various fixes

5 files changed, 32 insertions, 3 deletions

diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 6505177d0..4d2711fcd 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -283,6 +283,8 @@ static void disable_file(OPERATION op, const char *filename) {
         
         // if the file is not present, do nothing
         struct stat s;
+        if (fname == NULL)
+                return;
         if (stat(fname, &s) == -1) {
                 if (arg_debug)
                         printf("Warning: %s does not exist, skipping...\n", fname);
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 99c2e855c..d394ba704 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -651,6 +651,30 @@ void fs_whitelist(void) {
                         errExit("mount tmpfs");
         }
 
+        // mask the real /var directory, currently mounted on RUN_WHITELIST_VAR_DIR
+        if (var_dir) {
+                if (mount("tmpfs", RUN_WHITELIST_VAR_DIR, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=755,gid=0") < 0)
+                        errExit("mount tmpfs");
+        }
+
+        // mask the real /opt directory, currently mounted on RUN_WHITELIST_OPT_DIR
+        if (opt_dir) {
+                if (mount("tmpfs", RUN_WHITELIST_OPT_DIR, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=755,gid=0") < 0)
+                        errExit("mount tmpfs");
+        }
+
+        // mask the real /dev directory, currently mounted on RUN_WHITELIST_DEV_DIR
+        if (dev_dir) {
+                if (mount("tmpfs", RUN_WHITELIST_DEV_DIR, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=755,gid=0") < 0)
+                        errExit("mount tmpfs");
+        }
+
+        // mask the real /media directory, currently mounted on RUN_WHITELIST_MEDIA_DIR
+        if (media_dir) {
+                if (mount("tmpfs", RUN_WHITELIST_MEDIA_DIR, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=755,gid=0") < 0)
+                        errExit("mount tmpfs");
+        }
+
         if (new_name)
                 free(new_name);
                 
diff --git a/src/firejail/x11.c b/src/firejail/x11.c
index e09bb3411..7769503b1 100644
--- a/src/firejail/x11.c
+++ b/src/firejail/x11.c
@@ -47,7 +47,7 @@ int x11_display(void) {
         int display;
         int rv = sscanf(d, ":%d", &display);
         if (rv != 1)
-                return;
+                return -1;
         if (arg_debug)
                 printf("DISPLAY %s, %d\n", d, display);
         
diff --git a/src/firemon/firemon.h b/src/firemon/firemon.h
index b10c9ce17..522ece077 100644
--- a/src/firemon/firemon.h
+++ b/src/firemon/firemon.h
@@ -81,4 +81,7 @@ void tree(pid_t pid);
 // netstats.c
 void netstats(void);
 
+// x11.c
+void x11(pid_t pid);
+
 #endif
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c
index 6396049e3..71550454a 100644
--- a/src/firemon/procevent.c
+++ b/src/firemon/procevent.c
@@ -91,7 +91,7 @@ static int pid_is_firejail(pid_t pid) {
                                 continue;
                         if (first) {
                                 first = 0;
-                                start = buffer + i + 1;
+                                start = (char *) buffer + i + 1;
                                 continue;
                         }
                         if (strncmp(start, "--", 2) != 0)
@@ -101,7 +101,7 @@ static int pid_is_firejail(pid_t pid) {
                                 rv = 0;
                                 break;
                         }
-                        start = buffer + i + 1;
+                        start = (char *) buffer + i + 1;
                 }
         }