From cc9183d70224babdb65d9dbb9d29e6d14876ca2b Mon Sep 17 00:00:00 2001 From: startx2017 Date: Sun, 18 Mar 2018 10:03:41 -0400 Subject: more run files fixing - problem when running on symlinks --- src/firejail/main.c | 18 ++++++++++++++--- src/firejail/preproc.c | 51 ++++++++++++++++++++++++++---------------------- src/firejail/run_files.c | 2 +- 3 files changed, 44 insertions(+), 27 deletions(-) diff --git a/src/firejail/main.c b/src/firejail/main.c index dad9befd3..38db165e8 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -835,12 +835,24 @@ int main(int argc, char **argv) { // get starting timestamp start_timestamp = getticks(); + if (check_arg(argc, argv, "--quiet", 1)) + arg_quiet = 1; + // build /run/firejail directory structure preproc_build_firejail_dir(); - preproc_clean_run(); + char *container_name = getenv("container"); + if (!container_name || strcmp(container_name, "firejail")) { + lockfd_directory = open(RUN_DIRECTORY_LOCK_FILE, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR); + if (lockfd_directory != -1) { + int rv = fchown(lockfd_directory, 0, 0); + (void) rv; + flock(lockfd_directory, LOCK_EX); + } + preproc_clean_run(); + flock(lockfd_directory, LOCK_UN); + close(lockfd_directory); + } - if (check_arg(argc, argv, "--quiet", 1)) - arg_quiet = 1; if (check_arg(argc, argv, "--allow-debuggers", 1)) { // check kernel version struct utsname u; diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c index 1f4cf9e54..45399bd48 100644 --- a/src/firejail/preproc.c +++ b/src/firejail/preproc.c @@ -107,6 +107,31 @@ void preproc_mount_mnt_dir(void) { } } +static void clean_dir(const char *name, int *pidarr, int start_pid, int max_pids) { + DIR *dir; + if (!(dir = opendir(name))) { + fwarning("cannot clean %s directory\n", name); + return; // we live to fight another day! + } + + // clean leftover files + struct dirent *entry; + char *end; + while ((entry = readdir(dir)) != NULL) { + pid_t pid = strtol(entry->d_name, &end, 10); + pid %= max_pids; + if (end == entry->d_name || *end) + continue; + + if (pid < start_pid) + continue; + if (pidarr[pid] == 0) + delete_run_files(pid); + } + closedir(dir); +} + + // clean run directory void preproc_clean_run(void) { int max_pids=32769; @@ -153,29 +178,9 @@ void preproc_clean_run(void) { } closedir(dir); - // open /run/firejail/profile directory - if (!(dir = opendir(RUN_FIREJAIL_PROFILE_DIR))) { - // sleep 2 seconds and try again - sleep(2); - if (!(dir = opendir(RUN_FIREJAIL_PROFILE_DIR))) { - fprintf(stderr, "Error: cannot open %s directory\n", RUN_FIREJAIL_PROFILE_DIR); - exit(1); - } - } - - // read /run/firejail/profile directory and clean leftover files - while ((entry = readdir(dir)) != NULL) { - pid_t pid = strtol(entry->d_name, &end, 10); - pid %= max_pids; - if (end == entry->d_name || *end) - continue; - - if (pid < start_pid) - continue; - if (pidarr[pid] == 0) - delete_run_files(pid); - } - closedir(dir); + // clean profile and name directories + clean_dir(RUN_FIREJAIL_PROFILE_DIR, pidarr, start_pid, max_pids); + clean_dir(RUN_FIREJAIL_NAME_DIR, pidarr, start_pid, max_pids); free(pidarr); } diff --git a/src/firejail/run_files.c b/src/firejail/run_files.c index 42303c07b..57a0e19df 100644 --- a/src/firejail/run_files.c +++ b/src/firejail/run_files.c @@ -70,8 +70,8 @@ void delete_run_files(pid_t pid) { delete_bandwidth_run_file(pid); delete_network_run_file(pid); delete_name_run_file(pid); - delete_profile_run_file(pid); delete_x11_run_file(pid); + delete_profile_run_file(pid); } void set_name_run_file(pid_t pid) { -- cgit v1.2.3-54-g00ecf