From e0f28ab1a1551f78154670283e1dbb2af99853b5 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sun, 9 Oct 2016 11:20:41 -0400 Subject: cleanup --- src/firejail/fs.c | 13 +++++++------ src/firejail/fs_bin.c | 2 +- src/firejail/fs_etc.c | 2 +- src/firejail/fs_home.c | 2 +- src/firejail/fs_trace.c | 2 +- src/firejail/fs_var.c | 2 +- src/firejail/seccomp.c | 8 ++++---- 7 files changed, 16 insertions(+), 15 deletions(-) diff --git a/src/firejail/fs.c b/src/firejail/fs.c index d63ed104f..a5f12c7df 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c @@ -77,14 +77,15 @@ void fs_build_firejail_dir(void) { if (stat(RUN_FIREJAIL_BASEDIR, &s)) { create_dir_as_root(RUN_FIREJAIL_BASEDIR, 0755); } - else { // check /tmp/firejail directory belongs to root end exit if doesn't! + + // check /run/firejail directory belongs to root end exit if doesn't! + if (stat(RUN_FIREJAIL_DIR, &s) == 0) { if (s.st_uid != 0 || s.st_gid != 0) { fprintf(stderr, "Error: non-root %s directory, exiting...\n", RUN_FIREJAIL_DIR); exit(1); } } - - if (stat(RUN_FIREJAIL_DIR, &s)) { + else { create_dir_as_root(RUN_FIREJAIL_DIR, 0755); } @@ -113,7 +114,7 @@ void fs_build_firejail_dir(void) { } -// build /tmp/firejail/mnt directory +// build /run/firejail/mnt directory static int tmpfs_mounted = 0; #ifdef HAVE_CHROOT static void fs_build_remount_mnt_dir(void) { @@ -137,7 +138,7 @@ void fs_build_mnt_dir(void) { if (arg_debug) printf("Mounting tmpfs on %s directory\n", RUN_MNT_DIR); if (mount("tmpfs", RUN_MNT_DIR, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) - errExit("mounting /tmp/firejail/mnt"); + errExit("mounting /run/firejail/mnt"); tmpfs_mounted = 1; fs_logger2("tmpfs", RUN_MNT_DIR); } @@ -1254,7 +1255,7 @@ void fs_private_tmp(void) { if (arg_debug) printf("Mounting tmpfs on /tmp directory\n"); if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=1777,gid=0") < 0) - errExit("mounting /tmp/firejail/mnt"); + errExit("mounting tmpfs on /tmp directory"); fs_logger2("tmpfs", "/tmp"); } diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c index 40539305f..e65474f44 100644 --- a/src/firejail/fs_bin.c +++ b/src/firejail/fs_bin.c @@ -208,7 +208,7 @@ void fs_private_bin_list(void) { char *private_list = cfg.bin_private_keep; assert(private_list); - // create /tmp/firejail/mnt/bin directory + // create /run/firejail/mnt/bin directory fs_build_mnt_dir(); if (mkdir(RUN_BIN_DIR, 0755) == -1) errExit("mkdir"); diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index e860bc173..fc9e40ca0 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c @@ -128,7 +128,7 @@ void fs_private_etc_list(void) { exit(1); } - // create /tmp/firejail/mnt/etc directory + // create /run/firejail/mnt/etc directory fs_build_mnt_dir(); if (mkdir(RUN_ETC_DIR, 0755) == -1) errExit("mkdir"); diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 63d5a1c5e..bd3c404e9 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c @@ -591,7 +591,7 @@ void fs_private_home_list(void) { exit(1); } - // create /tmp/firejail/mnt/home directory + // create /run/firejail/mnt/home directory fs_build_mnt_dir(); int rv = mkdir(RUN_HOME_DIR, 0755); if (rv == -1) diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c index 78fc8a647..37e899f12 100644 --- a/src/firejail/fs_trace.c +++ b/src/firejail/fs_trace.c @@ -44,7 +44,7 @@ void fs_trace_preload(void) { } void fs_trace(void) { - // create /tmp/firejail/mnt directory + // create /run/firejail/mnt directory fs_build_mnt_dir(); // create the new ld.so.preload file and mount-bind it diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c index a578d04e6..4468efb10 100644 --- a/src/firejail/fs_var.c +++ b/src/firejail/fs_var.c @@ -317,7 +317,7 @@ void fs_var_utmp(void) { return; } - // create /tmp/firejail/mnt directory + // create /run/firejail/mnt directory fs_build_mnt_dir(); // create a new utmp file diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c index c2da1168a..549359d94 100644 --- a/src/firejail/seccomp.c +++ b/src/firejail/seccomp.c @@ -708,7 +708,7 @@ int seccomp_filter_drop(int enforce_seccomp) { if (arg_debug) filter_debug(); - // save seccomp filter in /tmp/firejail/mnt/seccomp + // save seccomp filter in /run/firejail/mnt/seccomp // in order to use it in --join operations write_seccomp_file(); @@ -754,7 +754,7 @@ int seccomp_filter_keep(void) { if (arg_debug) filter_debug(); - // save seccomp filter in /tmp/firejail/mnt/seccomp + // save seccomp filter in /run/firejail/mnt/seccomp // in order to use it in --join operations write_seccomp_file(); @@ -796,7 +796,7 @@ int seccomp_filter_errno(void) { if (arg_debug) filter_debug(); - // save seccomp filter in /tmp/firejail/mnt/seccomp + // save seccomp filter in /run/firejail/mnt/seccomp // in order to use it in --join operations write_seccomp_file(); @@ -819,7 +819,7 @@ int seccomp_filter_errno(void) { void seccomp_set(void) { - // read seccomp filter from /tmp/firejail/mnt/seccomp + // read seccomp filter from /runp/firejail/mnt/seccomp read_seccomp_file(RUN_SECCOMP_CFG); // apply filter -- cgit v1.2.3-54-g00ecf