expand ${PATH} macro in noblacklist entries

author: Aleksey Manevich <manevich.aleksey@gmail.com> 2016-08-10 01:47:25 +0300
committer: Aleksey Manevich <manevich.aleksey@gmail.com> 2016-08-10 01:47:25 +0300
commit: 9834016feaa57d08d5719def13cf302086957d2e (patch)
tree: a2440518076a573b07ac2548716157572ad2e4a9
parent: workaround for systems where common UNIX utilities are symlinks to busybox (diff)
download: firejail-9834016feaa57d08d5719def13cf302086957d2e.tar.gz
firejail-9834016feaa57d08d5719def13cf302086957d2e.tar.zst
firejail-9834016feaa57d08d5719def13cf302086957d2e.zip
1 files changed, 34 insertions, 6 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index ff5887c10..5bcfa6066 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -478,12 +478,40 @@ void fs_blacklist(void) {
                // Process noblacklist command
                if (strncmp(entry->data, "noblacklist ", 12) == 0) {
-                        if (noblacklist_c >= noblacklist_m) {
+                        char **paths = build_paths();
-                        noblacklist_m *= 2;
-                        noblacklist = realloc(noblacklist, sizeof(*noblacklist) * noblacklist_m);
+                        char *enames[sizeof(paths)+1] = {0};
-                        if (noblacklist == NULL)
+                        int i = 0;
-                                errExit("failed increasing memory for noblacklist entries");}
-                        noblacklist[noblacklist_c++] = expand_home(entry->data + 12, homedir);
+                        if (strncmp(entry->data + 12, "${PATH}", 7) == 0) {
+                                // expand ${PATH} macro
+                                while (paths[i] != NULL) {
+                                        if (asprintf(&enames[i], "%s%s", paths[i], entry->data + 19) == -1)
+                                                errExit("asprintf");
+                                        i++;
+                                }
+                        } else {
+                                // expand ${HOME} macro if found or pass as is
+                                enames[0] = expand_home(entry->data + 12, homedir);
+                                enames[1] = NULL;
+                        }
+                        i = 0;
+                        while (enames[i] != NULL) {
+                                if (noblacklist_c >= noblacklist_m) {
+                                        noblacklist_m *= 2;
+                                        noblacklist = realloc(noblacklist, sizeof(*noblacklist) * noblacklist_m);
+                                        if (noblacklist == NULL)
+                                                errExit("failed increasing memory for noblacklist entries");
+                                }
+                                noblacklist[noblacklist_c++] = enames[i];
+                                i++;
+                        }
+                        while (enames[i] != NULL) {
+                                free(enames[i]);
+                        }
                        entry = entry->next;
                        continue;
                }
author	Aleksey Manevich <manevich.aleksey@gmail.com>	2016-08-10 01:47:25 +0300
committer	Aleksey Manevich <manevich.aleksey@gmail.com>	2016-08-10 01:47:25 +0300
commit	9834016feaa57d08d5719def13cf302086957d2e (patch)
tree	a2440518076a573b07ac2548716157572ad2e4a9
parent	workaround for systems where common UNIX utilities are symlinks to busybox (diff)
download	firejail-9834016feaa57d08d5719def13cf302086957d2e.tar.gz firejail-9834016feaa57d08d5719def13cf302086957d2e.tar.zst firejail-9834016feaa57d08d5719def13cf302086957d2e.zip

diff --git a/src/firejail/fs.c b/src/firejail/fs.c index ff5887c10..5bcfa6066 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c
@@ -478,12 +478,40 @@ void fs_blacklist(void) {
478		478
479	// Process noblacklist command	479	// Process noblacklist command
480	if (strncmp(entry->data, "noblacklist ", 12) == 0) {	480	if (strncmp(entry->data, "noblacklist ", 12) == 0) {
481	if (noblacklist_c >= noblacklist_m) {	481	char **paths = build_paths();
482	noblacklist_m *= 2;	482
483	noblacklist = realloc(noblacklist, sizeof(noblacklist) noblacklist_m);	483	char *enames[sizeof(paths)+1] = {0};
484	if (noblacklist == NULL)	484	int i = 0;
485	errExit("failed increasing memory for noblacklist entries");}	485
486	noblacklist[noblacklist_c++] = expand_home(entry->data + 12, homedir);	486	if (strncmp(entry->data + 12, "${PATH}", 7) == 0) {
		487	// expand ${PATH} macro
		488	while (paths[i] != NULL) {
		489	if (asprintf(&enames[i], "%s%s", paths[i], entry->data + 19) == -1)
		490	errExit("asprintf");
		491	i++;
		492	}
		493	} else {
		494	// expand ${HOME} macro if found or pass as is
		495	enames[0] = expand_home(entry->data + 12, homedir);
		496	enames[1] = NULL;
		497	}
		498
		499	i = 0;
		500	while (enames[i] != NULL) {
		501	if (noblacklist_c >= noblacklist_m) {
		502	noblacklist_m *= 2;
		503	noblacklist = realloc(noblacklist, sizeof(noblacklist) noblacklist_m);
		504	if (noblacklist == NULL)
		505	errExit("failed increasing memory for noblacklist entries");
		506	}
		507	noblacklist[noblacklist_c++] = enames[i];
		508	i++;
		509	}
		510
		511	while (enames[i] != NULL) {
		512	free(enames[i]);
		513	}
		514
487	entry = entry->next;	515	entry = entry->next;
488	continue;	516	continue;
489	}	517	}