From 9678da00301562464464099b9d7cfd76424fbb23 Mon Sep 17 00:00:00 2001 From: smitsohu Date: Sun, 6 Jun 2021 11:08:01 +0200 Subject: cleanup --- src/firejail/firejail.h | 2 +- src/firejail/fs_whitelist.c | 13 ++++++------- src/firejail/main.c | 2 +- src/firejail/util.c | 18 ++++++++---------- 4 files changed, 16 insertions(+), 19 deletions(-) diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 495b0bebc..a5c44739e 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -530,7 +530,7 @@ int has_handler(pid_t pid, int signal); void enter_network_namespace(pid_t pid); int read_pid(const char *name, pid_t *pid); pid_t require_pid(const char *name); -void check_homedir(void); +void check_homedir(const char *dir); // Get info regarding the last kernel mount operation from /proc/self/mountinfo // The return value points to a static area, and will be overwritten by subsequent calls. diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 9a7a1bac7..258f023f6 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c @@ -304,7 +304,6 @@ static void globbing(const char *pattern) { } // mount tmpfs on all top level directories -// home directories *inside* /run/user/$UID are not fully supported static void tmpfs_topdirs(const TopDir *topdirs) { int tmpfs_home = 0; int tmpfs_runuser = 0; @@ -335,6 +334,7 @@ static void tmpfs_topdirs(const TopDir *topdirs) { // mount tmpfs fs_tmpfs(topdirs[i].path, 0); + selinux_relabel_path(topdirs[i].path, topdirs[i].path); // init tmpfs if (strcmp(topdirs[i].path, "/run") == 0) { @@ -384,8 +384,6 @@ static void tmpfs_topdirs(const TopDir *topdirs) { const char *rel = cfg.homedir + topdir_len + 1; whitelist_file(topdirs[i].fd, rel, cfg.homedir); } - - selinux_relabel_path(topdirs[i].path, topdirs[i].path); } // user home directory @@ -467,9 +465,9 @@ static TopDir *add_topdir(const char *dir, TopDir *topdirs, const char *path) { errExit("strdup"); // open the directory, don't follow symbolic links - rv->fd = safer_openat(-1, rv->path, O_PATH|O_NOFOLLOW|O_DIRECTORY|O_CLOEXEC); + rv->fd = safer_openat(-1, dir, O_PATH|O_NOFOLLOW|O_DIRECTORY|O_CLOEXEC); if (rv->fd == -1) { - fprintf(stderr, "Error: cannot open %s\n", rv->path); + fprintf(stderr, "Error: cannot open %s\n", dir); exit(1); } @@ -750,10 +748,11 @@ void fs_whitelist(void) { } // create the link if any - if (link) + if (link) { whitelist_symlink(link, file); + free(link); + } - free(link); free(file); free(entry->wparam); entry->wparam = NULL; diff --git a/src/firejail/main.c b/src/firejail/main.c index 51e10a304..7ec2d6114 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -259,8 +259,8 @@ static void init_cfg(int argc, char **argv) { fprintf(stderr, "Error: user %s doesn't have a user directory assigned\n", cfg.username); exit(1); } + check_homedir(pw->pw_dir); cfg.homedir = clean_pathname(pw->pw_dir); - check_homedir(); // initialize random number generator sandbox_pid = getpid(); diff --git a/src/firejail/util.c b/src/firejail/util.c index 6a7318c4b..b41a65c1d 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c @@ -447,15 +447,13 @@ int is_link(const char *fname) { if (*fname == '\0') return 0; - char *dup = strdup(fname); - if (!dup) - errExit("strdup"); - trim_trailing_slash_or_dot(dup); + // remove trailing slashes + char *tmp = clean_pathname(fname); char c; - ssize_t rv = readlink(dup, &c, 1); + ssize_t rv = readlink(tmp, &c, 1); + free(tmp); - free(dup); return (rv != -1); } @@ -1319,14 +1317,14 @@ static int has_link(const char *dir) { return 0; } -void check_homedir(void) { - assert(cfg.homedir); - if (cfg.homedir[0] != '/') { +void check_homedir(const char *dir) { + assert(dir); + if (dir[0] != '/') { fprintf(stderr, "Error: invalid user directory \"%s\"\n", cfg.homedir); exit(1); } // symlinks are rejected in many places - if (has_link(cfg.homedir)) { + if (has_link(dir)) { fprintf(stderr, "No full support for symbolic links in path of user directory.\n" "Please provide resolved path in password database (/etc/passwd).\n\n"); } -- cgit v1.2.3-54-g00ecf