Skip to content

Commit

Permalink
trace, tracelog: don't truncate /etc/ld.so.preload
Browse files Browse the repository at this point in the history
  • Loading branch information
@smitsohu
smitsohu committed Oct 2, 2021
1 parent 8d36b86 commit 19e1ee0
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 17 deletions.
3 changes: 2 additions & 1 deletion src/firejail/firejail.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -621,7 +621,8 @@ void caps_print_filter(pid_t pid) __attribute__((noreturn));
void caps_drop_dac_override(void);

// fs_trace.c
void fs_trace_preload(void);
void fs_trace_touch_preload(void);
void fs_trace_touch_or_store_preload(void);
void fs_tracefile(void);
void fs_trace(void);

Expand Down
31 changes: 19 additions & 12 deletions src/firejail/fs_trace.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,19 +26,26 @@
#include <fcntl.h>
#include <pwd.h>

void fs_trace_preload(void) {
// create an empty /etc/ld.so.preload
void fs_trace_touch_preload(void) {
create_empty_file_as_root("/etc/ld.so.preload", S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH);
}

void fs_trace_touch_or_store_preload(void) {
struct stat s;

// create an empty /etc/ld.so.preload
if (stat("/etc/ld.so.preload", &s)) {
if (arg_debug)
printf("Creating an empty /etc/ld.so.preload file\n");
FILE *fp = fopen("/etc/ld.so.preload", "wxe");
if (!fp)
errExit("fopen");
SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH);
fclose(fp);
fs_logger("touch /etc/ld.so.preload");
if (stat("/etc/ld.so.preload", &s) != 0) {
fs_trace_touch_preload();
return;
}

if (s.st_size == 0)
return;

// create a copy of /etc/ld.so.preload
if (copy_file("/etc/ld.so.preload", RUN_LDPRELOAD_FILE, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH)) {
fprintf(stderr, "Error: cannot copy /etc/ld.so.preload file\n");
exit(1);
}
}

Expand Down Expand Up @@ -83,7 +90,7 @@ void fs_trace(void) {
if (arg_debug)
printf("Create the new ld.so.preload file\n");

FILE *fp = fopen(RUN_LDPRELOAD_FILE, "we");
FILE *fp = fopen(RUN_LDPRELOAD_FILE, "ae");
if (!fp)
errExit("fopen");
const char *prefix = RUN_FIREJAIL_LIB_DIR;
Expand Down
10 changes: 6 additions & 4 deletions src/firejail/sandbox.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -798,7 +798,7 @@ int sandbox(void* sandbox_arg) {

// trace pre-install
if (need_preload)
fs_trace_preload();
fs_trace_touch_or_store_preload();

// store hosts file
if (cfg.hosts_file)
Expand All @@ -814,8 +814,10 @@ int sandbox(void* sandbox_arg) {
//****************************
// trace pre-install, this time inside chroot
//****************************
if (need_preload)
fs_trace_preload();
if (need_preload) {
unlink(RUN_LDPRELOAD_FILE);
fs_trace_touch_or_store_preload();
}
}
else
#endif
Expand Down Expand Up @@ -992,7 +994,7 @@ int sandbox(void* sandbox_arg) {

// create /etc/ld.so.preload file again
if (need_preload)
fs_trace_preload();
fs_trace_touch_preload();

// openSUSE configuration is split between /etc and /usr/etc
// process private-etc a second time
Expand Down

0 comments on commit 19e1ee0

Please sign in to comment.