417,7 @@ void fs_whitelist(void) { | |||
403 | struct stat s; | 417 | struct stat s; |
404 | if (stat(entry->link, &s) != 0) { | 418 | if (stat(entry->link, &s) != 0) { |
405 | // create the path if necessary | 419 | // create the path if necessary |
406 | mkpath(entry->link, 0755); | 420 | mkpath(entry->link); |
407 | 421 | ||
408 | int rv = symlink(entry->data + 10, entry->link); | 422 | int rv = symlink(entry->data + 10, entry->link); |
409 | if (rv) | 423 | if (rv) |