summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/core/capsicum.c51
-rw-r--r--src/core/capsicum.h1
-rw-r--r--src/core/log.c7
-rw-r--r--src/core/rawlog.c9
-rw-r--r--src/fe-common/core/fe-log.c10
5 files changed, 73 insertions, 5 deletions
diff --git a/src/core/capsicum.c b/src/core/capsicum.c
index 6667276c..c554fcf7 100644
--- a/src/core/capsicum.c
+++ b/src/core/capsicum.c
@@ -136,19 +136,62 @@ int capsicum_open(const char *path, int flags, int mode)
{
int fd;
- /* +1 is for slash separating irclogs_path and the rest. */
- if (strlen(path) > irclogs_path_len + 1 && strncmp(path, irclogs_path, irclogs_path_len) == 0) {
- fd = openat(irclogs_fd, path + irclogs_path_len + 1, flags, mode);
+ /* +1 is for the slash separating irclogs_path and the rest. */
+ if (strlen(path) > irclogs_path_len + 1 &&
+ strncmp(path, irclogs_path, irclogs_path_len) == 0) {
+ fd = openat(irclogs_fd, path + irclogs_path_len + 1,
+ flags, mode);
} else {
fd = open(path, flags, mode);
}
if (fd < 0 && (errno == ENOTCAPABLE || errno == ECAPMODE))
- g_warning("File system access restricted to %s due to capability mode", irclogs_path);
+ g_warning("File system access restricted to %s "
+ "due to capability mode", irclogs_path);
return (fd);
}
+void capsicum_mkdir_with_parents(const char *path, int mode)
+{
+ char *component, *copy, *tofree;
+ int error, fd, newfd;
+
+ /* +1 is for the slash separating irclogs_path and the rest. */
+ if (strlen(path) <= irclogs_path_len + 1 ||
+ strncmp(path, irclogs_path, irclogs_path_len) != 0) {
+ g_warning("Cannot create %s: file system access restricted "
+ "to %s due to capability mode", path, irclogs_path);
+ return;
+ }
+
+ copy = tofree = g_strdup(path + irclogs_path_len + 1);
+ fd = irclogs_fd;
+ for (;;) {
+ component = strsep(&copy, "/");
+ if (component == NULL)
+ break;
+ error = mkdirat(fd, component, mode);
+ if (error != 0 && errno != EEXIST) {
+ g_warning("cannot create %s: %s",
+ component, strerror(errno));
+ break;
+ }
+ newfd = openat(fd, component, O_DIRECTORY);
+ if (newfd < 0) {
+ g_warning("cannot open %s: %s",
+ component, strerror(errno));
+ break;
+ }
+ if (fd != irclogs_fd)
+ close(fd);
+ fd = newfd;
+ }
+ g_free(tofree);
+ if (fd != irclogs_fd)
+ close(fd);
+}
+
nvlist_t *symbiont_connect(const nvlist_t *request)
{
nvlist_t *response;
diff --git a/src/core/capsicum.h b/src/core/capsicum.h
index ca35fd05..1eb56402 100644
--- a/src/core/capsicum.h
+++ b/src/core/capsicum.h
@@ -5,6 +5,7 @@ gboolean capsicum_enabled(void);
int capsicum_net_connect_ip(IPADDR *ip, int port, IPADDR *my_ip);
int capsicum_net_gethostbyname(const char *addr, IPADDR *ip4, IPADDR *ip6);
int capsicum_open(const char *path, int flags, int mode);
+void capsicum_mkdir_with_parents(const char *path, int mode);
void capsicum_init(void);
void capsicum_deinit(void);
diff --git a/src/core/log.c b/src/core/log.c
index 00686bee..9394263f 100644
--- a/src/core/log.c
+++ b/src/core/log.c
@@ -127,7 +127,14 @@ int log_start_logging(LOG_REC *log)
/* path may contain variables (%time, $vars),
make sure the directory is created */
dir = g_path_get_dirname(log->real_fname);
+#ifdef HAVE_CAPSICUM
+ if (capsicum_enabled())
+ capsicum_mkdir_with_parents(dir, log_dir_create_mode);
+ else
+ g_mkdir_with_parents(dir, log_dir_create_mode);
+#else
g_mkdir_with_parents(dir, log_dir_create_mode);
+#endif
g_free(dir);
}
diff --git a/src/core/rawlog.c b/src/core/rawlog.c
index 5df02981..dd86af7c 100644
--- a/src/core/rawlog.c
+++ b/src/core/rawlog.c
@@ -167,7 +167,14 @@ void rawlog_save(RAWLOG_REC *rawlog, const char *fname)
int f;
dir = g_path_get_dirname(fname);
- g_mkdir_with_parents(dir, log_dir_create_mode);
+#ifdef HAVE_CAPSICUM
+ if (capsicum_enabled())
+ capsicum_mkdir_with_parents(dir, log_dir_create_mode);
+ else
+ g_mkdir_with_parents(dir, log_dir_create_mode);
+#else
+ g_mkdir_with_parents(dir, log_dir_create_mode);
+#endif
g_free(dir);
path = convert_home(fname);
diff --git a/src/fe-common/core/fe-log.c b/src/fe-common/core/fe-log.c
index 37b29990..deb70991 100644
--- a/src/fe-common/core/fe-log.c
+++ b/src/fe-common/core/fe-log.c
@@ -30,6 +30,9 @@
#include "special-vars.h"
#include "settings.h"
#include "lib-config/iconfig.h"
+#ifdef HAVE_CAPSICUM
+#include "capsicum.h"
+#endif
#include "fe-windows.h"
#include "window-items.h"
@@ -451,7 +454,14 @@ static void autolog_open(SERVER_REC *server, const char *server_tag,
log_item_add(log, LOG_ITEM_TARGET, target, server_tag);
dir = g_path_get_dirname(log->real_fname);
+#ifdef HAVE_CAPSICUM
+ if (capsicum_enabled())
+ capsicum_mkdir_with_parents(dir, log_dir_create_mode);
+ else
+ g_mkdir_with_parents(dir, log_dir_create_mode);
+#else
g_mkdir_with_parents(dir, log_dir_create_mode);
+#endif
g_free(dir);
log->temp = TRUE;