diff options
author | smitsohu <smitsohu@gmail.com> | 2019-07-27 16:24:28 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2019-07-27 16:24:28 +0200 |
commit | edfccb3f673541557d90aca13d7e2cbde2b0aeb8 (patch) | |
tree | 9268f97420f1efa5ea46d326d3c8cbdc67143359 | |
parent | update version table (diff) | |
download | firejail-edfccb3f673541557d90aca13d7e2cbde2b0aeb8.tar.gz firejail-edfccb3f673541557d90aca13d7e2cbde2b0aeb8.tar.zst firejail-edfccb3f673541557d90aca13d7e2cbde2b0aeb8.zip |
fix private-tmp/pam-tmpdir interaction - #2685
-rw-r--r-- | src/firejail/fs_whitelist.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 666f02e4d..122c100f8 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -735,6 +735,22 @@ void fs_whitelist(void) { | |||
735 | errExit("mounting tmpfs on /tmp"); | 735 | errExit("mounting tmpfs on /tmp"); |
736 | fs_logger("tmpfs /tmp"); | 736 | fs_logger("tmpfs /tmp"); |
737 | 737 | ||
738 | // pam-tmpdir - issue #2685 | ||
739 | char *env = getenv("TMP"); | ||
740 | if (env) { | ||
741 | char *pamtmpdir; | ||
742 | if (asprintf(&pamtmpdir, "/tmp/user/%u", getuid()) == -1) | ||
743 | errExit("asprintf"); | ||
744 | if (strcmp(env, pamtmpdir) == 0) { | ||
745 | // create empty user-owned /tmp/user/$uid directory | ||
746 | mkdir_attr("/tmp/user", 0755, 0, 0); | ||
747 | fs_logger("mkdir /tmp/user"); | ||
748 | mkdir_attr(pamtmpdir, 0700, getuid(), getgid()); | ||
749 | fs_logger2("mkdir", pamtmpdir); | ||
750 | } | ||
751 | free(pamtmpdir); | ||
752 | } | ||
753 | |||
738 | // autowhitelist home directory if it is masked by the tmpfs | 754 | // autowhitelist home directory if it is masked by the tmpfs |
739 | if (strncmp(cfg.homedir, "/tmp/", 5) == 0) | 755 | if (strncmp(cfg.homedir, "/tmp/", 5) == 0) |
740 | whitelist_home(WLDIR_TMP); | 756 | whitelist_home(WLDIR_TMP); |