diff options
author | smitsohu <smitsohu@gmail.com> | 2020-07-29 17:36:55 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-07-29 17:36:55 +0200 |
commit | 8c22c0ab6b39c31f63dcbe95a3c67b5cdb8a4266 (patch) | |
tree | fdf491723068e0b8c4dc8600193ec3e6cd3c4bda | |
parent | Merge pull request #3521 from smitsohu/join2 (diff) | |
download | firejail-8c22c0ab6b39c31f63dcbe95a3c67b5cdb8a4266.tar.gz firejail-8c22c0ab6b39c31f63dcbe95a3c67b5cdb8a4266.tar.zst firejail-8c22c0ab6b39c31f63dcbe95a3c67b5cdb8a4266.zip |
initial /home cleaning: fail gently if home directory is a FUSE mount
-rw-r--r-- | src/firejail/restrict_users.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c index c12227406..a007312a6 100644 --- a/src/firejail/restrict_users.c +++ b/src/firejail/restrict_users.c | |||
@@ -74,15 +74,14 @@ static void sanitize_home(void) { | |||
74 | printf("Cleaning /home directory\n"); | 74 | printf("Cleaning /home directory\n"); |
75 | // keep a copy of the user home directory | 75 | // keep a copy of the user home directory |
76 | int fd = safe_fd(cfg.homedir, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC); | 76 | int fd = safe_fd(cfg.homedir, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC); |
77 | if (fd == -1) { | 77 | if (fd == -1) |
78 | if (errno == ENOENT) | 78 | goto errout; |
79 | fwarning("cannot find user home directory\n"); | 79 | if (fstat(fd, &s) == -1) { // FUSE |
80 | else | 80 | if (errno != EACCES) |
81 | fwarning("cannot clean /home directory\n"); | 81 | errExit("fstat"); |
82 | return; | 82 | close(fd); |
83 | goto errout; | ||
83 | } | 84 | } |
84 | if (fstat(fd, &s) == -1) | ||
85 | errExit("fstat"); | ||
86 | char *proc; | 85 | char *proc; |
87 | if (asprintf(&proc, "/proc/self/fd/%d", fd) == -1) | 86 | if (asprintf(&proc, "/proc/self/fd/%d", fd) == -1) |
88 | errExit("asprintf"); | 87 | errExit("asprintf"); |
@@ -124,6 +123,10 @@ static void sanitize_home(void) { | |||
124 | if (!arg_private) | 123 | if (!arg_private) |
125 | fs_logger2("whitelist", cfg.homedir); | 124 | fs_logger2("whitelist", cfg.homedir); |
126 | 125 | ||
126 | return; | ||
127 | |||
128 | errout: | ||
129 | fwarning("cannot clean /home directory\n"); | ||
127 | } | 130 | } |
128 | 131 | ||
129 | static void sanitize_run(void) { | 132 | static void sanitize_run(void) { |