From d921d58ec1f027faafc59b4bad342c076454a588 Mon Sep 17 00:00:00 2001 From: smitsohu Date: Tue, 11 Dec 2018 20:42:33 +0100 Subject: add create_empty_dir_as_user function, refactor --- src/firejail/firejail.h | 1 + src/firejail/fs.c | 66 +++---------------------------------------------- src/firejail/util.c | 38 +++++++++++++++++++++++++++- 3 files changed, 42 insertions(+), 63 deletions(-) diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index a4aa20667..c0072debe 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -540,6 +540,7 @@ uid_t pid_get_uid(pid_t pid); uid_t get_group_id(const char *group); int remove_overlay_directory(void); void flush_stdin(void); +void create_empty_dir_as_user(const char *dir, mode_t mode); void create_empty_dir_as_root(const char *dir, mode_t mode); void create_empty_file_as_root(const char *dir, mode_t mode); int set_perms(const char *fname, uid_t uid, gid_t gid, mode_t mode); diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 49074f525..c689a49fa 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c @@ -767,26 +767,7 @@ void fs_proc_sys_dev_boot(void) { char *fnamegpg; if (asprintf(&fnamegpg, "/run/user/%d/gnupg", getuid()) == -1) errExit("asprintf"); - if (stat(fnamegpg, &s) == -1) { - pid_t child = fork(); - if (child < 0) - errExit("fork"); - if (child == 0) { - // drop privileges - drop_privs(0); - if (mkdir(fnamegpg, 0700) == 0) { - if (chmod(fnamegpg, 0700) == -1) - {;} // do nothing - } -#ifdef HAVE_GCOV - __gcov_flush(); -#endif - _exit(0); - } - // wait for the child to finish - waitpid(child, NULL, 0); - fs_logger2("create", fnamegpg); - } + create_empty_dir_as_user(fnamegpg, 0700); if (stat(fnamegpg, &s) == 0) disable_file(BLACKLIST_FILE, fnamegpg); free(fnamegpg); @@ -795,26 +776,7 @@ void fs_proc_sys_dev_boot(void) { char *fnamesysd; if (asprintf(&fnamesysd, "/run/user/%d/systemd", getuid()) == -1) errExit("asprintf"); - if (stat(fnamesysd, &s) == -1) { - pid_t child = fork(); - if (child < 0) - errExit("fork"); - if (child == 0) { - // drop privileges - drop_privs(0); - if (mkdir(fnamesysd, 0755) == 0) { - if (chmod(fnamesysd, 0755) == -1) - {;} // do nothing - } -#ifdef HAVE_GCOV - __gcov_flush(); -#endif - _exit(0); - } - // wait for the child to finish - waitpid(child, NULL, 0); - fs_logger2("create", fnamesysd); - } + create_empty_dir_as_user(fnamesysd, 0755); if (stat(fnamesysd, &s) == 0) disable_file(BLACKLIST_FILE, fnamesysd); free(fnamesysd); @@ -924,31 +886,11 @@ char *fs_check_overlay_dir(const char *subdirname, int allow_reuse) { } else { // create ~/.firejail directory - pid_t child = fork(); - if (child < 0) - errExit("fork"); - if (child == 0) { - // drop privileges - drop_privs(0); - - // create directory - if (mkdir(dirname, 0700)) - errExit("mkdir"); - if (chmod(dirname, 0700) == -1) - errExit("chmod"); - ASSERT_PERMS(dirname, getuid(), getgid(), 0700); -#ifdef HAVE_GCOV - __gcov_flush(); -#endif - _exit(0); - } - // wait for the child to finish - waitpid(child, NULL, 0); + create_empty_dir_as_user(dirname, 0700); if (stat(dirname, &s) == -1) { - fprintf(stderr, "Error: cannot create ~/.firejail directory\n"); + fprintf(stderr, "Error: cannot create directory %s\n", dirname); exit(1); } - fs_logger2("create", dirname); } free(dirname); diff --git a/src/firejail/util.c b/src/firejail/util.c index 47b237911..9af41ffe2 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c @@ -961,6 +961,42 @@ void flush_stdin(void) { } } +void create_empty_dir_as_user(const char *dir, mode_t mode) { + assert(dir); + mode &= 07777; + struct stat s; + + if (stat(dir, &s)) { + if (arg_debug) + printf("Creating empty %s directory\n", dir); + pid_t child = fork(); + if (child < 0) + errExit("fork"); + if (child == 0) { + // drop privileges + drop_privs(0); + + if (mkdir(dir, mode) == 0) { + if (chmod(dir, mode) == -1) + {;} // do nothing + } + else if (errno != EEXIST && arg_debug) { + char *str; + if (asprintf(&str, "Directory %s not created", dir) == -1) + errExit("asprintf"); + perror(str); + } +#ifdef HAVE_GCOV + __gcov_flush(); +#endif + _exit(0); + } + waitpid(child, NULL, 0); + if (stat(dir, &s) == 0) + fs_logger2("create", dir); + } +} + void create_empty_dir_as_root(const char *dir, mode_t mode) { assert(dir); mode &= 07777; @@ -1262,4 +1298,4 @@ void enter_network_namespace(pid_t pid) { fprintf(stderr, "Error: cannot join the network namespace\n"); exit(1); } -} \ No newline at end of file +} -- cgit v1.2.3-54-g00ecf