diff --git a/src/firejail/chroot.c b/src/firejail/chroot.c index 37ec2211751..9425638eac4 100644 --- a/src/firejail/chroot.c +++ b/src/firejail/chroot.c @@ -86,7 +86,7 @@ static void update_file(int parentfd, const char *relpath) { if (arg_debug) printf("Updating chroot /%s\n", relpath); unlinkat(parentfd, relpath, 0); - int out = openat(parentfd, relpath, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); + int out = openat(parentfd, relpath, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); if (out == -1) { close(in); goto errout; diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c index f7ce8c18fe5..8b7e94f5154 100644 --- a/src/firejail/fs_hostname.c +++ b/src/firejail/fs_hostname.c @@ -32,7 +32,7 @@ void fs_hostname(const char *hostname) { if (arg_debug) printf("Creating a new /etc/hostname file\n"); - create_empty_file_as_root(RUN_HOSTNAME_FILE, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); + create_empty_file_as_root(RUN_HOSTNAME_FILE, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); // bind-mount the file on top of /etc/hostname if (mount(RUN_HOSTNAME_FILE, "/etc/hostname", NULL, MS_BIND|MS_REC, NULL) < 0) @@ -74,7 +74,7 @@ void fs_hostname(const char *hostname) { } fclose(fp1); // mode and owner - SET_PERMS_STREAM(fp2, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); + SET_PERMS_STREAM(fp2, 0, 0, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); fclose(fp2); // bind-mount the file on top of /etc/hostname diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c index 28852a68966..17a7b3d23ed 100644 --- a/src/firejail/fs_trace.c +++ b/src/firejail/fs_trace.c @@ -53,7 +53,7 @@ void fs_tracefile(void) { if (arg_debug) printf("Creating an empty trace log file: %s\n", arg_tracefile); EUID_USER(); - int fd = open(arg_tracefile, O_CREAT|O_WRONLY|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); + int fd = open(arg_tracefile, O_CREAT|O_WRONLY|O_CLOEXEC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); if (fd == -1) { perror("open"); fprintf(stderr, "Error: cannot open trace log file %s for writing\n", arg_tracefile); @@ -106,7 +106,7 @@ void fs_trace(void) { fmessage("Post-exec seccomp protector enabled\n"); } - SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); + SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); fclose(fp); // mount the new preload file diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c index 5ba38d46cb7..e19d0df9675 100644 --- a/src/firejail/fs_var.c +++ b/src/firejail/fs_var.c @@ -128,7 +128,7 @@ void fs_var_log(void) { /* coverity[toctou] */ FILE *fp = fopen("/var/log/wtmp", "wxe"); if (fp) { - SET_PERMS_STREAM(fp, 0, wtmp_group, S_IRUSR | S_IWRITE | S_IRGRP | S_IWGRP | S_IROTH); + SET_PERMS_STREAM(fp, 0, wtmp_group, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH); fclose(fp); } fs_logger("touch /var/log/wtmp"); @@ -136,7 +136,7 @@ void fs_var_log(void) { // create an empty /var/log/btmp file fp = fopen("/var/log/btmp", "wxe"); if (fp) { - SET_PERMS_STREAM(fp, 0, wtmp_group, S_IRUSR | S_IWRITE | S_IRGRP | S_IWGRP); + SET_PERMS_STREAM(fp, 0, wtmp_group, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); fclose(fp); } fs_logger("touch /var/log/btmp"); @@ -313,7 +313,7 @@ void fs_var_utmp(void) { // save new utmp file int rv = fwrite(&u_boot, sizeof(u_boot), 1, fp); (void) rv; - SET_PERMS_STREAM(fp, 0, utmp_group, S_IRUSR | S_IWRITE | S_IRGRP | S_IWGRP | S_IROTH); + SET_PERMS_STREAM(fp, 0, utmp_group, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH); fclose(fp); // mount the new utmp file diff --git a/src/firejail/ls.c b/src/firejail/ls.c index 70985ba9e73..53e918dde76 100644 --- a/src/firejail/ls.c +++ b/src/firejail/ls.c @@ -305,7 +305,7 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { } // create destination file if necessary EUID_ASSERT(); - int fd = open(dest_fname, O_WRONLY|O_CREAT|O_CLOEXEC, S_IRUSR | S_IWRITE); + int fd = open(dest_fname, O_WRONLY|O_CREAT|O_CLOEXEC, S_IRUSR | S_IWUSR); if (fd == -1) { fprintf(stderr, "Error: cannot open %s for writing\n", dest_fname); exit(1); diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index b776a0cc538..d66b6c5730e 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c @@ -204,7 +204,7 @@ static void save_umask(void) { } static char *create_join_file(void) { - int fd = open(RUN_JOIN_FILE, O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); + int fd = open(RUN_JOIN_FILE, O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); if (fd == -1) errExit("open"); if (ftruncate(fd, 1) == -1)