diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index aec320c1f88..f8a23678af7 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -908,7 +908,7 @@ void set_name_run_file(pid_t pid); void set_x11_run_file(pid_t pid, int display); void set_profile_run_file(pid_t pid, const char *fname); void set_sandbox_run_file(pid_t pid, pid_t child); -void release_sandbox_run_file_lock(void); +void release_sandbox_lock(void); // dbus.c int dbus_check_name(const char *name); diff --git a/src/firejail/main.c b/src/firejail/main.c index 53976053507..ff88b9f6e09 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -190,8 +190,6 @@ static void myexit(int rv) { } static void my_handler(int s) { - release_sandbox_run_file_lock(); - fmessage("\nParent received signal %d, shutting down the child process...\n", s); logsignal(s); @@ -204,6 +202,7 @@ static void my_handler(int s) { kill(child, SIGKILL); waitpid(child, NULL, 0); } + release_sandbox_lock(); myexit(128 + s); } @@ -3223,7 +3222,7 @@ int main(int argc, char **argv, char **envp) { // end of signal-safe code //***************************** - release_sandbox_run_file_lock(); + release_sandbox_lock(); if (WIFEXITED(status)){ myexit(WEXITSTATUS(status)); diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c index 031e42d1dfd..b25b79a9ebc 100644 --- a/src/firejail/preproc.c +++ b/src/firejail/preproc.c @@ -27,8 +27,13 @@ static int tmpfs_mounted = 0; // build /run/firejail directory void preproc_build_firejail_dir(void) { + struct stat s; + // CentOS 6 doesn't have /run directory - create_empty_dir_as_root(RUN_FIREJAIL_BASEDIR, 0755); + if (stat(RUN_FIREJAIL_BASEDIR, &s)) { + create_empty_dir_as_root(RUN_FIREJAIL_BASEDIR, 0755); + } + create_empty_dir_as_root(RUN_FIREJAIL_DIR, 0755); create_empty_dir_as_root(RUN_FIREJAIL_NETWORK_DIR, 0755); create_empty_dir_as_root(RUN_FIREJAIL_BANDWIDTH_DIR, 0755); diff --git a/src/firejail/run_files.c b/src/firejail/run_files.c index 6724e2cd88e..212a69bc3af 100644 --- a/src/firejail/run_files.c +++ b/src/firejail/run_files.c @@ -164,7 +164,7 @@ void set_profile_run_file(pid_t pid, const char *fname) { free(runfile); } -static int sandbox_run_file_fd = -1; +static int sandbox_lock_fd = -1; void set_sandbox_run_file(pid_t pid, pid_t child) { char *runfile; if (asprintf(&runfile, "%s/%d", RUN_FIREJAIL_SANDBOX_DIR, pid) == -1) @@ -173,8 +173,8 @@ void set_sandbox_run_file(pid_t pid, pid_t child) { EUID_ROOT(); // the file is deleted first // this file should be opened with O_CLOEXEC set - sandbox_run_file_fd = open(runfile, O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR); - if (sandbox_run_file_fd < 0) { + int fd = open(runfile, O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR); + if (fd < 0) { fprintf(stderr, "Error: cannot create %s\n", runfile); exit(1); } @@ -186,7 +186,7 @@ void set_sandbox_run_file(pid_t pid, pid_t child) { size_t len = strlen(buf); size_t done = 0; while (done != len) { - ssize_t rv = write(sandbox_run_file_fd, buf + done, len - done); + ssize_t rv = write(fd, buf + done, len - done); if (rv < 0) errExit("write"); done += rv; @@ -200,13 +200,15 @@ void set_sandbox_run_file(pid_t pid, pid_t child) { .l_start = 0, .l_len = 0, }; - if (fcntl(sandbox_run_file_fd, F_SETLK, &sandbox_lock) < 0) + if (fcntl(fd, F_SETLK, &sandbox_lock) < 0) errExit("fcntl"); + + sandbox_lock_fd = fd; } -void release_sandbox_run_file_lock(void) { - assert(sandbox_run_file_fd > -1); +void release_sandbox_lock(void) { + assert(sandbox_lock_fd > -1); - close(sandbox_run_file_fd); - sandbox_run_file_fd = -1; + close(sandbox_lock_fd); + sandbox_lock_fd = -1; }