diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs_lib.c | 5 | ||||
-rw-r--r-- | src/firejail/main.c | 14 | ||||
-rw-r--r-- | src/firejail/profile.c | 16 |
3 files changed, 19 insertions, 16 deletions
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c index 4d328af7f..cc60a330f 100644 --- a/src/firejail/fs_lib.c +++ b/src/firejail/fs_lib.c | |||
@@ -155,7 +155,6 @@ static void copy_libs_for_lib(const char *lib, const char *private_run_dir) { | |||
155 | 155 | ||
156 | void fs_private_lib(void) { | 156 | void fs_private_lib(void) { |
157 | char *private_list = cfg.lib_private_keep; | 157 | char *private_list = cfg.lib_private_keep; |
158 | assert(private_list); | ||
159 | 158 | ||
160 | // create /run/firejail/mnt/lib directory | 159 | // create /run/firejail/mnt/lib directory |
161 | mkdir_attr(RUN_LIB_DIR, 0755, 0, 0); | 160 | mkdir_attr(RUN_LIB_DIR, 0755, 0, 0); |
@@ -169,9 +168,9 @@ void fs_private_lib(void) { | |||
169 | copy_libs_for_exe(cfg.shell, RUN_LIB_DIR); | 168 | copy_libs_for_exe(cfg.shell, RUN_LIB_DIR); |
170 | 169 | ||
171 | // for the listed libs | 170 | // for the listed libs |
172 | if (*private_list != '\0') { | 171 | if (private_list && *private_list != '\0') { |
173 | if (arg_debug) | 172 | if (arg_debug) |
174 | printf("Copying extra files in the new lib directory:\n"); | 173 | printf("Copying extra files (%s) in the new lib directory:\n", private_list); |
175 | 174 | ||
176 | char *dlist = strdup(private_list); | 175 | char *dlist = strdup(private_list); |
177 | if (!dlist) | 176 | if (!dlist) |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 561a14f5a..ff57a5693 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1630,13 +1630,15 @@ int main(int argc, char **argv) { | |||
1630 | cfg.bin_private_keep = argv[i] + 14; | 1630 | cfg.bin_private_keep = argv[i] + 14; |
1631 | arg_private_bin = 1; | 1631 | arg_private_bin = 1; |
1632 | } | 1632 | } |
1633 | else if (strncmp(argv[i], "--private-lib=", 14) == 0) { | 1633 | else if (strncmp(argv[i], "--private-lib", 13) == 0) { |
1634 | // extract private lib list (if any) | 1634 | // extract private lib list (if any) |
1635 | if (cfg.lib_private_keep) { | 1635 | if (argv[i][13] == '=') { |
1636 | if (asprintf(&cfg.lib_private_keep, "%s,%s", cfg.lib_private_keep, argv[i] + 14) < 0 ) | 1636 | if (cfg.lib_private_keep) { |
1637 | errExit("asprintf"); | 1637 | if (argv[i][14] != '\0' && asprintf(&cfg.lib_private_keep, "%s,%s", cfg.lib_private_keep, argv[i] + 14) < 0) |
1638 | } else | 1638 | errExit("asprintf"); |
1639 | cfg.lib_private_keep = argv[i] + 14; | 1639 | } else |
1640 | cfg.lib_private_keep = argv[i] + 14; | ||
1641 | } | ||
1640 | arg_private_lib = 1; | 1642 | arg_private_lib = 1; |
1641 | } | 1643 | } |
1642 | else if (strcmp(argv[i], "--private-tmp") == 0) { | 1644 | else if (strcmp(argv[i], "--private-tmp") == 0) { |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 6d5ee349c..972f5932d 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -596,7 +596,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
596 | } | 596 | } |
597 | 597 | ||
598 | // memory deny write&execute | 598 | // memory deny write&execute |
599 | if (strncmp(ptr, "memory-deny-write-execute ", sizeof("memory-deny-write-execute ") - 1) == 0) { | 599 | if (strcmp(ptr, "memory-deny-write-execute") == 0) { |
600 | #ifdef HAVE_SECCOMP | 600 | #ifdef HAVE_SECCOMP |
601 | if (checkcfg(CFG_SECCOMP)) | 601 | if (checkcfg(CFG_SECCOMP)) |
602 | arg_memory_deny_write_execute = 1; | 602 | arg_memory_deny_write_execute = 1; |
@@ -861,12 +861,14 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
861 | } | 861 | } |
862 | 862 | ||
863 | // private /lib list of files | 863 | // private /lib list of files |
864 | if (strncmp(ptr, "private-lib ", 12) == 0) { | 864 | if (strncmp(ptr, "private-lib", 11) == 0) { |
865 | if (cfg.lib_private_keep) { | 865 | if (ptr[11] == ' ') { |
866 | if (asprintf(&cfg.lib_private_keep, "%s,%s", cfg.lib_private_keep, ptr + 12) < 0 ) | 866 | if (cfg.lib_private_keep) { |
867 | errExit("asprintf"); | 867 | if (ptr[12] != '\0' && asprintf(&cfg.lib_private_keep, "%s,%s", cfg.lib_private_keep, ptr + 12) < 0) |
868 | } else { | 868 | errExit("asprintf"); |
869 | cfg.lib_private_keep = ptr + 12; | 869 | } else { |
870 | cfg.lib_private_keep = ptr + 12; | ||
871 | } | ||
870 | } | 872 | } |
871 | arg_private_lib = 1; | 873 | arg_private_lib = 1; |
872 | return 0; | 874 | return 0; |