Merge pull request #1359 from BafDyce/fix-1013

Fix race condition when setting up /run/firejail files (#1013)
author: netblue30 <netblue30@yahoo.com> 2017-06-30 09:57:49 -0400
committer: GitHub <noreply@github.com> 2017-06-30 09:57:49 -0400
commit: a0e4e460090370aeb3237838f5dbe7a64c7ac62b (patch)
tree: a8dbec61afe1f710dc18170a3fda995fda696308
parent: geary typo (diff)
parent: Fix race condition when setting up /run/firejail files (#1013) (diff)
download: firejail-a0e4e460090370aeb3237838f5dbe7a64c7ac62b.tar.gz
firejail-a0e4e460090370aeb3237838f5dbe7a64c7ac62b.tar.zst
firejail-a0e4e460090370aeb3237838f5dbe7a64c7ac62b.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/src/firejail/util.c b/src/firejail/util.c
index acbc19234..9ad7271ba 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -821,7 +821,9 @@ void create_empty_dir_as_root(const char *dir, mode_t mode) {
                if (arg_debug)
                        printf("Creating empty %s directory\n", dir);
                /* coverity[toctou] */
-                if (mkdir(dir, mode) == -1)
+                // don't fail if directory already exists. This can be the case in a race
+                // condition, when two jails launch at the same time. See #1013
+                if (mkdir(dir, mode) == -1 && errno != EEXIST)
                        errExit("mkdir");
                if (set_perms(dir, 0, 0, mode))
                        errExit("set_perms");
author	netblue30 <netblue30@yahoo.com>	2017-06-30 09:57:49 -0400
committer	GitHub <noreply@github.com>	2017-06-30 09:57:49 -0400
commit	a0e4e460090370aeb3237838f5dbe7a64c7ac62b (patch)
tree	a8dbec61afe1f710dc18170a3fda995fda696308
parent	geary typo (diff)
parent	Fix race condition when setting up /run/firejail files (#1013) (diff)
download	firejail-a0e4e460090370aeb3237838f5dbe7a64c7ac62b.tar.gz firejail-a0e4e460090370aeb3237838f5dbe7a64c7ac62b.tar.zst firejail-a0e4e460090370aeb3237838f5dbe7a64c7ac62b.zip