From 528f6a67ea4f5d2796f2e68432e92fc6d8999976 Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Tue, 17 Sep 2019 14:38:24 +0200
Subject: move to fd based trace file mount

---
 src/firejail/fs_trace.c | 33 +++++++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 8 deletions(-)

(limited to 'src')

diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c
index 2a7c83049..9ade0bdc3 100644
--- a/src/firejail/fs_trace.c
+++ b/src/firejail/fs_trace.c
@@ -46,21 +46,38 @@ void fs_trace_preload(void) {
 			printf("Creating an empty trace log file: %s\n", arg_tracefile);
 		// create a bind mounted trace logfile that the sandbox can see
 		EUID_USER();
-		FILE *fp = fopen(arg_tracefile, "w");
-		if (!fp)
-			errExit("fopen");
-		SET_PERMS_STREAM(fp, firejail_uid, firejail_gid, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH);
-		fclose(fp);
+		int fd = open(arg_tracefile, O_CREAT|O_RDWR, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH);
+		if (fd == -1) {
+			perror("open");
+			fprintf(stderr, "Error: cannot open trace log file %s\n", arg_tracefile);
+			exit(1);
+		}
+		if (fstat(fd, &s) == -1)
+			errExit("fstat");
+		if (!S_ISREG(s.st_mode)) {
+			fprintf(stderr, "Error: cannot write trace log: %s is no regular file\n", arg_tracefile);
+			exit(1);
+		}
+		if (ftruncate(fd, 0) == -1)
+			errExit("ftruncate");
 		EUID_ROOT();
-		fp = fopen(RUN_TRACE_FILE, "w");
+		FILE *fp = fopen(RUN_TRACE_FILE, "w");
 		if (!fp)
 			errExit("fopen " RUN_TRACE_FILE);
 		fclose(fp);
 		fs_logger2("touch ", arg_tracefile);
-		if (mount(arg_tracefile, RUN_TRACE_FILE, NULL, MS_BIND|MS_REC, NULL) < 0)
-			errExit("mount bind " RUN_TRACE_FILE);
+		// mount using the symbolic link in /proc/self/fd
 		if (arg_debug)
 			printf("Bind mount %s to %s\n", arg_tracefile, RUN_TRACE_FILE);
+		char *proc;
+		if (asprintf(&proc, "/proc/self/fd/%d", fd) == -1)
+			errExit("asprintf");
+		if (mount(proc, RUN_TRACE_FILE, NULL, MS_BIND|MS_REC, NULL) < 0)
+			errExit("mount bind " RUN_TRACE_FILE);
+		free(proc);
+		close(fd);
+		// now that RUN_TRACE_FILE is user-writable, mount it noexec
+		fs_remount(RUN_TRACE_FILE, MOUNT_NOEXEC, 0);
 	}
 }
 
-- 
cgit v1.2.3-54-g00ecf