From aa28ac9e09557b833f194f594e2940919d940d1f Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sun, 31 Jan 2016 15:15:24 -0500 Subject: various fixes --- src/firejail/fs.c | 24 ++++++++++++------------ src/firejail/fs_whitelist.c | 20 ++++++++++---------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 164e3368b..fa212bbd5 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c @@ -64,12 +64,12 @@ void fs_build_firejail_dir(void) { if (arg_debug) printf("Creating %s directory\n", RUN_FIREJAIL_DIR); /* coverity[toctou] */ - int rv = mkdir(RUN_FIREJAIL_DIR, S_IRWXU | S_IRWXG | S_IRWXO); + int rv = mkdir(RUN_FIREJAIL_DIR, 0755); if (rv == -1) errExit("mkdir"); if (chown(RUN_FIREJAIL_DIR, 0, 0) < 0) errExit("chown"); - if (chmod(RUN_FIREJAIL_DIR, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) < 0) + if (chmod(RUN_FIREJAIL_DIR, 0755) < 0) errExit("chmod"); } else { // check /tmp/firejail directory belongs to root end exit if doesn't! @@ -102,12 +102,12 @@ void fs_build_mnt_dir(void) { if (arg_debug) printf("Creating %s directory\n", RUN_MNT_DIR); /* coverity[toctou] */ - int rv = mkdir(RUN_MNT_DIR, S_IRWXU | S_IRWXG | S_IRWXO); + int rv = mkdir(RUN_MNT_DIR, 0755); if (rv == -1) errExit("mkdir"); if (chown(RUN_MNT_DIR, 0, 0) < 0) errExit("chown"); - if (chmod(RUN_MNT_DIR, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) < 0) + if (chmod(RUN_MNT_DIR, 0755) < 0) errExit("chmod"); } @@ -740,18 +740,18 @@ void fs_overlayfs(void) { char *oroot; if(asprintf(&oroot, "%s/oroot", RUN_MNT_DIR) == -1) errExit("asprintf"); - if (mkdir(oroot, S_IRWXU | S_IRWXG | S_IRWXO)) + if (mkdir(oroot, 0755)) errExit("mkdir"); if (chown(oroot, 0, 0) < 0) errExit("chown"); - if (chmod(oroot, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) < 0) + if (chmod(oroot, 0755) < 0) errExit("chmod"); char *basedir = RUN_MNT_DIR; if (arg_overlay_keep) { // set base for working and diff directories basedir = cfg.overlay_dir; - if (mkdir(basedir, S_IRWXU | S_IRWXG | S_IRWXO) != 0) { + if (mkdir(basedir, 0755) != 0) { fprintf(stderr, "Error: cannot create overlay directory\n"); exit(1); } @@ -760,21 +760,21 @@ void fs_overlayfs(void) { char *odiff; if(asprintf(&odiff, "%s/odiff", basedir) == -1) errExit("asprintf"); - if (mkdir(odiff, S_IRWXU | S_IRWXG | S_IRWXO)) + if (mkdir(odiff, 0755)) errExit("mkdir"); if (chown(odiff, 0, 0) < 0) errExit("chown"); - if (chmod(odiff, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) < 0) + if (chmod(odiff, 0755) < 0) errExit("chmod"); char *owork; if(asprintf(&owork, "%s/owork", basedir) == -1) errExit("asprintf"); - if (mkdir(owork, S_IRWXU | S_IRWXG | S_IRWXO)) + if (mkdir(owork, 0755)) errExit("mkdir"); if (chown(owork, 0, 0) < 0) errExit("chown"); - if (chmod(owork, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) < 0) + if (chmod(owork, 0755) < 0) errExit("chmod"); // mount overlayfs @@ -913,7 +913,7 @@ void fs_chroot(const char *rootdir) { if (asprintf(&rundir, "%s/run", rootdir) == -1) errExit("asprintf"); if (!is_dir(rundir)) { - int rv = mkdir(rundir, S_IRWXU | S_IRWXG | S_IRWXO); + int rv = mkdir(rundir, 0755); (void) rv; rv = chown(rundir, 0, 0); (void) rv; diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 85a51c0c8..22b5fb0a7 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c @@ -464,7 +464,7 @@ void fs_whitelist(void) { // /home/user if (home_dir) { // keep a copy of real home dir in RUN_WHITELIST_HOME_USER_DIR - int rv = mkdir(RUN_WHITELIST_HOME_USER_DIR, S_IRWXU | S_IRWXG | S_IRWXO); + int rv = mkdir(RUN_WHITELIST_HOME_USER_DIR, 0755); if (rv == -1) errExit("mkdir"); if (chown(RUN_WHITELIST_HOME_USER_DIR, getuid(), getgid()) < 0) @@ -482,12 +482,12 @@ void fs_whitelist(void) { // /tmp mountpoint if (tmp_dir) { // keep a copy of real /tmp directory in WHITELIST_TMP_DIR - int rv = mkdir(RUN_WHITELIST_TMP_DIR, S_IRWXU | S_IRWXG | S_IRWXO); + int rv = mkdir(RUN_WHITELIST_TMP_DIR, 1777); if (rv == -1) errExit("mkdir"); if (chown(RUN_WHITELIST_TMP_DIR, 0, 0) < 0) errExit("chown"); - if (chmod(RUN_WHITELIST_TMP_DIR, 0777) < 0) + if (chmod(RUN_WHITELIST_TMP_DIR, 1777) < 0) errExit("chmod"); if (mount("/tmp", RUN_WHITELIST_TMP_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) @@ -496,7 +496,7 @@ void fs_whitelist(void) { // mount tmpfs on /tmp if (arg_debug || arg_debug_whitelists) printf("Mounting tmpfs on /tmp directory\n"); - if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) + if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=1777,gid=0") < 0) errExit("mounting tmpfs on /tmp"); fs_logger("mount tmpfs on /tmp"); } @@ -504,7 +504,7 @@ void fs_whitelist(void) { // /media mountpoint if (media_dir) { // keep a copy of real /media directory in RUN_WHITELIST_MEDIA_DIR - int rv = mkdir(RUN_WHITELIST_MEDIA_DIR, S_IRWXU | S_IRWXG | S_IRWXO); + int rv = mkdir(RUN_WHITELIST_MEDIA_DIR, 0755); if (rv == -1) errExit("mkdir"); if (chown(RUN_WHITELIST_MEDIA_DIR, 0, 0) < 0) @@ -526,7 +526,7 @@ void fs_whitelist(void) { // /var mountpoint if (var_dir) { // keep a copy of real /var directory in RUN_WHITELIST_VAR_DIR - int rv = mkdir(RUN_WHITELIST_VAR_DIR, S_IRWXU | S_IRWXG | S_IRWXO); + int rv = mkdir(RUN_WHITELIST_VAR_DIR, 0755); if (rv == -1) errExit("mkdir"); if (chown(RUN_WHITELIST_VAR_DIR, 0, 0) < 0) @@ -548,7 +548,7 @@ void fs_whitelist(void) { // /dev mountpoint if (dev_dir) { // keep a copy of real /dev directory in RUN_WHITELIST_DEV_DIR - int rv = mkdir(RUN_WHITELIST_DEV_DIR, S_IRWXU | S_IRWXG | S_IRWXO); + int rv = mkdir(RUN_WHITELIST_DEV_DIR, 0755); if (rv == -1) errExit("mkdir"); if (chown(RUN_WHITELIST_DEV_DIR, 0, 0) < 0) @@ -556,7 +556,7 @@ void fs_whitelist(void) { if (chmod(RUN_WHITELIST_DEV_DIR, 0755) < 0) errExit("chmod"); - if (mount("/dev", RUN_WHITELIST_DEV_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) + if (mount("/dev", RUN_WHITELIST_DEV_DIR, NULL, MS_BIND|MS_REC, "mode=755,gid=0") < 0) errExit("mount bind"); // mount tmpfs on /dev @@ -569,8 +569,8 @@ void fs_whitelist(void) { // /opt mountpoint if (opt_dir) { - // keep a copy of real /opt directory in RUN_WHITELIST_DEV_DIR - int rv = mkdir(RUN_WHITELIST_OPT_DIR, S_IRWXU | S_IRWXG | S_IRWXO); + // keep a copy of real /opt directory in RUN_WHITELIST_OPT_DIR + int rv = mkdir(RUN_WHITELIST_OPT_DIR, 0755); if (rv == -1) errExit("mkdir"); if (chown(RUN_WHITELIST_OPT_DIR, 0, 0) < 0) -- cgit v1.2.3-54-g00ecf