github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

--private-bin and --private-etc fix

Browse source
This commit is contained in:
netblue30 2016-08-08 08:37:53 -04:00
parent 02a326047d
commit da36dcdb16
3 changed files with 38 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/firejail/firejail.h
View file

@ -398,6 +398,7 @@ uid_t pid_get_uid(pid_t pid);
void invalid_filename(const char *fname);
uid_t get_tty_gid(void);
uid_t get_audio_gid(void);
int remove_directory(const char *path);
// fs_var.c
void fs_var_log(void); // mounting /var/log

21
src/firejail/fs_bin.c
View file

@ -149,7 +149,6 @@ void fs_check_bin_list(void) {
}
static void duplicate(char *fname) {
char *cmd;
char *path = check_dir_or_file(fname);
if (!path)
return;
@ -175,13 +174,21 @@ static void duplicate(char *fname) {
}
else {
// copy the file
if (asprintf(&cmd, "%s -a %s %s/%s", RUN_CP_COMMAND, actual_path, RUN_BIN_DIR, fname) == -1)
errExit("asprintf");
if (arg_debug)
printf("%s\n", cmd);
if (system(cmd))
errExit("system cp -a");
free(cmd);
printf("running: %s -a %s %s/%s", RUN_CP_COMMAND, actual_path, RUN_BIN_DIR, fname);
pid_t child = fork();
if (child < 0)
errExit("fork");
if (child == 0) {
char *f;
if (asprintf(&f, "%s/%s", RUN_BIN_DIR, fname) == -1)
errExit("asprintf");
execlp(RUN_CP_COMMAND, RUN_CP_COMMAND, "-a", actual_path, f, NULL);
}
// wait for the child to finish
waitpid(child, NULL, 0);
}
free(actual_path);
}

36
src/firejail/fs_etc.c
View file

@ -28,7 +28,7 @@
static int check_dir_or_file(const char *name) {
assert(name);
invalid_filename(name);
struct stat s;
char *fname;
if (asprintf(&fname, "/etc/%s", name) == -1)
@ -40,7 +40,11 @@ static int check_dir_or_file(const char *name) {
printf("Warning: file %s not found.\n", fname);
return 0;
}
// read access
if (access(fname, R_OK) == -1)
goto errexit;
// dir or regular file
if (S_ISDIR(s.st_mode) || S_ISREG(s.st_mode)) {
free(fname);
@ -52,6 +56,8 @@ static int check_dir_or_file(const char *name) {
return 1;
}
errexit:
fprintf(stderr, "Error: invalid file type, %s.\n", fname);
exit(1);
}
@ -88,18 +94,22 @@ void fs_check_etc_list(void) {
}
static void duplicate(char *fname) {
char *cmd;
// copy the file - this code assumes ETC_DIR is actually MNT_DIR/etc
if (asprintf(&cmd, "%s -a --parents /etc/%s %s", RUN_CP_COMMAND, fname, RUN_MNT_DIR) == -1)
errExit("asprintf");
// copy the file
if (arg_debug)
printf("%s\n", cmd);
if (system(cmd))
fprintf(stderr, "Warning (fs_etc): error copying file /etc/%s, skipping...\n", fname);
printf("running: %s -a --parents /etc/%s %s\n", RUN_CP_COMMAND, fname, RUN_MNT_DIR);
pid_t child = fork();
if (child < 0)
errExit("fork");
if (child == 0) {
char *f;
if (asprintf(&f, "/etc/%s", fname) == -1)
errExit("asprintf");
execlp(RUN_CP_COMMAND, RUN_CP_COMMAND, "-a", "--parents", f, RUN_MNT_DIR, NULL);
}
// wait for the child to finish
waitpid(child, NULL, 0);
free(cmd);
char *name;
if (asprintf(&name, "/etc/%s", fname) == -1)
errExit("asprintf");
@ -133,7 +143,7 @@ void fs_private_etc_list(void) {
// copy the list of files in the new etc directory
// using a new child process without root privileges
// using a new child process with root privileges
if (*private_list != '\0') {
pid_t child = fork();
if (child < 0)