diff options
author | netblue30 <netblue30@yahoo.com> | 2016-08-05 08:39:56 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-08-05 08:39:56 -0400 |
commit | 265cd772fc7852d2deaacd886a26253006235d59 (patch) | |
tree | 1bb5a995aadc17bfc0de49e846c67913472c5ac7 | |
parent | apparmor fix (diff) | |
download | firejail-265cd772fc7852d2deaacd886a26253006235d59.tar.gz firejail-265cd772fc7852d2deaacd886a26253006235d59.tar.zst firejail-265cd772fc7852d2deaacd886a26253006235d59.zip |
fix whitelist ~/deletme problem
-rw-r--r-- | src/firejail/fs_whitelist.c | 16 | ||||
-rwxr-xr-x | test/fs/fs.sh | 2 | ||||
-rwxr-xr-x | test/fs/whitelist-double.exp | 42 |
3 files changed, 54 insertions, 6 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index f94040d0f..90b91f9dd 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -268,13 +268,17 @@ static void whitelist_path(ProfileEntry *entry) { | |||
268 | 268 | ||
269 | // process regular file | 269 | // process regular file |
270 | else { | 270 | else { |
271 | // create an empty file | 271 | if (access(path, R_OK)) { |
272 | FILE *fp = fopen(path, "w"); | 272 | // create an empty file |
273 | if (!fp) { | 273 | FILE *fp = fopen(path, "w"); |
274 | fprintf(stderr, "Error: cannot create empty file in home directory\n"); | 274 | if (!fp) { |
275 | exit(1); | 275 | fprintf(stderr, "Error: cannot create empty file in home directory\n"); |
276 | exit(1); | ||
277 | } | ||
278 | fclose(fp); | ||
276 | } | 279 | } |
277 | fclose(fp); | 280 | else |
281 | return; // the file is already present | ||
278 | } | 282 | } |
279 | 283 | ||
280 | // set file properties | 284 | // set file properties |
diff --git a/test/fs/fs.sh b/test/fs/fs.sh index 00e6e29c2..ee6351e2e 100755 --- a/test/fs/fs.sh +++ b/test/fs/fs.sh | |||
@@ -54,3 +54,5 @@ echo "TESTING: bind as user (test/fs/option_bind_user.exp)" | |||
54 | echo "TESTING: recursive mkdir (test/fs/mkdir.exp)" | 54 | echo "TESTING: recursive mkdir (test/fs/mkdir.exp)" |
55 | ./mkdir.exp | 55 | ./mkdir.exp |
56 | 56 | ||
57 | echo "TESTING: double whitelist (test/fs/whitelist-double.exp)" | ||
58 | ./whitelist-double.exp | ||
diff --git a/test/fs/whitelist-double.exp b/test/fs/whitelist-double.exp new file mode 100755 index 000000000..87d6ed686 --- /dev/null +++ b/test/fs/whitelist-double.exp | |||
@@ -0,0 +1,42 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 30 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "echo 123 > /tmp/firejal-deleteme\r" | ||
11 | sleep 1 | ||
12 | |||
13 | send -- "firejail --whitelist=/tmp/firejal-deleteme --whitelist=/tmp/firejal-deleteme\r" | ||
14 | expect { | ||
15 | timeout {puts "TESTING ERROR 0\n";exit} | ||
16 | "Child process initialized" | ||
17 | } | ||
18 | sleep 1 | ||
19 | |||
20 | send -- "cat /tmp/firejal-deleteme\r" | ||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 1\n";exit} | ||
23 | "123" | ||
24 | } | ||
25 | |||
26 | send -- "exit\r" | ||
27 | sleep 1 | ||
28 | |||
29 | send -- "cat /tmp/firejal-deleteme\r" | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 1\n";exit} | ||
32 | "123" | ||
33 | } | ||
34 | |||
35 | send -- "rm/tmp/firejal-deleteme \r" | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 3\n";exit} | ||
38 | "0" | ||
39 | } | ||
40 | sleep 1 | ||
41 | |||
42 | puts "\nall done\n" | ||