diff options
author | netblue30 <netblue30@yahoo.com> | 2017-03-22 11:36:25 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-03-22 11:36:25 -0400 |
commit | 7310febd4d62eaac54c509244f8c011290e230b0 (patch) | |
tree | ff95e2cfa33b59faaf725e4856d898013b7a3f7a | |
parent | Edited profile request issue no. (diff) | |
download | firejail-7310febd4d62eaac54c509244f8c011290e230b0.tar.gz firejail-7310febd4d62eaac54c509244f8c011290e230b0.tar.zst firejail-7310febd4d62eaac54c509244f8c011290e230b0.zip |
fixed private-tmp problem on KDE systems
-rw-r--r-- | etc/firefox.profile | 2 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 14 |
2 files changed, 15 insertions, 1 deletions
diff --git a/etc/firefox.profile b/etc/firefox.profile index dec44ca67..20acde62a 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
@@ -51,4 +51,4 @@ include /etc/firejail/whitelist-common.inc | |||
51 | #private-bin firefox,which,sh,dbus-launch,dbus-send,env | 51 | #private-bin firefox,which,sh,dbus-launch,dbus-send,env |
52 | #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse | 52 | #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse |
53 | private-dev | 53 | private-dev |
54 | #private-tmp | 54 | private-tmp |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index f26f8b06a..d1557e8b2 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -742,6 +742,20 @@ int sandbox(void* sandbox_arg) { | |||
742 | else { | 742 | else { |
743 | // private-tmp is implemented as a whitelist | 743 | // private-tmp is implemented as a whitelist |
744 | EUID_USER(); | 744 | EUID_USER(); |
745 | // check XAUTHORITY file, KDE keeps it under /tmp | ||
746 | char *xauth = getenv("XAUTHORITY"); | ||
747 | if (xauth) { | ||
748 | char *rp = realpath(xauth, NULL); | ||
749 | if (rp && strncmp(rp, "/tmp/", 5) == 0) { | ||
750 | char *cmd; | ||
751 | if (asprintf(&cmd, "whitelist %s", rp) == -1) | ||
752 | errExit("asprintf"); | ||
753 | profile_add(cmd); // profile_add does not duplicate the string | ||
754 | } | ||
755 | if (rp) | ||
756 | free(rp); | ||
757 | } | ||
758 | // whitelist x11 directory | ||
745 | profile_add("whitelist /tmp/.X11-unix"); | 759 | profile_add("whitelist /tmp/.X11-unix"); |
746 | EUID_ROOT(); | 760 | EUID_ROOT(); |
747 | } | 761 | } |