enhance post-mount checks

author: smitsohu <smitsohu@gmail.com> 2018-05-04 12:08:25 +0200
committer: smitsohu <smitsohu@gmail.com> 2018-05-04 12:08:25 +0200
commit: 811673eeff8cc23f59b64c1522e44d1793a2985a (patch)
tree: 14ceae65f5e6f7e8bc0fe44bb35e85df2c1d2544
parent: add disable-interpreters.inc to gnome-logs (#1923) (diff)
download: firejail-811673eeff8cc23f59b64c1522e44d1793a2985a.tar.gz
firejail-811673eeff8cc23f59b64c1522e44d1793a2985a.tar.zst
firejail-811673eeff8cc23f59b64c1522e44d1793a2985a.zip
2 files changed, 4 insertions, 4 deletions
diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c
index ad93efe3c..a7a1c3acc 100644
--- a/src/firejail/pulseaudio.c
+++ b/src/firejail/pulseaudio.c
@@ -176,9 +176,9 @@ void pulseaudio_init(void) {
                        errExit("mount pulseaudio");
                fs_logger2("tmpfs", homeusercfg);
-                // check /proc/self/mounts to confirm the mount is ok
+                // check /proc/self/mountinfo to confirm the mount is ok
                MountData *mptr = get_last_mount();
-                if (strncmp(mptr->dir,homeusercfg,strlen(homeusercfg)) != 0) {
+                if (strncmp(mptr->fstype, "tmpfs", 5) != 0 || strncmp(mptr->dir, homeusercfg, strlen(homeusercfg)) != 0) {
                        fprintf(stderr, "Error: invalid mount on top of %s (should be %s)\n", mptr->dir, homeusercfg);
                        exit(1);
                }
diff --git a/src/firejail/x11.c b/src/firejail/x11.c
index d8b5961a2..554035c60 100644
--- a/src/firejail/x11.c
+++ b/src/firejail/x11.c
@@ -1194,9 +1194,9 @@ void x11_xorg(void) {
        if (set_perms(dest, getuid(), getgid(), 0600))
                errExit("set_perms");
-        // check /proc/self/mounts to confirm the mount is ok
+        // check /proc/self/mountinfo to confirm the mount is ok
        MountData *mptr = get_last_mount();
-        if (strncmp(mptr->dir,dest,strlen(dest)) != 0) {
+        if (strncmp(mptr->fstype, "tmpfs", 5) != 0 || strncmp(mptr->dir, dest, strlen(dest)) != 0) {
                fprintf(stderr, "Error: invalid mount on top of %s (should be %s)\n", mptr->dir, dest);
                exit(1);
        }
author	smitsohu <smitsohu@gmail.com>	2018-05-04 12:08:25 +0200
committer	smitsohu <smitsohu@gmail.com>	2018-05-04 12:08:25 +0200
commit	811673eeff8cc23f59b64c1522e44d1793a2985a (patch)
tree	14ceae65f5e6f7e8bc0fe44bb35e85df2c1d2544
parent	add disable-interpreters.inc to gnome-logs (#1923) (diff)
download	firejail-811673eeff8cc23f59b64c1522e44d1793a2985a.tar.gz firejail-811673eeff8cc23f59b64c1522e44d1793a2985a.tar.zst firejail-811673eeff8cc23f59b64c1522e44d1793a2985a.zip

diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c index ad93efe3c..a7a1c3acc 100644 --- a/src/firejail/pulseaudio.c +++ b/src/firejail/pulseaudio.c
@@ -176,9 +176,9 @@ void pulseaudio_init(void) {
176	errExit("mount pulseaudio");	176	errExit("mount pulseaudio");
177	fs_logger2("tmpfs", homeusercfg);	177	fs_logger2("tmpfs", homeusercfg);
178		178
179	// check /proc/self/mounts to confirm the mount is ok	179	// check /proc/self/mountinfo to confirm the mount is ok
180	MountData *mptr = get_last_mount();	180	MountData *mptr = get_last_mount();
181	if (strncmp(mptr->dir,homeusercfg,strlen(homeusercfg)) != 0) {	181	if (strncmp(mptr->fstype, "tmpfs", 5) != 0 \|\| strncmp(mptr->dir, homeusercfg, strlen(homeusercfg)) != 0) {
182	fprintf(stderr, "Error: invalid mount on top of %s (should be %s)\n", mptr->dir, homeusercfg);	182	fprintf(stderr, "Error: invalid mount on top of %s (should be %s)\n", mptr->dir, homeusercfg);
183	exit(1);	183	exit(1);
184	}	184	}


diff --git a/src/firejail/x11.c b/src/firejail/x11.c index d8b5961a2..554035c60 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c
@@ -1194,9 +1194,9 @@ void x11_xorg(void) {
1194	if (set_perms(dest, getuid(), getgid(), 0600))	1194	if (set_perms(dest, getuid(), getgid(), 0600))
1195	errExit("set_perms");	1195	errExit("set_perms");
1196		1196
1197	// check /proc/self/mounts to confirm the mount is ok	1197	// check /proc/self/mountinfo to confirm the mount is ok
1198	MountData *mptr = get_last_mount();	1198	MountData *mptr = get_last_mount();
1199	if (strncmp(mptr->dir,dest,strlen(dest)) != 0) {	1199	if (strncmp(mptr->fstype, "tmpfs", 5) != 0 \|\| strncmp(mptr->dir, dest, strlen(dest)) != 0) {
1200	fprintf(stderr, "Error: invalid mount on top of %s (should be %s)\n", mptr->dir, dest);	1200	fprintf(stderr, "Error: invalid mount on top of %s (should be %s)\n", mptr->dir, dest);
1201	exit(1);	1201	exit(1);
1202	}	1202	}