mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-21 06:45:29 -06:00
--private-bin fixes
This commit is contained in:
netblue30
parent
2f0e5748a0
commit
75b80b445d
4 changed files with 27 additions and 16 deletions
1
README
1
README
|
|
@ -105,6 +105,7 @@ avoidr (https://github.com/avoidr)
|
|||
- added cmus profile
|
||||
- man page fixes
|
||||
- add net iface support in profile files
|
||||
- paths fix
|
||||
Bruno Nova (https://github.com/brunonova)
|
||||
- whitelist fix
|
||||
- bash arguments fix
|
||||
|
|
|
|||
|
|
@ -506,7 +506,7 @@ void fs_blacklist(void) {
|
|||
if (strncmp(ptr, "${PATH}", 7) == 0) {
|
||||
char *fname = ptr + 7;
|
||||
size_t fname_len = strlen(fname);
|
||||
char **paths = build_paths(); //{"/usr/local/bin", "/bin", "/usr/bin/", "/sbin", "/usr/sbin", NULL};
|
||||
char **paths = build_paths(); //{"/usr/local/bin", "/usr/local/sbin", "/bin", "/usr/bin/", "/sbin", "/usr/sbin", NULL};
|
||||
int i = 0;
|
||||
while (paths[i] != NULL) {
|
||||
char *path = paths[i];
|
||||
|
|
|
|||
|
|
@ -26,10 +26,11 @@
|
|||
|
||||
static char *paths[] = {
|
||||
"/usr/local/bin",
|
||||
"/bin",
|
||||
"/usr/bin",
|
||||
"/sbin",
|
||||
"/bin",
|
||||
"/usr/local/sbin",
|
||||
"/usr/sbin",
|
||||
"/sbin",
|
||||
NULL
|
||||
};
|
||||
|
||||
|
|
@ -173,6 +174,7 @@ void fs_private_bin_list(void) {
|
|||
|
||||
// check bin paths
|
||||
int i = 0;
|
||||
#if 0
|
||||
while (paths[i]) {
|
||||
struct stat s;
|
||||
if (stat(paths[i], &s) == -1) {
|
||||
|
|
@ -181,6 +183,7 @@ void fs_private_bin_list(void) {
|
|||
}
|
||||
i++;
|
||||
}
|
||||
#endif
|
||||
|
||||
// create /tmp/firejail/mnt/bin directory
|
||||
fs_build_mnt_dir();
|
||||
|
|
@ -230,12 +233,15 @@ void fs_private_bin_list(void) {
|
|||
// mount-bind
|
||||
i = 0;
|
||||
while (paths[i]) {
|
||||
if (arg_debug)
|
||||
printf("Mount-bind %s on top of %s\n", RUN_BIN_DIR, paths[i]);
|
||||
if (mount(RUN_BIN_DIR, paths[i], NULL, MS_BIND|MS_REC, NULL) < 0)
|
||||
errExit("mount bind");
|
||||
fs_logger2("tmpfs", paths[i]);
|
||||
fs_logger2("mount", paths[i]);
|
||||
struct stat s;
|
||||
if (stat(paths[i], &s) == 0) {
|
||||
if (arg_debug)
|
||||
printf("Mount-bind %s on top of %s\n", RUN_BIN_DIR, paths[i]);
|
||||
if (mount(RUN_BIN_DIR, paths[i], NULL, MS_BIND|MS_REC, NULL) < 0)
|
||||
errExit("mount bind");
|
||||
fs_logger2("tmpfs", paths[i]);
|
||||
fs_logger2("mount", paths[i]);
|
||||
}
|
||||
i++;
|
||||
}
|
||||
|
||||
|
|
@ -249,11 +255,14 @@ void fs_private_bin_list(void) {
|
|||
while (ptr) {
|
||||
i = 0;
|
||||
while (paths[i]) {
|
||||
char *fname;
|
||||
if (asprintf(&fname, "%s/%s", paths[i], ptr) == -1)
|
||||
errExit("asprintf");
|
||||
fs_logger2("clone", fname);
|
||||
free(fname);
|
||||
struct stat s;
|
||||
if (stat(paths[i], &s) == 0) {
|
||||
char *fname;
|
||||
if (asprintf(&fname, "%s/%s", paths[i], ptr) == -1)
|
||||
errExit("asprintf");
|
||||
fs_logger2("clone", fname);
|
||||
free(fname);
|
||||
}
|
||||
i++;
|
||||
}
|
||||
ptr = strtok(NULL, ",");
|
||||
|
|
|
|||
|
|
@ -76,10 +76,11 @@ char **build_paths(void) {
|
|||
|
||||
// add default paths
|
||||
add_path("/usr/local/bin");
|
||||
add_path("/bin");
|
||||
add_path("/usr/bin");
|
||||
add_path("/sbin");
|
||||
add_path("/bin");
|
||||
add_path("/usr/local/sbin");
|
||||
add_path("/usr/sbin");
|
||||
add_path("/sbin");
|
||||
|
||||
path2 = strdup(path1);
|
||||
if (!path2)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue