From 8f512407ddb2abc3e2b7ae71f848916e7e3fc64d Mon Sep 17 00:00:00 2001 From: nextime Date: Thu, 4 Aug 2016 02:15:43 +0200 Subject: Make copydir work as expected --- src/firejail/fs_home.c | 23 ++++++++++++++++++----- src/firejail/main.c | 13 +++++++++++-- src/firejail/usage.c | 3 +++ src/man/firejail.txt | 12 ++++++++++++ 4 files changed, 44 insertions(+), 7 deletions(-) diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 3cb410569..604bba0e4 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c @@ -355,11 +355,22 @@ int fs_copydir(const char *path, const struct stat *st, int ftype, struct FTW *s struct stat s; // don't copy it if we already have the file if (stat(dest, &s) == 0) - return 0; + return(0); if (stat(path, &s) == 0) { - if (copy_file(path, dest) == 0) { - if (chown(dest, u, g) == -1) - errExit("chown"); + if(ftype == FTW_F) { + if (copy_file(path, dest) == 0) { + if (arg_debug) + printf("copy from %s to %s\n", path, dest); + if (chown(dest, u, g) == -1) + errExit("chown"); + fs_logger2("clone", path); + } + } + else if(ftype == FTW_D) { + if (mkdir(dest, s.st_mode) == -1) + errExit("mkdir"); + if (arg_debug) + printf("copy from %s to %s\n", path, dest); fs_logger2("clone", path); } } @@ -369,11 +380,13 @@ int fs_copydir(const char *path, const struct stat *st, int ftype, struct FTW *s } void fs_private_template(void) { + fs_private(); - if(!nftw(cfg.private_template, fs_copydir, 1, FTW_PHYS)) { + if(nftw(cfg.private_template, fs_copydir, 1, FTW_PHYS) != 0) { fprintf(stderr, "Error: unable to copy template dir\n"); exit(1); } + } // check new private home directory (--private= option) - exit if it fails diff --git a/src/firejail/main.c b/src/firejail/main.c index a6c96f956..9f6fa5142 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -1349,9 +1349,18 @@ int main(int argc, char **argv) { else if (strcmp(argv[i], "--writable-var") == 0) { arg_writable_var = 1; } - else if (strcmp(argv[i], "--private") == 0) + else if (strcmp(argv[i], "--private") == 0) { + if (arg_private_template) { + fprintf(stderr, "Error: --private and --private-template are mutually exclusive\n"); + exit(1); + } arg_private = 1; + } else if (strncmp(argv[i], "--private=", 10) == 0) { + if (arg_private_template) { + fprintf(stderr, "Error: --private and --private-template are mutually exclusive\n"); + exit(1); + } // extract private home dirname cfg.home_private = argv[i] + 10; if (*cfg.home_private == '\0') { @@ -1362,7 +1371,7 @@ int main(int argc, char **argv) { arg_private = 1; } else if (strncmp(argv[i], "--private-template=", 19) == 0) { - cfg.private_template = argv[i] + 14; + cfg.private_template = argv[i] + 19; if (arg_private) { fprintf(stderr, "Error: --private and --private-template are mutually exclusive\n"); exit(1); diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 958a16da7..baba93791 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c @@ -189,6 +189,9 @@ void usage(void) { printf("\tclosed.\n\n"); printf(" --private=directory - use directory as user home.\n\n"); + printf(" --private-template=directory - same as --private but copy the\n"); + printf("\ttemplatedirectory in the tmpfs mounted user home.\n\n"); + printf(" --private-bin=file,file - build a new /bin in a temporary filesystem,\n"); printf("\tand copy the programs in the list.\n\n"); diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 9e6916534..c6b73f428 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -1044,6 +1044,18 @@ Example: .br $ firejail \-\-private=/home/netblue/firefox-home firefox +.TP +\fB\-\-private-template=templatedir +Mount new /root and /home/user directories in temporary +filesystems, and copy all files in templatedir. All modifications are discarded when the sandbox is +closed. +.br + +.br +Example: +.br +$ firejail \-\-private-template=/home/netblue/.config/mozilla firefox + .TP \fB\-\-private-bin=file,file Build a new /bin in a temporary filesystem, and copy the programs in the list. -- cgit v1.2.3-70-g09d2