diff options
author | netblue30 <netblue30@protonmail.com> | 2020-10-25 07:41:52 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-10-25 07:41:52 -0500 |
commit | c3ff78f50a7b34b11b5e159403973f9bb08f9b4a (patch) | |
tree | f5666eaea80b73cc5f199d1c9855bf5e4ff2e65e | |
parent | Merge pull request #3607 from kortewegdevries/wemail (diff) | |
parent | Likewise allow --bind inside $HOME for users (diff) | |
download | firejail-c3ff78f50a7b34b11b5e159403973f9bb08f9b4a.tar.gz firejail-c3ff78f50a7b34b11b5e159403973f9bb08f9b4a.tar.zst firejail-c3ff78f50a7b34b11b5e159403973f9bb08f9b4a.zip |
Merge pull request #3676 from rusty-snake/tmpfs-inside-home
Allow --tmpfs and --bind inside $HOME for unprivileged users
-rw-r--r-- | RELNOTES | 3 | ||||
-rw-r--r-- | src/firejail/fs.c | 8 | ||||
-rw-r--r-- | src/firejail/profile.c | 21 |
3 files changed, 23 insertions, 9 deletions
@@ -1,3 +1,6 @@ | |||
1 | firejail (0.9.65) baseline; urgency=low | ||
2 | * allow --tmpfs inside $HOME for unprivileged users | ||
3 | |||
1 | firejail (0.9.64) baseline; urgency=low | 4 | firejail (0.9.64) baseline; urgency=low |
2 | * replaced --nowrap option with --wrap in firemon | 5 | * replaced --nowrap option with --wrap in firemon |
3 | * The blocking action of seccomp filters has been changed from | 6 | * The blocking action of seccomp filters has been changed from |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 2000ffc62..2f2bfdc79 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -366,6 +366,14 @@ void fs_blacklist(void) { | |||
366 | else if (strncmp(entry->data, "tmpfs ", 6) == 0) { | 366 | else if (strncmp(entry->data, "tmpfs ", 6) == 0) { |
367 | ptr = entry->data + 6; | 367 | ptr = entry->data + 6; |
368 | op = MOUNT_TMPFS; | 368 | op = MOUNT_TMPFS; |
369 | char *resolved_path = realpath(ptr, NULL); | ||
370 | if (!resolved_path || strncmp(cfg.homedir, resolved_path, strlen(cfg.homedir)) != 0) { | ||
371 | if (getuid() != 0) { | ||
372 | fprintf(stderr, "Error: tmpfs outside $HOME is only available for root\n"); | ||
373 | exit(1); | ||
374 | } | ||
375 | } | ||
376 | free(resolved_path); | ||
369 | } | 377 | } |
370 | else if (strncmp(entry->data, "mkdir ", 6) == 0) { | 378 | else if (strncmp(entry->data, "mkdir ", 6) == 0) { |
371 | EUID_USER(); | 379 | EUID_USER(); |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 5d83e6a73..869183e2f 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -1412,11 +1412,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
1412 | // filesystem bind | 1412 | // filesystem bind |
1413 | if (strncmp(ptr, "bind ", 5) == 0) { | 1413 | if (strncmp(ptr, "bind ", 5) == 0) { |
1414 | if (checkcfg(CFG_BIND)) { | 1414 | if (checkcfg(CFG_BIND)) { |
1415 | if (getuid() != 0) { | ||
1416 | fprintf(stderr, "Error: --bind option is available only if running as root\n"); | ||
1417 | exit(1); | ||
1418 | } | ||
1419 | |||
1420 | // extract two directories | 1415 | // extract two directories |
1421 | char *dname1 = ptr + 5; | 1416 | char *dname1 = ptr + 5; |
1422 | char *dname2 = split_comma(dname1); // this inserts a '0 to separate the two dierctories | 1417 | char *dname2 = split_comma(dname1); // this inserts a '0 to separate the two dierctories |
@@ -1432,6 +1427,18 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
1432 | fprintf(stderr, "Error: invalid file name.\n"); | 1427 | fprintf(stderr, "Error: invalid file name.\n"); |
1433 | exit(1); | 1428 | exit(1); |
1434 | } | 1429 | } |
1430 | if (getuid() != 0) { | ||
1431 | char *resolved_path1 = realpath(dname1, NULL); | ||
1432 | char *resolved_path2 = realpath(dname2, NULL); | ||
1433 | assert(resolved_path1 && resolved_path2); | ||
1434 | if (strncmp(cfg.homedir, resolved_path1, strlen(cfg.homedir)) != 0 | ||
1435 | || strncmp(cfg.homedir, resolved_path2, strlen(cfg.homedir)) != 0) { | ||
1436 | fprintf(stderr, "Error: bind outside $HOME is only available for root\n"); | ||
1437 | exit(1); | ||
1438 | } | ||
1439 | free(resolved_path1); | ||
1440 | free(resolved_path2); | ||
1441 | } | ||
1435 | if (is_link(dname1) || is_link(dname2)) { | 1442 | if (is_link(dname1) || is_link(dname2)) { |
1436 | fprintf(stderr, "Symbolic links are not allowed for bind command\n"); | 1443 | fprintf(stderr, "Symbolic links are not allowed for bind command\n"); |
1437 | exit(1); | 1444 | exit(1); |
@@ -1563,10 +1570,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
1563 | else if (strncmp(ptr, "noexec ", 7) == 0) | 1570 | else if (strncmp(ptr, "noexec ", 7) == 0) |
1564 | ptr += 7; | 1571 | ptr += 7; |
1565 | else if (strncmp(ptr, "tmpfs ", 6) == 0) { | 1572 | else if (strncmp(ptr, "tmpfs ", 6) == 0) { |
1566 | if (getuid() != 0) { | ||
1567 | fprintf(stderr, "Error: tmpfs available only when running the sandbox as root\n"); | ||
1568 | exit(1); | ||
1569 | } | ||
1570 | ptr += 6; | 1573 | ptr += 6; |
1571 | } | 1574 | } |
1572 | else { | 1575 | else { |