From aa87789ad38e9017908fd1cfae6cc79c8db59eb7 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Tue, 14 Nov 2023 16:25:56 -0300 Subject: landlock: fix profile entries processed in reverse When a new landlock entry is parsed from a profile, the first entry in the `cfg.lprofile` list is being set as the next/second entry and the new entry is being set as the first entry in the list, so all entries are being processed from last to first. This commit makes the behavior of ll_add_profile() match the one from profile_add() in src/firejail/profile.c so that the entries are processed in the same order that they are parsed. This amends commit b94cc754a ("landlock: apply rules in sandbox before app start", 2023-10-26) / PR #6078. --- src/firejail/landlock.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/src/firejail/landlock.c b/src/firejail/landlock.c index 163804053..d89b031a8 100644 --- a/src/firejail/landlock.c +++ b/src/firejail/landlock.c @@ -345,16 +345,24 @@ void ll_add_profile(int type, const char *data) { while (*data == ' ' || *data == '\t') data++; - LandlockEntry *ptr = malloc(sizeof(LandlockEntry)); - if (!ptr) + LandlockEntry *entry = malloc(sizeof(LandlockEntry)); + if (!entry) errExit("malloc"); - memset(ptr, 0, sizeof(LandlockEntry)); - ptr->type = type; - ptr->data = strdup(data); - if (!ptr->data) + memset(entry, 0, sizeof(LandlockEntry)); + entry->type = type; + entry->data = strdup(data); + if (!entry->data) errExit("strdup"); - ptr->next = cfg.lprofile; - cfg.lprofile = ptr; + + // add entry to the list + if (cfg.lprofile == NULL) { + cfg.lprofile = entry; + return; + } + LandlockEntry *ptr = cfg.lprofile; + while (ptr->next != NULL) + ptr = ptr->next; + ptr->next = entry; } #endif /* HAVE_LANDLOCK */ -- cgit v1.2.3-70-g09d2