From cf5559df5e168fd57a2757776f182704572c6941 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 28 Mar 2017 15:31:50 -0400 Subject: rlimit fixes; ~/.cache cleanup --- src/firejail/checkcfg.c | 9 --------- src/firejail/firejail.h | 2 -- src/firejail/fs.c | 20 -------------------- src/firejail/profile.c | 12 ++++-------- src/firejail/sandbox.c | 7 ------- src/firejail/util.c | 1 - 6 files changed, 4 insertions(+), 47 deletions(-) (limited to 'src') diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index f76f83d85..24d8d0381 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c @@ -74,15 +74,6 @@ int checkcfg(int val) { if (!ptr) continue; - // mount tmpfs on top of ~/.cache directory - if (strncmp(ptr, "cache-tmpfs ", 12) == 0) { - if (strcmp(ptr + 12, "yes") == 0) - cfg_val[CFG_CACHE_TMPFS] = 1; - else if (strcmp(ptr + 12, "no") == 0) - cfg_val[CFG_CACHE_TMPFS] = 0; - else - goto errout; - } // file transfer else if (strncmp(ptr, "file-transfer ", 14) == 0) { if (strcmp(ptr + 14, "yes") == 0) diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index a981c8759..7258dd2f8 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -407,7 +407,6 @@ void fs_overlayfs(void); // chroot into an existing directory; mount exiting /dev and update /etc/resolv.conf void fs_chroot(const char *rootdir); void fs_check_chroot_dir(const char *rootdir); -void fs_cache(void); // profile.c // find and read the profile specified by name from dir directory @@ -685,7 +684,6 @@ enum { CFG_FOLLOW_SYMLINK_AS_USER, CFG_FOLLOW_SYMLINK_PRIVATE_BIN, CFG_DISABLE_MNT, - CFG_CACHE_TMPFS, CFG_JOIN, CFG_MAX // this should always be the last entry }; diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 451a946b7..0ebed61db 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c @@ -480,26 +480,6 @@ void fs_mnt(void) { } -void fs_cache(void) { -#if 0 - if (arg_debug) - printf("Deploy ~/.cache tmpfs\n"); - char *cache; - if (asprintf(&cache, "%s/.cache", cfg.homedir) == -1) - errExit("asprintf"); - if (is_link(cache)) { - fprintf(stderr, "Error: ~/.cache directory is a symbolik link\n"); - exit(1); - } - disable_file(MOUNT_TMPFS, cache); - if (is_link(cache)) { - fprintf(stderr, "Error: ~/.cache directory is a symbolik link\n"); - exit(1); - } - free(cache); -#endif -} - // mount /proc and /sys directories void fs_proc_sys_dev_boot(void) { if (arg_debug) diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 8f98fd397..53fa38845 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c @@ -874,27 +874,23 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { // rlimit if (strncmp(ptr, "rlimit", 6) == 0) { if (strncmp(ptr, "rlimit-nofile ", 14) == 0) { - ptr += 14; check_unsigned(ptr + 14, "Error: invalid rlimit in profile file: "); - sscanf(ptr, "%llu", &cfg.rlimit_nofile); + sscanf(ptr + 14, "%llu", &cfg.rlimit_nofile); arg_rlimit_nofile = 1; } else if (strncmp(ptr, "rlimit-nproc ", 13) == 0) { - ptr += 13; check_unsigned(ptr + 13, "Error: invalid rlimit in profile file: "); - sscanf(ptr, "%llu", &cfg.rlimit_nproc); + sscanf(ptr + 13, "%llu", &cfg.rlimit_nproc); arg_rlimit_nproc = 1; } else if (strncmp(ptr, "rlimit-fsize ", 13) == 0) { - ptr += 13; check_unsigned(ptr + 13, "Error: invalid rlimit in profile file: "); - sscanf(ptr, "%llu", &cfg.rlimit_fsize); + sscanf(ptr + 13, "%llu", &cfg.rlimit_fsize); arg_rlimit_fsize = 1; } else if (strncmp(ptr, "rlimit-sigpending ", 18) == 0) { - ptr += 18; check_unsigned(ptr + 18, "Error: invalid rlimit in profile file: "); - sscanf(ptr, "%llu", &cfg.rlimit_sigpending); + sscanf(ptr + 18, "%llu", &cfg.rlimit_sigpending); arg_rlimit_sigpending = 1; } else { diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index f9e59f1ed..6cb1aca28 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c @@ -789,13 +789,6 @@ int sandbox(void* sandbox_arg) { if (checkcfg(CFG_DISABLE_MNT)) fs_mnt(); - //**************************** - // deploy a tmpfs on ~/.cache directory - //**************************** - if (checkcfg(CFG_CACHE_TMPFS)) - fs_cache(); - - //**************************** // apply the profile file //**************************** diff --git a/src/firejail/util.c b/src/firejail/util.c index 93eabec65..88fa67183 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c @@ -421,7 +421,6 @@ char *split_comma(char *str) { void check_unsigned(const char *str, const char *msg) { EUID_ASSERT(); - int rv = 0; const char *ptr = str; while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0') { -- cgit v1.2.3-70-g09d2