From 1cab02f5ae3c90c01fae4d1c16381820b757a3a6 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sun, 31 Jan 2016 11:37:23 -0500 Subject: various fixes --- src/firejail/bandwidth.c | 2 +- src/firejail/fs_bin.c | 2 +- src/firejail/fs_etc.c | 2 +- src/firejail/fs_home.c | 2 +- src/firejail/fs_var.c | 4 ++-- src/firejail/main.c | 4 ++-- src/firejail/pulseaudio.c | 4 ++-- 7 files changed, 10 insertions(+), 10 deletions(-) (limited to 'src') diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c index c372dd455..da894b321 100644 --- a/src/firejail/bandwidth.c +++ b/src/firejail/bandwidth.c @@ -118,7 +118,7 @@ void shm_create_firejail_dir(void) { struct stat s; if (stat("/dev/shm/firejail", &s) == -1) { /* coverity[toctou] */ - if (mkdir("/dev/shm/firejail", 0777) == -1) + if (mkdir("/dev/shm/firejail", 0644) == -1) errExit("mkdir"); if (chown("/dev/shm/firejail", 0, 0) == -1) errExit("chown"); diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c index e88d5c53b..af67ac290 100644 --- a/src/firejail/fs_bin.c +++ b/src/firejail/fs_bin.c @@ -169,7 +169,7 @@ void fs_private_bin_list(void) { // create /tmp/firejail/mnt/bin directory fs_build_mnt_dir(); - int rv = mkdir(RUN_BIN_DIR, S_IRWXU | S_IRWXG | S_IRWXO); + int rv = mkdir(RUN_BIN_DIR, 0755); if (rv == -1) errExit("mkdir"); if (chown(RUN_BIN_DIR, 0, 0) < 0) diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index 3d9abaf72..c3a247331 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c @@ -113,7 +113,7 @@ void fs_private_etc_list(void) { // create /tmp/firejail/mnt/etc directory fs_build_mnt_dir(); - int rv = mkdir(RUN_ETC_DIR, S_IRWXU | S_IRWXG | S_IRWXO); + int rv = mkdir(RUN_ETC_DIR, 0755); if (rv == -1) errExit("mkdir"); if (chown(RUN_ETC_DIR, 0, 0) < 0) diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index e42ce5255..ad849da3f 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c @@ -497,7 +497,7 @@ void fs_private_home_list(void) { // create /tmp/firejail/mnt/home directory fs_build_mnt_dir(); - int rv = mkdir(RUN_HOME_DIR, S_IRWXU | S_IRWXG | S_IRWXO); + int rv = mkdir(RUN_HOME_DIR, 0755); if (rv == -1) errExit("mkdir"); if (chown(RUN_HOME_DIR, u, g) < 0) diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c index 8ecd159e8..82d453308 100644 --- a/src/firejail/fs_var.c +++ b/src/firejail/fs_var.c @@ -232,14 +232,14 @@ void fs_var_cache(void) { gid = p->pw_gid; } - int rv = mkdir("/var/cache/lighttpd/compress", S_IRWXU | S_IRWXG | S_IRWXO); + int rv = mkdir("/var/cache/lighttpd/compress", 0755); if (rv == -1) errExit("mkdir"); if (chown("/var/cache/lighttpd/compress", uid, gid) < 0) errExit("chown"); fs_logger("mkdir /var/cache/lighttpd/compress"); - rv = mkdir("/var/cache/lighttpd/uploads", S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH); + rv = mkdir("/var/cache/lighttpd/uploads", 0755); if (rv == -1) errExit("mkdir"); if (chown("/var/cache/lighttpd/uploads", uid, gid) < 0) diff --git a/src/firejail/main.c b/src/firejail/main.c index 4a86e9a2b..2c63bf7b0 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -759,11 +759,11 @@ int main(int argc, char **argv) { struct stat s; if (stat(dirname, &s) == -1) { /* coverity[toctou] */ - if (mkdir(dirname, S_IRWXU | S_IRWXG | S_IRWXO)) + if (mkdir(dirname, 0700)) errExit("mkdir"); if (chown(dirname, getuid(), getgid()) < 0) errExit("chown"); - if (chmod(dirname, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) < 0) + if (chmod(dirname, 0700) < 0) errExit("chmod"); } free(dirname); diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c index a3348baf4..8bf8d8303 100644 --- a/src/firejail/pulseaudio.c +++ b/src/firejail/pulseaudio.c @@ -93,8 +93,8 @@ void pulseaudio_init(void) { // create the new user pulseaudio directory fs_build_mnt_dir(); - int rv = mkdir(RUN_PULSE_DIR, S_IRWXU | S_IRWXG | S_IRWXO); - (void) rv; // in --chroot mode the directory canalready be there + int rv = mkdir(RUN_PULSE_DIR, 0700); + (void) rv; // in --chroot mode the directory can already be there if (chown(RUN_PULSE_DIR, getuid(), getgid()) < 0) errExit("chown"); if (chmod(RUN_PULSE_DIR, 0700) < 0) -- cgit v1.2.3-54-g00ecf