From 2247f58f52802a9726fd6991d61ae1d3cdac07b6 Mon Sep 17 00:00:00 2001 From: smitsohu Date: Wed, 29 Sep 2021 17:44:53 +0200 Subject: [PATCH] trace, tracelog: don't truncate /etc/ld.so.preload --- src/firejail/firejail.h | 3 ++- src/firejail/fs_trace.c | 31 +++++++++++++++++++------------ src/firejail/sandbox.c | 11 +++++++---- 3 files changed, 28 insertions(+), 17 deletions(-) diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 2a7d8857558..bcc7e6ed192 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -621,7 +621,8 @@ void caps_print_filter(pid_t pid) __attribute__((noreturn)); void caps_drop_dac_override(void); // fs_trace.c -void fs_trace_preload(void); +void fs_trace_touch_preload(void); +void fs_trace_touch_or_store_preload(void); void fs_tracefile(void); void fs_trace(void); diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c index 475a391ecbd..718786cdc7b 100644 --- a/src/firejail/fs_trace.c +++ b/src/firejail/fs_trace.c @@ -26,19 +26,26 @@ #include #include -void fs_trace_preload(void) { +// create an empty /etc/ld.so.preload +void fs_trace_touch_preload(void) { + create_empty_file_as_root("/etc/ld.so.preload", S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); +} + +void fs_trace_touch_or_store_preload(void) { struct stat s; - // create an empty /etc/ld.so.preload - if (stat("/etc/ld.so.preload", &s)) { - if (arg_debug) - printf("Creating an empty /etc/ld.so.preload file\n"); - FILE *fp = fopen("/etc/ld.so.preload", "wxe"); - if (!fp) - errExit("fopen"); - SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); - fclose(fp); - fs_logger("touch /etc/ld.so.preload"); + if (stat("/etc/ld.so.preload", &s) != 0) { + fs_trace_touch_preload(); + return; + } + + if (s.st_size == 0) + return; + + // create a copy of /etc/ld.so.preload + if (copy_file("/etc/ld.so.preload", RUN_LDPRELOAD_FILE, 0, 0, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH)) { + fprintf(stderr, "Error: cannot copy /etc/ld.so.preload file\n"); + exit(1); } } @@ -83,7 +90,7 @@ void fs_trace(void) { if (arg_debug) printf("Create the new ld.so.preload file\n"); - FILE *fp = fopen(RUN_LDPRELOAD_FILE, "we"); + FILE *fp = fopen(RUN_LDPRELOAD_FILE, "ae"); if (!fp) errExit("fopen"); const char *prefix = RUN_FIREJAIL_LIB_DIR; diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 995827fb78b..7a1ce737bbb 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c @@ -798,7 +798,7 @@ int sandbox(void* sandbox_arg) { // trace pre-install if (need_preload) - fs_trace_preload(); + fs_trace_touch_or_store_preload(); // store hosts file if (cfg.hosts_file) @@ -814,8 +814,11 @@ int sandbox(void* sandbox_arg) { //**************************** // trace pre-install, this time inside chroot //**************************** - if (need_preload) - fs_trace_preload(); + if (need_preload) { + int rv = unlink(RUN_LDPRELOAD_FILE); + (void) rv; + fs_trace_touch_or_store_preload(); + } } else #endif @@ -992,7 +995,7 @@ int sandbox(void* sandbox_arg) { // create /etc/ld.so.preload file again if (need_preload) - fs_trace_preload(); + fs_trace_touch_preload(); // openSUSE configuration is split between /etc and /usr/etc // process private-etc a second time