fix option skipping caused by noblacklist

closes #1235
author: smitsohu <smitsohu@gmail.com> 2019-06-29 14:52:20 +0200
committer: smitsohu <smitsohu@gmail.com> 2019-06-29 14:52:20 +0200
commit: 1e00f7247e04fa85e7585810cfa6ab10ecc5d53d (patch)
tree: 3e010ac9f049bfa31af13ad2a645685097ba0457
parent: add allusers to file manager profiles (diff)
download: firejail-1e00f7247e04fa85e7585810cfa6ab10ecc5d53d.tar.gz
firejail-1e00f7247e04fa85e7585810cfa6ab10ecc5d53d.tar.zst
firejail-1e00f7247e04fa85e7585810cfa6ab10ecc5d53d.zip
1 files changed, 15 insertions, 13 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 14d7d7156..9a15d825e 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -204,21 +204,23 @@ static void globbing(OPERATION op, const char *pattern, const char *noblacklist[
                        continue;
                // noblacklist is expected to be short in normal cases, so stupid and correct brute force is okay
                bool okay_to_blacklist = true;
-                for (j = 0; j < noblacklist_len; j++) {
+                if (op == BLACKLIST_FILE || op == BLACKLIST_NOLOG) {
-                        int result = fnmatch(noblacklist[j], path, FNM_PATHNAME);
+                        for (j = 0; j < noblacklist_len; j++) {
-                        if (result == FNM_NOMATCH)
+                                int result = fnmatch(noblacklist[j], path, FNM_PATHNAME);
-                                continue;
+                                if (result == FNM_NOMATCH)
-                        else if (result == 0) {
+                                        continue;
-                                okay_to_blacklist = false;
+                                else if (result == 0) {
+                                        okay_to_blacklist = false;
 #ifdef TEST_NO_BLACKLIST_MATCHING
-                                if (j < nbcheck_size)   // noblacklist checking
+                                        if (j < nbcheck_size)   // noblacklist checking
-                                        nbcheck[j] = 1;
+                                                nbcheck[j] = 1;
 #endif
-                                break;
+                                        break;
-                        }
+                                }
-                        else {
+                                else {
-                                fprintf(stderr, "Error: failed to compare path %s with pattern %s\n", path, noblacklist[j]);
+                                        fprintf(stderr, "Error: failed to compare path %s with pattern %s\n", path, noblacklist[j]);
-                                exit(1);
+                                        exit(1);
+                                }
                        }
                }
author	smitsohu <smitsohu@gmail.com>	2019-06-29 14:52:20 +0200
committer	smitsohu <smitsohu@gmail.com>	2019-06-29 14:52:20 +0200
commit	1e00f7247e04fa85e7585810cfa6ab10ecc5d53d (patch)
tree	3e010ac9f049bfa31af13ad2a645685097ba0457
parent	add allusers to file manager profiles (diff)
download	firejail-1e00f7247e04fa85e7585810cfa6ab10ecc5d53d.tar.gz firejail-1e00f7247e04fa85e7585810cfa6ab10ecc5d53d.tar.zst firejail-1e00f7247e04fa85e7585810cfa6ab10ecc5d53d.zip

diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 14d7d7156..9a15d825e 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c
@@ -204,21 +204,23 @@ static void globbing(OPERATION op, const char pattern, const char noblacklist[
204	continue;	204	continue;
205	// noblacklist is expected to be short in normal cases, so stupid and correct brute force is okay	205	// noblacklist is expected to be short in normal cases, so stupid and correct brute force is okay
206	bool okay_to_blacklist = true;	206	bool okay_to_blacklist = true;
207	for (j = 0; j < noblacklist_len; j++) {	207	if (op == BLACKLIST_FILE \|\| op == BLACKLIST_NOLOG) {
208	int result = fnmatch(noblacklist[j], path, FNM_PATHNAME);	208	for (j = 0; j < noblacklist_len; j++) {
209	if (result == FNM_NOMATCH)	209	int result = fnmatch(noblacklist[j], path, FNM_PATHNAME);
210	continue;	210	if (result == FNM_NOMATCH)
211	else if (result == 0) {	211	continue;
212	okay_to_blacklist = false;	212	else if (result == 0) {
		213	okay_to_blacklist = false;
213	#ifdef TEST_NO_BLACKLIST_MATCHING	214	#ifdef TEST_NO_BLACKLIST_MATCHING
214	if (j < nbcheck_size) // noblacklist checking	215	if (j < nbcheck_size) // noblacklist checking
215	nbcheck[j] = 1;	216	nbcheck[j] = 1;
216	#endif	217	#endif
217	break;	218	break;
218	}	219	}
219	else {	220	else {
220	fprintf(stderr, "Error: failed to compare path %s with pattern %s\n", path, noblacklist[j]);	221	fprintf(stderr, "Error: failed to compare path %s with pattern %s\n", path, noblacklist[j]);
221	exit(1);	222	exit(1);
		223	}
222	}	224	}
223	}	225	}
224		226