From 4e54c82861c075c9f97c4ac0d4a8ca4d3240844f Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sun, 28 Feb 2016 11:35:37 -0500 Subject: various fixes --- src/firejail/fs.c | 2 ++ src/firejail/fs_whitelist.c | 24 ++++++++++++++++++++++++ src/firejail/x11.c | 2 +- src/firemon/firemon.h | 3 +++ src/firemon/procevent.c | 4 ++-- 5 files changed, 32 insertions(+), 3 deletions(-) diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 6505177d0..4d2711fcd 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c @@ -283,6 +283,8 @@ static void disable_file(OPERATION op, const char *filename) { // if the file is not present, do nothing struct stat s; + if (fname == NULL) + return; if (stat(fname, &s) == -1) { if (arg_debug) printf("Warning: %s does not exist, skipping...\n", fname); diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 99c2e855c..d394ba704 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c @@ -651,6 +651,30 @@ void fs_whitelist(void) { errExit("mount tmpfs"); } + // mask the real /var directory, currently mounted on RUN_WHITELIST_VAR_DIR + if (var_dir) { + if (mount("tmpfs", RUN_WHITELIST_VAR_DIR, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) + errExit("mount tmpfs"); + } + + // mask the real /opt directory, currently mounted on RUN_WHITELIST_OPT_DIR + if (opt_dir) { + if (mount("tmpfs", RUN_WHITELIST_OPT_DIR, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) + errExit("mount tmpfs"); + } + + // mask the real /dev directory, currently mounted on RUN_WHITELIST_DEV_DIR + if (dev_dir) { + if (mount("tmpfs", RUN_WHITELIST_DEV_DIR, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) + errExit("mount tmpfs"); + } + + // mask the real /media directory, currently mounted on RUN_WHITELIST_MEDIA_DIR + if (media_dir) { + if (mount("tmpfs", RUN_WHITELIST_MEDIA_DIR, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) + errExit("mount tmpfs"); + } + if (new_name) free(new_name); diff --git a/src/firejail/x11.c b/src/firejail/x11.c index e09bb3411..7769503b1 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c @@ -47,7 +47,7 @@ int x11_display(void) { int display; int rv = sscanf(d, ":%d", &display); if (rv != 1) - return; + return -1; if (arg_debug) printf("DISPLAY %s, %d\n", d, display); diff --git a/src/firemon/firemon.h b/src/firemon/firemon.h index b10c9ce17..522ece077 100644 --- a/src/firemon/firemon.h +++ b/src/firemon/firemon.h @@ -81,4 +81,7 @@ void tree(pid_t pid); // netstats.c void netstats(void); +// x11.c +void x11(pid_t pid); + #endif diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c index 6396049e3..71550454a 100644 --- a/src/firemon/procevent.c +++ b/src/firemon/procevent.c @@ -91,7 +91,7 @@ static int pid_is_firejail(pid_t pid) { continue; if (first) { first = 0; - start = buffer + i + 1; + start = (char *) buffer + i + 1; continue; } if (strncmp(start, "--", 2) != 0) @@ -101,7 +101,7 @@ static int pid_is_firejail(pid_t pid) { rv = 0; break; } - start = buffer + i + 1; + start = (char *) buffer + i + 1; } } -- cgit v1.2.3-70-g09d2