tentative: don't remount FUSE without permission

issue #3277
author: smitsohu <smitsohu@gmail.com> 2020-03-14 18:15:59 +0100
committer: GitHub <noreply@github.com> 2020-03-14 18:15:59 +0100
commit: 3d35c039074cc11fbacf8de5bc8cb1a0952ceae4 (patch)
tree: c860148c018e98ed4df5b5b60d30a4f8143c85fe
parent: Merge pull request #3268 from smitsohu/remount (diff)
download: firejail-3d35c039074cc11fbacf8de5bc8cb1a0952ceae4.tar.gz
firejail-3d35c039074cc11fbacf8de5bc8cb1a0952ceae4.tar.zst
firejail-3d35c039074cc11fbacf8de5bc8cb1a0952ceae4.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index d7f6c899d..aa2852910 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -592,7 +592,9 @@ static void fs_remount_rec(const char *dir, OPERATION op) {
        // remount
        char **tmp = arr;
        while (*tmp) {
-                fs_remount_simple(*tmp, op);
+                // FUSE submounts mounted without allow_root/allow_other break
+                // fs_remount_simple, sort them out by calling realpath first
+                fs_remount(*tmp, op, 0);
                free(*tmp++);
        }
        free(arr);
author	smitsohu <smitsohu@gmail.com>	2020-03-14 18:15:59 +0100
committer	GitHub <noreply@github.com>	2020-03-14 18:15:59 +0100
commit	3d35c039074cc11fbacf8de5bc8cb1a0952ceae4 (patch)
tree	c860148c018e98ed4df5b5b60d30a4f8143c85fe
parent	Merge pull request #3268 from smitsohu/remount (diff)
download	firejail-3d35c039074cc11fbacf8de5bc8cb1a0952ceae4.tar.gz firejail-3d35c039074cc11fbacf8de5bc8cb1a0952ceae4.tar.zst firejail-3d35c039074cc11fbacf8de5bc8cb1a0952ceae4.zip