tweaks

kmk3 · Jul 12, 2022 · 56aebe3 · 56aebe3
1 parent 5a99162
commit 56aebe3
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 14 deletions.
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
@@ -908,7 +908,7 @@ void set_name_run_file(pid_t pid);
 void set_x11_run_file(pid_t pid, int display);
 void set_profile_run_file(pid_t pid, const char *fname);
 void set_sandbox_run_file(pid_t pid, pid_t child);
-void release_sandbox_run_file_lock(void);
+void release_sandbox_lock(void);
 
 // dbus.c
 int dbus_check_name(const char *name);

diff --git a/src/firejail/main.c b/src/firejail/main.c
@@ -190,8 +190,6 @@ static void myexit(int rv) {
 }
 
 static void my_handler(int s) {
-	release_sandbox_run_file_lock();
-
 	fmessage("\nParent received signal %d, shutting down the child process...\n", s);
 	logsignal(s);
 
@@ -204,6 +202,7 @@ static void my_handler(int s) {
 			kill(child, SIGKILL);
 		waitpid(child, NULL, 0);
 	}
+	release_sandbox_lock();
 	myexit(128 + s);
 }
 
@@ -3223,7 +3222,7 @@ int main(int argc, char **argv, char **envp) {
 	// end of signal-safe code
 	//*****************************
 
-	release_sandbox_run_file_lock();
+	release_sandbox_lock();
 
 	if (WIFEXITED(status)){
 		myexit(WEXITSTATUS(status));

diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c
@@ -27,8 +27,13 @@ static int tmpfs_mounted = 0;
 
 // build /run/firejail directory
 void preproc_build_firejail_dir(void) {
+	struct stat s;
+
 	// CentOS 6 doesn't have /run directory
-	create_empty_dir_as_root(RUN_FIREJAIL_BASEDIR, 0755);
+	if (stat(RUN_FIREJAIL_BASEDIR, &s)) {
+		create_empty_dir_as_root(RUN_FIREJAIL_BASEDIR, 0755);
+	}
+
 	create_empty_dir_as_root(RUN_FIREJAIL_DIR, 0755);
 	create_empty_dir_as_root(RUN_FIREJAIL_NETWORK_DIR, 0755);
 	create_empty_dir_as_root(RUN_FIREJAIL_BANDWIDTH_DIR, 0755);

diff --git a/src/firejail/run_files.c b/src/firejail/run_files.c
@@ -164,7 +164,7 @@ void set_profile_run_file(pid_t pid, const char *fname) {
 	free(runfile);
 }
 
-static int sandbox_run_file_fd = -1;
+static int sandbox_lock_fd = -1;
 void set_sandbox_run_file(pid_t pid, pid_t child) {
 	char *runfile;
 	if (asprintf(&runfile, "%s/%d", RUN_FIREJAIL_SANDBOX_DIR, pid) == -1)
@@ -173,8 +173,8 @@ void set_sandbox_run_file(pid_t pid, pid_t child) {
 	EUID_ROOT();
 	// the file is deleted first
 	// this file should be opened with O_CLOEXEC set
-	sandbox_run_file_fd = open(runfile, O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR);
-	if (sandbox_run_file_fd < 0) {
+	int fd = open(runfile, O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR);
+	if (fd < 0) {
 		fprintf(stderr, "Error: cannot create %s\n", runfile);
 		exit(1);
 	}
@@ -186,7 +186,7 @@ void set_sandbox_run_file(pid_t pid, pid_t child) {
 	size_t len = strlen(buf);
 	size_t done = 0;
 	while (done != len) {
-		ssize_t rv = write(sandbox_run_file_fd, buf + done, len - done);
+		ssize_t rv = write(fd, buf + done, len - done);
 		if (rv < 0)
 			errExit("write");
 		done += rv;
@@ -200,13 +200,15 @@ void set_sandbox_run_file(pid_t pid, pid_t child) {
 		.l_start = 0,
 		.l_len = 0,
 	};
-	if (fcntl(sandbox_run_file_fd, F_SETLK, &sandbox_lock) < 0)
+	if (fcntl(fd, F_SETLK, &sandbox_lock) < 0)
 		errExit("fcntl");
+
+	sandbox_lock_fd = fd;
 }
 
-void release_sandbox_run_file_lock(void) {
-	assert(sandbox_run_file_fd > -1);
+void release_sandbox_lock(void) {
+	assert(sandbox_lock_fd > -1);
 
-	close(sandbox_run_file_fd);
-	sandbox_run_file_fd = -1;
+	close(sandbox_lock_fd);
+	sandbox_lock_fd = -1;
 }