From 9fc8878b4131b34e4425d0b0eb30b477a71b1c44 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Mon, 6 Jun 2016 10:09:21 -0400 Subject: appimage fixes --- src/firejail/appimage.c | 43 +++++++++++++++++++++++++++++++++---------- src/firejail/firejail.h | 3 ++- src/firejail/fs.c | 2 -- src/firejail/main.c | 11 +++-------- 4 files changed, 38 insertions(+), 21 deletions(-) diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c index e25d50a2d..59ce31052 100644 --- a/src/firejail/appimage.c +++ b/src/firejail/appimage.c @@ -26,11 +26,14 @@ #include #include #include +#include +static char *devloop = NULL; // device file +static char *mntdir = NULL; // mount point in /tmp directory - -char *appimage_set(const char *appimage_path) { +void appimage_set(const char *appimage_path) { assert(appimage_path); + assert(devloop == NULL); // don't call this twice! EUID_ASSERT(); // check appimage_path @@ -49,7 +52,6 @@ char *appimage_set(const char *appimage_path) { exit(1); } close(cfd); - char *devloop; if (asprintf(&devloop, "/dev/loop%d", devnr) == -1) errExit("asprintf"); @@ -63,15 +65,17 @@ char *appimage_set(const char *appimage_path) { close(ffd); char dirname[] = "/tmp/firejail-mnt-XXXXXX"; - char *mntdir = strdup(mkdtemp(dirname)); + mntdir = strdup(mkdtemp(dirname)); if (mntdir == NULL) { fprintf(stderr, "Error: cannot create temporary directory\n"); exit(1); } mkdir(mntdir, 755); - chown(mntdir, getuid(), getgid()); - chmod(mntdir, 755); - + if (chown(mntdir, getuid(), getgid()) == -1) + errExit("chown"); + if (chmod(mntdir, 755) == -1) + errExit("chmod"); + char *mode; if (asprintf(&mode, "mode=755,uid=%d,gid=%d", getuid(), getgid()) == -1) errExit("asprintf"); @@ -79,6 +83,7 @@ char *appimage_set(const char *appimage_path) { if (mount(devloop, mntdir, "iso9660",MS_MGC_VAL|MS_RDONLY, mode) < 0) errExit("mounting appimage"); + if (arg_debug) printf("appimage mounted on %s\n", mntdir); EUID_USER(); @@ -87,8 +92,26 @@ char *appimage_set(const char *appimage_path) { if (asprintf(&cfg.command_line, "%s/AppRun", mntdir) == -1) errExit("asprintf"); - free(devloop); free(mode); - - return mntdir; +} + +void appimage_clear(void) { + int rv; + + if (mntdir) { + rv = umount2(mntdir, MNT_FORCE); + if (rv == -1 && errno == EBUSY) { + sleep(1); + rv = umount2(mntdir, MNT_FORCE); + + } + rmdir(mntdir); + free(mntdir); + } + + if (devloop) { + int lfd = open(devloop, O_RDONLY); + rv = ioctl(lfd, LOOP_CLR_FD, 0); + close(lfd); + } } diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 00674c047..2d5e05f79 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -576,7 +576,8 @@ void fs_rdwr_add(const char *path); void fs_rdwr(void); // appimage.c -char *appimage_set(const char *appimage_path); +void appimage_set(const char *appimage_path); +void appimage_clear(void); #endif diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 984d413a3..8cae9191c 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c @@ -570,8 +570,6 @@ void fs_rdonly_noexit(const char *dir) { // mount /proc and /sys directories void fs_proc_sys_dev_boot(void) { - struct stat s; - if (arg_debug) printf("Remounting /proc and /proc/sys filesystems\n"); if (mount("proc", "/proc", "proc", MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_REC, NULL) < 0) diff --git a/src/firejail/main.c b/src/firejail/main.c index c2ac4a3fa..1c2f021bb 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -107,7 +107,6 @@ char *fullargv[MAX_ARGS]; // expanded argv for restricted shell int fullargc = 0; static pid_t child = 0; pid_t sandbox_pid; -static char *appimage_mntdir = NULL; static void set_name_file(pid_t pid); static void delete_name_file(pid_t pid); @@ -130,16 +129,13 @@ static void myexit(int rv) { // delete sandbox files in shared memory EUID_ROOT(); clear_run_files(sandbox_pid); - if (appimage_mntdir) { - umount2(appimage_mntdir, MNT_FORCE); - rmdir(appimage_mntdir); - free(appimage_mntdir); - } + appimage_clear(); exit(rv); } static void my_handler(int s){ +printf("**************************\n"); EUID_ROOT(); if (!arg_quiet) { printf("\nParent received signal %d, shutting down the child process...\n", s); @@ -1918,9 +1914,8 @@ int main(int argc, char **argv) { else if (arg_appimage) { if (arg_debug) printf("Configuring appimage environment\n"); - appimage_mntdir = appimage_set(cfg.command_name); + appimage_set(cfg.command_name); cfg.window_title = "appimage"; - //todo: set window title } else { // calculate the length of the command -- cgit v1.2.3-54-g00ecf