github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

pulseaudio: use create_dir_as_user(); small adjustments

Browse source
This commit is contained in:
smitsohu 2018-12-13 15:35:13 +01:00
parent 24e6d64445
commit edfc39dcb3
4 changed files with 44 additions and 82 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/firejail/firejail.h
View file

@ -540,7 +540,7 @@ uid_t pid_get_uid(pid_t pid);
uid_t get_group_id(const char *group);
int remove_overlay_directory(void);
void flush_stdin(void);
void create_empty_dir_as_user(const char *dir, mode_t mode);
int create_empty_dir_as_user(const char *dir, mode_t mode);
void create_empty_dir_as_root(const char *dir, mode_t mode);
void create_empty_file_as_root(const char *dir, mode_t mode);
int set_perms(const char *fname, uid_t uid, gid_t gid, mode_t mode);

6
src/firejail/fs.c
View file

@ -767,7 +767,8 @@ void fs_proc_sys_dev_boot(void) {
char *fnamegpg;
if (asprintf(&fnamegpg, "/run/user/%d/gnupg", getuid()) == -1)
errExit("asprintf");
create_empty_dir_as_user(fnamegpg, 0700);
if (create_empty_dir_as_user(fnamegpg, 0700))
fs_logger2("create", fnamegpg);
if (stat(fnamegpg, &s) == 0)
disable_file(BLACKLIST_FILE, fnamegpg);
free(fnamegpg);
@ -776,7 +777,8 @@ void fs_proc_sys_dev_boot(void) {
char *fnamesysd;
if (asprintf(&fnamesysd, "/run/user/%d/systemd", getuid()) == -1)
errExit("asprintf");
create_empty_dir_as_user(fnamesysd, 0755);
if (create_empty_dir_as_user(fnamesysd, 0755))
fs_logger2("create", fnamesysd);
if (stat(fnamesysd, &s) == 0)
disable_file(BLACKLIST_FILE, fnamesysd);
free(fnamesysd);

110
src/firejail/pulseaudio.c
View file

@ -92,7 +92,7 @@ void pulseaudio_init(void) {
errExit("asprintf");
if (copy_file("/etc/pulse/client.conf", pulsecfg, -1, -1, 0644)) // root needed
errExit("copy_file");
FILE *fp = fopen(pulsecfg, "a+");
FILE *fp = fopen(pulsecfg, "a");
if (!fp)
errExit("fopen");
fprintf(fp, "%s", "\nenable-shm = no\n");
@ -103,91 +103,49 @@ void pulseaudio_init(void) {
errExit("set_perms");
// create ~/.config/pulse directory if not present
char *dir1;
if (asprintf(&dir1, "%s/.config", cfg.homedir) == -1)
errExit("asprintf");
if (lstat(dir1, &s) == -1) {
pid_t child = fork();
if (child < 0)
errExit("fork");
if (child == 0) {
// drop privileges
drop_privs(0);
int rv = mkdir(dir1, 0755);
if (rv == 0) {
if (chmod(dir1, 0755))
{;} // do nothing
}
#ifdef HAVE_GCOV
__gcov_flush();
#endif
_exit(0);
}
// wait for the child to finish
waitpid(child, NULL, 0);
fs_logger2("create", dir1);
}
else {
// we expect a user owned directory
if (!S_ISDIR(s.st_mode) || s.st_uid != getuid()) {
if (S_ISLNK(s.st_mode))
fprintf(stderr, "Error: user .config is a symbolic link\n");
else
fprintf(stderr, "Error: user .config is not a directory owned by the current user\n");
exit(1);
}
}
free(dir1);
if (asprintf(&dir1, "%s/.config/pulse", cfg.homedir) == -1)
errExit("asprintf");
if (lstat(dir1, &s) == -1) {
pid_t child = fork();
if (child < 0)
errExit("fork");
if (child == 0) {
// drop privileges
drop_privs(0);
int rv = mkdir(dir1, 0700);
if (rv == 0) {
if (chmod(dir1, 0700))
{;} // do nothing
}
#ifdef HAVE_GCOV
__gcov_flush();
#endif
_exit(0);
}
// wait for the child to finish
waitpid(child, NULL, 0);
fs_logger2("create", dir1);
}
else {
// we expect a user owned directory
if (!S_ISDIR(s.st_mode) || s.st_uid != getuid()) {
if (S_ISLNK(s.st_mode))
fprintf(stderr, "Error: user .config/pulse is a symbolic link\n");
else
fprintf(stderr, "Error: user .config/pulse is not a directory owned by the current user\n");
exit(1);
}
}
free(dir1);
// if we have ~/.config/pulse mount the new directory, else set environment variable.
char *homeusercfg;
if (asprintf(&homeusercfg, "%s/.config", cfg.homedir) == -1)
errExit("asprintf");
if (lstat(homeusercfg, &s) == -1) {
if (create_empty_dir_as_user(homeusercfg, 0700))
fs_logger2("create", homeusercfg);
}
else if (!S_ISDIR(s.st_mode)) {
if (S_ISLNK(s.st_mode))
fprintf(stderr, "Error: %s is a symbolic link\n", homeusercfg);
else
fprintf(stderr, "Error: %s is not a directory\n", homeusercfg);
exit(1);
}
free(homeusercfg);
if (asprintf(&homeusercfg, "%s/.config/pulse", cfg.homedir) == -1)
errExit("asprintf");
if (lstat(homeusercfg, &s) == -1) {
if (create_empty_dir_as_user(homeusercfg, 0700))
fs_logger2("create", homeusercfg);
}
else if (!S_ISDIR(s.st_mode)) {
if (S_ISLNK(s.st_mode))
fprintf(stderr, "Error: %s is a symbolic link\n", homeusercfg);
else
fprintf(stderr, "Error: %s is not a directory\n", homeusercfg);
exit(1);
}
// if we have ~/.config/pulse mount the new directory, else set environment variable.
if (stat(homeusercfg, &s) == 0) {
// get a file descriptor for ~/.config/pulse, fails if there is any symlink
int fd = safe_fd(homeusercfg, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC);
if (fd == -1)
errExit("safe_fd");
// confirm the actual mount destination is owned by the user
if (fstat(fd, &s) == -1 || s.st_uid != getuid())
if (fstat(fd, &s) == -1)
errExit("fstat");
if (s.st_uid != getuid()) {
fprintf(stderr, "Error: %s is not owned by the current user\n", homeusercfg);
exit(1);
}
// preserve a read-only mount
struct statvfs vfs;
if (fstatvfs(fd, &vfs) == -1)

8
src/firejail/util.c
View file

@ -961,7 +961,8 @@ void flush_stdin(void) {
}
}
void create_empty_dir_as_user(const char *dir, mode_t mode) {
// return 1 if new directory was created, else return 0
int create_empty_dir_as_user(const char *dir, mode_t mode) {
assert(dir);
mode &= 07777;
struct stat s;
@ -980,7 +981,7 @@ void create_empty_dir_as_user(const char *dir, mode_t mode) {
if (chmod(dir, mode) == -1)
{;} // do nothing
}
else if (errno != EEXIST && arg_debug) {
else if (arg_debug) {
char *str;
if (asprintf(&str, "Directory %s not created", dir) == -1)
errExit("asprintf");
@ -993,8 +994,9 @@ void create_empty_dir_as_user(const char *dir, mode_t mode) {
}
waitpid(child, NULL, 0);
if (stat(dir, &s) == 0)
fs_logger2("create", dir);
return 1;
}
return 0;
}
void create_empty_dir_as_root(const char *dir, mode_t mode) {