From 745742f17378cde52591c1aa8e112445022abb2d Mon Sep 17 00:00:00 2001 From: netblue30 Date: Mon, 14 Nov 2016 07:53:22 -0500 Subject: cleanup --- src/firejail/caps.c | 13 +---------- src/firejail/fs_whitelist.c | 55 +++++++-------------------------------------- 2 files changed, 9 insertions(+), 59 deletions(-) (limited to 'src') diff --git a/src/firejail/caps.c b/src/firejail/caps.c index 3fd8b576e..ba811cada 100644 --- a/src/firejail/caps.c +++ b/src/firejail/caps.c @@ -168,17 +168,6 @@ static CapsEntry capslist[] = { // }; // end of capslist -const char *caps_find_nr(int nr) { - int i; - int elems = sizeof(capslist) / sizeof(capslist[0]); - for (i = 0; i < elems; i++) { - if (nr == capslist[i].nr) - return capslist[i].name; - } - - return "unknown"; -} - // return -1 if error, or syscall number static int caps_find_name(const char *name) { int i; @@ -397,7 +386,7 @@ static uint64_t extract_caps(int pid) { } fclose(fp); free(file); - printf("Error: cannot read caps configuration\n"); + fprintf(stderr, "Error: cannot read caps configuration\n"); exit(1); } diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 9d8021219..564dc8290 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c @@ -530,11 +530,7 @@ void fs_whitelist(void) { // /home/user if (home_dir) { // keep a copy of real home dir in RUN_WHITELIST_HOME_USER_DIR - int rv = mkdir(RUN_WHITELIST_HOME_USER_DIR, 0755); - if (rv == -1) - errExit("mkdir"); - if (set_perms(RUN_WHITELIST_HOME_USER_DIR, getuid(), getgid(), 0755)) - errExit("set_perms"); + mkdir_attr(RUN_WHITELIST_HOME_USER_DIR, 0755, getuid(), getgid()); if (mount(cfg.homedir, RUN_WHITELIST_HOME_USER_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) errExit("mount bind"); @@ -545,12 +541,7 @@ void fs_whitelist(void) { // /tmp mountpoint if (tmp_dir) { // keep a copy of real /tmp directory in - int rv = mkdir(RUN_WHITELIST_TMP_DIR, 1777); - if (rv == -1) - errExit("mkdir"); - if (set_perms(RUN_WHITELIST_TMP_DIR, 0, 0, 1777)) - errExit("set_perms"); - + mkdir_attr(RUN_WHITELIST_TMP_DIR, 1777, 0, 0); if (mount("/tmp", RUN_WHITELIST_TMP_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) errExit("mount bind"); @@ -568,12 +559,7 @@ void fs_whitelist(void) { struct stat s; if (stat("/media", &s) == 0) { // keep a copy of real /media directory in RUN_WHITELIST_MEDIA_DIR - int rv = mkdir(RUN_WHITELIST_MEDIA_DIR, 0755); - if (rv == -1) - errExit("mkdir"); - if (set_perms(RUN_WHITELIST_MEDIA_DIR, 0, 0, 0755)) - errExit("set_perms"); - + mkdir_attr(RUN_WHITELIST_MEDIA_DIR, 0755, 0, 0); if (mount("/media", RUN_WHITELIST_MEDIA_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) errExit("mount bind"); @@ -594,12 +580,7 @@ void fs_whitelist(void) { struct stat s; if (stat("/mnt", &s) == 0) { // keep a copy of real /mnt directory in RUN_WHITELIST_MNT_DIR - int rv = mkdir(RUN_WHITELIST_MNT_DIR, 0755); - if (rv == -1) - errExit("mkdir"); - if (set_perms(RUN_WHITELIST_MNT_DIR, 0, 0, 0755)) - errExit("set_perms"); - + mkdir_attr(RUN_WHITELIST_MNT_DIR, 0755, 0, 0); if (mount("/mnt", RUN_WHITELIST_MNT_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) errExit("mount bind"); @@ -618,12 +599,7 @@ void fs_whitelist(void) { // /var mountpoint if (var_dir) { // keep a copy of real /var directory in RUN_WHITELIST_VAR_DIR - int rv = mkdir(RUN_WHITELIST_VAR_DIR, 0755); - if (rv == -1) - errExit("mkdir"); - if (set_perms(RUN_WHITELIST_VAR_DIR, 0, 0, 0755)) - errExit("set_perms"); - + mkdir_attr(RUN_WHITELIST_VAR_DIR, 0755, 0, 0); if (mount("/var", RUN_WHITELIST_VAR_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) errExit("mount bind"); @@ -638,12 +614,7 @@ void fs_whitelist(void) { // /dev mountpoint if (dev_dir) { // keep a copy of real /dev directory in RUN_WHITELIST_DEV_DIR - int rv = mkdir(RUN_WHITELIST_DEV_DIR, 0755); - if (rv == -1) - errExit("mkdir"); - if (set_perms(RUN_WHITELIST_DEV_DIR, 0, 0, 0755)) - errExit("set_perms"); - + mkdir_attr(RUN_WHITELIST_DEV_DIR, 0755, 0, 0); if (mount("/dev", RUN_WHITELIST_DEV_DIR, NULL, MS_BIND|MS_REC, "mode=755,gid=0") < 0) errExit("mount bind"); @@ -658,12 +629,7 @@ void fs_whitelist(void) { // /opt mountpoint if (opt_dir) { // keep a copy of real /opt directory in RUN_WHITELIST_OPT_DIR - int rv = mkdir(RUN_WHITELIST_OPT_DIR, 0755); - if (rv == -1) - errExit("mkdir"); - if (set_perms(RUN_WHITELIST_OPT_DIR, 0, 0, 0755)) - errExit("set_perms"); - + mkdir_attr(RUN_WHITELIST_OPT_DIR, 0755, 0, 0); if (mount("/opt", RUN_WHITELIST_OPT_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) errExit("mount bind"); @@ -681,12 +647,7 @@ void fs_whitelist(void) { struct stat s; if (stat("/srv", &s) == 0) { // keep a copy of real /srv directory in RUN_WHITELIST_SRV_DIR - int rv = mkdir(RUN_WHITELIST_SRV_DIR, 0755); - if (rv == -1) - errExit("mkdir"); - if (set_perms(RUN_WHITELIST_SRV_DIR, 0, 0, 0755)) - errExit("set_perms"); - + mkdir_attr(RUN_WHITELIST_SRV_DIR, 0755, 0, 0); if (mount("/srv", RUN_WHITELIST_SRV_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) errExit("mount bind"); -- cgit v1.2.3-70-g09d2