cleanup

matu3ba · Jun 6, 2021 · 9678da0 · 9678da0
1 parent e9a33e4
commit 9678da0
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 19 deletions.
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
@@ -530,7 +530,7 @@ int has_handler(pid_t pid, int signal);
 void enter_network_namespace(pid_t pid);
 int read_pid(const char *name, pid_t *pid);
 pid_t require_pid(const char *name);
-void check_homedir(void);
+void check_homedir(const char *dir);
 
 // Get info regarding the last kernel mount operation from /proc/self/mountinfo
 // The return value points to a static area, and will be overwritten by subsequent calls.

diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
@@ -304,7 +304,6 @@ static void globbing(const char *pattern) {
 }
 
 // mount tmpfs on all top level directories
-// home directories *inside* /run/user/$UID are not fully supported
 static void tmpfs_topdirs(const TopDir *topdirs) {
 	int tmpfs_home = 0;
 	int tmpfs_runuser = 0;
@@ -335,6 +334,7 @@ static void tmpfs_topdirs(const TopDir *topdirs) {
 
 		// mount tmpfs
 		fs_tmpfs(topdirs[i].path, 0);
+		selinux_relabel_path(topdirs[i].path, topdirs[i].path);
 
 		// init tmpfs
 		if (strcmp(topdirs[i].path, "/run") == 0) {
@@ -384,8 +384,6 @@ static void tmpfs_topdirs(const TopDir *topdirs) {
 			const char *rel = cfg.homedir + topdir_len + 1;
 			whitelist_file(topdirs[i].fd, rel, cfg.homedir);
 		}
-
-		selinux_relabel_path(topdirs[i].path, topdirs[i].path);
 	}
 
 	// user home directory
@@ -467,9 +465,9 @@ static TopDir *add_topdir(const char *dir, TopDir *topdirs, const char *path) {
 		errExit("strdup");
 
 	// open the directory, don't follow symbolic links
-	rv->fd = safer_openat(-1, rv->path, O_PATH|O_|O_DIRECTORY|O_CLOEXEC);
+	rv->fd = safer_openat(-1, dir, O_PATH|O_|O_DIRECTORY|O_CLOEXEC);
 	if (rv->fd == -1) {
-		fprintf(stderr, "Error: cannot open %s\n", rv->path);
+		fprintf(stderr, "Error: cannot open %s\n", dir);
 		exit(1);
 	}
 
@@ -750,10 +748,11 @@ void fs_whitelist(void) {
 			}
 
 			// create the link if any
-			if (link)
+			if (link) {
 				whitelist_symlink(link, file);
+				free(link);
+			}
 
-			free(link);
 			free(file);
 			free(entry->wparam);
 			entry->wparam = NULL;

diff --git a/src/firejail/main.c b/src/firejail/main.c
@@ -259,8 +259,8 @@ static void init_cfg(int argc, char **argv) {
 		fprintf(stderr, "Error: user %s doesn't have a user directory assigned\n", cfg.username);
 		exit(1);
 	}
+	check_homedir(pw->pw_dir);
 	cfg.homedir = clean_pathname(pw->pw_dir);
-	check_homedir();
 
 	// initialize random number generator
 	sandbox_pid = getpid();

diff --git a/src/firejail/util.c b/src/firejail/util.c
@@ -447,15 +447,13 @@ int is_link(const char *fname) {
 	if (*fname == '\0')
 		return 0;
 
-	char *dup = strdup(fname);
-	if (!dup)
-		errExit("strdup");
-	trim_trailing_slash_or_dot(dup);
+	// remove trailing slashes
+	char *tmp = clean_pathname(fname);
 
 	char c;
-	ssize_t rv = readlink(dup, &c, 1);
+	ssize_t rv = readlink(tmp, &c, 1);
+	free(tmp);
 
-	free(dup);
 	return (rv != -1);
 }
 
@@ -1319,14 +1317,14 @@ static int has_link(const char *dir) {
 	return 0;
 }
 
-void check_homedir(void) {
-	assert(cfg.homedir);
-	if (cfg.homedir[0] != '/') {
+void check_homedir(const char *dir) {
+	assert(dir);
+	if (dir[0] != '/') {
 		fprintf(stderr, "Error: invalid user directory \"%s\"\n", cfg.homedir);
 		exit(1);
 	}
 	// symlinks are rejected in many places
-	if (has_link(cfg.homedir)) {
+	if (has_link(dir)) {
 		fprintf(stderr, "No full support for symbolic links in path of user directory.\n"
 			"Please provide resolved path in password database (/etc/passwd).\n\n");
 	}