From a91649ccf77c2fa20206759ef986aa9967e38ea6 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Wed, 25 Nov 2015 08:35:25 -0500 Subject: fixes --- src/firejail/firejail.h | 1 + src/firejail/fs_bin.c | 2 +- src/firejail/fs_home.c | 11 +++++++---- src/firejail/fs_whitelist.c | 2 +- src/firejail/restrict_users.c | 2 +- src/firejail/util.c | 34 ++++++++++++++++++++++++++++++++++ 6 files changed, 45 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 3ede58df6..a364de75f 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -322,6 +322,7 @@ int net_move_interface(const char *dev, unsigned pid); // util.c void drop_privs(int nogroups); +int mkpath_as_root(const char* path); void extract_command_name(const char *str); void logsignal(int s); void logmsg(const char *msg); diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c index 38b9b06ca..946c75d30 100644 --- a/src/firejail/fs_bin.c +++ b/src/firejail/fs_bin.c @@ -55,7 +55,7 @@ static char *check_dir_or_file(const char *name) { } if (!fname) { - fprintf(stderr, "Warning: file %s not found\n", name); +// fprintf(stderr, "Warning: file %s not found\n", name); return NULL; } diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 23f036bd7..ca9f7b472 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c @@ -233,9 +233,12 @@ void fs_private(void) { // create /home/user if (arg_debug) printf("Create a new user directory\n"); - int rv = mkdir(homedir, S_IRWXU); - if (rv == -1) - errExit("mkdir"); + if (mkdir(homedir, S_IRWXU) == -1) { + if (mkpath_as_root(homedir) == -1) + errExit("mkpath"); + if (mkdir(homedir, S_IRWXU) == -1) + errExit("mkdir"); + } if (chown(homedir, u, g) < 0) errExit("chown"); } @@ -346,7 +349,7 @@ void fs_check_private_dir(void) { exit(1); } if (s1.st_uid != s2.st_uid) { - printf("Error: the two home directories must have the same owner\n"); + printf("Error: --private directory should be owned by the current user\n"); exit(1); } } diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index a38539078..d018554d5 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c @@ -75,7 +75,7 @@ static void whitelist_path(ProfileEntry *entry) { assert(path); const char *fname; char *wfile = NULL; - + if (entry->home_dir) { fname = path + strlen(cfg.homedir); if (*fname == '\0') { diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c index 4930dd1ea..50a9a9b89 100644 --- a/src/firejail/restrict_users.c +++ b/src/firejail/restrict_users.c @@ -120,7 +120,7 @@ static void sanitize_home(void) { // create user home directory if (mkdir(cfg.homedir, 0755) == -1) { - if (mkpath(cfg.homedir)) + if (mkpath_as_root(cfg.homedir)) errExit("mkpath"); if (mkdir(cfg.homedir, 0755) == -1) errExit("mkdir"); diff --git a/src/firejail/util.c b/src/firejail/util.c index 89d0697fd..880e45465 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c @@ -75,6 +75,40 @@ void drop_privs(int nogroups) { } +int mkpath_as_root(const char* path) { + assert(path && *path); + + // work on a copy of the path + char *file_path = strdup(path); + if (!file_path) + errExit("strdup"); + + char* p; + for (p=strchr(file_path+1, '/'); p; p=strchr(p+1, '/')) { + *p='\0'; + if (mkdir(file_path, 0755)==-1) { + if (errno != EEXIST) { + *p='/'; + free(file_path); + return -1; + } + } + else { + if (chmod(file_path, 0755) == -1) + errExit("chmod"); + if (chown(file_path, 0, 0) == -1) + errExit("chown"); + } + + *p='/'; + } + + free(file_path); + return 0; +} + + + void logsignal(int s) { if (!arg_debug) return; -- cgit v1.2.3-54-g00ecf