diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/sbox.c | 23 |
2 files changed, 18 insertions, 6 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index bfe680d24..0311968c3 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -815,6 +815,7 @@ void build_appimage_cmdline(char **command_line, char **window_title, int argc, | |||
815 | 815 | ||
816 | // run sbox | 816 | // run sbox |
817 | int sbox_run(unsigned filter, int num, ...); | 817 | int sbox_run(unsigned filter, int num, ...); |
818 | int sbox_run_v(unsigned filter, char * const arg[]); | ||
818 | 819 | ||
819 | // run_files.c | 820 | // run_files.c |
820 | void delete_run_files(pid_t pid); | 821 | void delete_run_files(pid_t pid); |
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c index e5739ecb5..a90cb7668 100644 --- a/src/firejail/sbox.c +++ b/src/firejail/sbox.c | |||
@@ -105,23 +105,34 @@ static struct sock_fprog prog = { | |||
105 | }; | 105 | }; |
106 | 106 | ||
107 | int sbox_run(unsigned filtermask, int num, ...) { | 107 | int sbox_run(unsigned filtermask, int num, ...) { |
108 | EUID_ROOT(); | ||
109 | |||
110 | int i; | ||
111 | va_list valist; | 108 | va_list valist; |
112 | va_start(valist, num); | 109 | va_start(valist, num); |
113 | 110 | ||
114 | // build argument list | 111 | // build argument list |
115 | char *arg[num + 1]; | 112 | char **arg = malloc((num + 1) * sizeof(char *)); |
113 | int i; | ||
116 | for (i = 0; i < num; i++) | 114 | for (i = 0; i < num; i++) |
117 | arg[i] = va_arg(valist, char*); | 115 | arg[i] = va_arg(valist, char*); |
118 | arg[i] = NULL; | 116 | arg[i] = NULL; |
119 | va_end(valist); | 117 | va_end(valist); |
120 | 118 | ||
119 | int status = sbox_run_v(filtermask, arg); | ||
120 | |||
121 | free(arg); | ||
122 | |||
123 | return status; | ||
124 | } | ||
125 | |||
126 | int sbox_run_v(unsigned filtermask, char * const arg[]) { | ||
127 | EUID_ROOT(); | ||
128 | |||
121 | if (arg_debug) { | 129 | if (arg_debug) { |
122 | printf("sbox run: "); | 130 | printf("sbox run: "); |
123 | for (i = 0; i <= num; i++) | 131 | int i = 0; |
132 | while (arg[i]) { | ||
124 | printf("%s ", arg[i]); | 133 | printf("%s ", arg[i]); |
134 | i++; | ||
135 | } | ||
125 | printf("\n"); | 136 | printf("\n"); |
126 | } | 137 | } |
127 | 138 | ||
@@ -171,7 +182,7 @@ int sbox_run(unsigned filtermask, int num, ...) { | |||
171 | 182 | ||
172 | // close all other file descriptors | 183 | // close all other file descriptors |
173 | int max = 20; // getdtablesize() is overkill for a firejail process | 184 | int max = 20; // getdtablesize() is overkill for a firejail process |
174 | for (i = 3; i < max; i++) | 185 | for (int i = 3; i < max; i++) |
175 | close(i); // close open files | 186 | close(i); // close open files |
176 | 187 | ||
177 | umask(027); | 188 | umask(027); |