diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/checkcfg.c | 9 | ||||
-rw-r--r-- | src/firejail/firejail.h | 2 | ||||
-rw-r--r-- | src/firejail/fs.c | 20 | ||||
-rw-r--r-- | src/firejail/profile.c | 12 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 7 | ||||
-rw-r--r-- | src/firejail/util.c | 1 |
6 files changed, 4 insertions, 47 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index f76f83d85..24d8d0381 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -74,15 +74,6 @@ int checkcfg(int val) { | |||
74 | if (!ptr) | 74 | if (!ptr) |
75 | continue; | 75 | continue; |
76 | 76 | ||
77 | // mount tmpfs on top of ~/.cache directory | ||
78 | if (strncmp(ptr, "cache-tmpfs ", 12) == 0) { | ||
79 | if (strcmp(ptr + 12, "yes") == 0) | ||
80 | cfg_val[CFG_CACHE_TMPFS] = 1; | ||
81 | else if (strcmp(ptr + 12, "no") == 0) | ||
82 | cfg_val[CFG_CACHE_TMPFS] = 0; | ||
83 | else | ||
84 | goto errout; | ||
85 | } | ||
86 | // file transfer | 77 | // file transfer |
87 | else if (strncmp(ptr, "file-transfer ", 14) == 0) { | 78 | else if (strncmp(ptr, "file-transfer ", 14) == 0) { |
88 | if (strcmp(ptr + 14, "yes") == 0) | 79 | if (strcmp(ptr + 14, "yes") == 0) |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index a981c8759..7258dd2f8 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -407,7 +407,6 @@ void fs_overlayfs(void); | |||
407 | // chroot into an existing directory; mount exiting /dev and update /etc/resolv.conf | 407 | // chroot into an existing directory; mount exiting /dev and update /etc/resolv.conf |
408 | void fs_chroot(const char *rootdir); | 408 | void fs_chroot(const char *rootdir); |
409 | void fs_check_chroot_dir(const char *rootdir); | 409 | void fs_check_chroot_dir(const char *rootdir); |
410 | void fs_cache(void); | ||
411 | 410 | ||
412 | // profile.c | 411 | // profile.c |
413 | // find and read the profile specified by name from dir directory | 412 | // find and read the profile specified by name from dir directory |
@@ -685,7 +684,6 @@ enum { | |||
685 | CFG_FOLLOW_SYMLINK_AS_USER, | 684 | CFG_FOLLOW_SYMLINK_AS_USER, |
686 | CFG_FOLLOW_SYMLINK_PRIVATE_BIN, | 685 | CFG_FOLLOW_SYMLINK_PRIVATE_BIN, |
687 | CFG_DISABLE_MNT, | 686 | CFG_DISABLE_MNT, |
688 | CFG_CACHE_TMPFS, | ||
689 | CFG_JOIN, | 687 | CFG_JOIN, |
690 | CFG_MAX // this should always be the last entry | 688 | CFG_MAX // this should always be the last entry |
691 | }; | 689 | }; |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 451a946b7..0ebed61db 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -480,26 +480,6 @@ void fs_mnt(void) { | |||
480 | } | 480 | } |
481 | 481 | ||
482 | 482 | ||
483 | void fs_cache(void) { | ||
484 | #if 0 | ||
485 | if (arg_debug) | ||
486 | printf("Deploy ~/.cache tmpfs\n"); | ||
487 | char *cache; | ||
488 | if (asprintf(&cache, "%s/.cache", cfg.homedir) == -1) | ||
489 | errExit("asprintf"); | ||
490 | if (is_link(cache)) { | ||
491 | fprintf(stderr, "Error: ~/.cache directory is a symbolik link\n"); | ||
492 | exit(1); | ||
493 | } | ||
494 | disable_file(MOUNT_TMPFS, cache); | ||
495 | if (is_link(cache)) { | ||
496 | fprintf(stderr, "Error: ~/.cache directory is a symbolik link\n"); | ||
497 | exit(1); | ||
498 | } | ||
499 | free(cache); | ||
500 | #endif | ||
501 | } | ||
502 | |||
503 | // mount /proc and /sys directories | 483 | // mount /proc and /sys directories |
504 | void fs_proc_sys_dev_boot(void) { | 484 | void fs_proc_sys_dev_boot(void) { |
505 | if (arg_debug) | 485 | if (arg_debug) |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 8f98fd397..53fa38845 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -874,27 +874,23 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
874 | // rlimit | 874 | // rlimit |
875 | if (strncmp(ptr, "rlimit", 6) == 0) { | 875 | if (strncmp(ptr, "rlimit", 6) == 0) { |
876 | if (strncmp(ptr, "rlimit-nofile ", 14) == 0) { | 876 | if (strncmp(ptr, "rlimit-nofile ", 14) == 0) { |
877 | ptr += 14; | ||
878 | check_unsigned(ptr + 14, "Error: invalid rlimit in profile file: "); | 877 | check_unsigned(ptr + 14, "Error: invalid rlimit in profile file: "); |
879 | sscanf(ptr, "%llu", &cfg.rlimit_nofile); | 878 | sscanf(ptr + 14, "%llu", &cfg.rlimit_nofile); |
880 | arg_rlimit_nofile = 1; | 879 | arg_rlimit_nofile = 1; |
881 | } | 880 | } |
882 | else if (strncmp(ptr, "rlimit-nproc ", 13) == 0) { | 881 | else if (strncmp(ptr, "rlimit-nproc ", 13) == 0) { |
883 | ptr += 13; | ||
884 | check_unsigned(ptr + 13, "Error: invalid rlimit in profile file: "); | 882 | check_unsigned(ptr + 13, "Error: invalid rlimit in profile file: "); |
885 | sscanf(ptr, "%llu", &cfg.rlimit_nproc); | 883 | sscanf(ptr + 13, "%llu", &cfg.rlimit_nproc); |
886 | arg_rlimit_nproc = 1; | 884 | arg_rlimit_nproc = 1; |
887 | } | 885 | } |
888 | else if (strncmp(ptr, "rlimit-fsize ", 13) == 0) { | 886 | else if (strncmp(ptr, "rlimit-fsize ", 13) == 0) { |
889 | ptr += 13; | ||
890 | check_unsigned(ptr + 13, "Error: invalid rlimit in profile file: "); | 887 | check_unsigned(ptr + 13, "Error: invalid rlimit in profile file: "); |
891 | sscanf(ptr, "%llu", &cfg.rlimit_fsize); | 888 | sscanf(ptr + 13, "%llu", &cfg.rlimit_fsize); |
892 | arg_rlimit_fsize = 1; | 889 | arg_rlimit_fsize = 1; |
893 | } | 890 | } |
894 | else if (strncmp(ptr, "rlimit-sigpending ", 18) == 0) { | 891 | else if (strncmp(ptr, "rlimit-sigpending ", 18) == 0) { |
895 | ptr += 18; | ||
896 | check_unsigned(ptr + 18, "Error: invalid rlimit in profile file: "); | 892 | check_unsigned(ptr + 18, "Error: invalid rlimit in profile file: "); |
897 | sscanf(ptr, "%llu", &cfg.rlimit_sigpending); | 893 | sscanf(ptr + 18, "%llu", &cfg.rlimit_sigpending); |
898 | arg_rlimit_sigpending = 1; | 894 | arg_rlimit_sigpending = 1; |
899 | } | 895 | } |
900 | else { | 896 | else { |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index f9e59f1ed..6cb1aca28 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -790,13 +790,6 @@ int sandbox(void* sandbox_arg) { | |||
790 | fs_mnt(); | 790 | fs_mnt(); |
791 | 791 | ||
792 | //**************************** | 792 | //**************************** |
793 | // deploy a tmpfs on ~/.cache directory | ||
794 | //**************************** | ||
795 | if (checkcfg(CFG_CACHE_TMPFS)) | ||
796 | fs_cache(); | ||
797 | |||
798 | |||
799 | //**************************** | ||
800 | // apply the profile file | 793 | // apply the profile file |
801 | //**************************** | 794 | //**************************** |
802 | // apply all whitelist commands ... | 795 | // apply all whitelist commands ... |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 93eabec65..88fa67183 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -421,7 +421,6 @@ char *split_comma(char *str) { | |||
421 | 421 | ||
422 | void check_unsigned(const char *str, const char *msg) { | 422 | void check_unsigned(const char *str, const char *msg) { |
423 | EUID_ASSERT(); | 423 | EUID_ASSERT(); |
424 | |||
425 | int rv = 0; | 424 | int rv = 0; |
426 | const char *ptr = str; | 425 | const char *ptr = str; |
427 | while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0') { | 426 | while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0') { |