added /dev/log to private-dev

3 files changed, 31 insertions, 2 deletions

diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index e3a56704f..5a917fd1f 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -38,6 +38,7 @@
 #define BIN_DIR "/run/firejail/mnt/bin"
 #define DRI_DIR "/run/firejail/mnt/dri"
 #define PULSE_DIR       "/run/firejail/mnt/pulse"
+#define DEVLOG_FILE     "/run/firejail/mnt/devlog"
 #define WHITELIST_HOME_DIR      "/run/firejail/mnt/whome"
 #define XAUTHORITY_FILE "/run/firejail/mnt/.Xauthority"
 #define HOSTNAME_FILE   "/run/firejail/mnt/hostname"
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c
index ec7126ffd..469cf48ab 100644
--- a/src/firejail/fs_dev.c
+++ b/src/firejail/fs_dev.c
@@ -74,7 +74,6 @@ void fs_private_dev(void){
 
         // create DRI_DIR
         fs_build_mnt_dir();
-        
         if (have_dri) {
                 /* coverity[toctou] */
                 rv = mkdir(DRI_DIR, 0755);
@@ -90,10 +89,36 @@ void fs_private_dev(void){
                         errExit("mounting /dev/dri");
         }
         
+        // restore /dev/log
+        int have_devlog = 0;
+        if (stat("/dev/log", &s) == 0) {
+                have_devlog = 1;
+                FILE *fp = fopen(DEVLOG_FILE, "w");
+                if (!fp)
+                        have_devlog = 0;
+                else {
+                        fprintf(fp, "\n");
+                        fclose(fp);
+                        if (mount("/dev/log", DEVLOG_FILE, NULL, MS_BIND|MS_REC, NULL) < 0)
+                                errExit("mounting /dev/log");
+                }
+        }
+
         // mount tmpfs on top of /dev
         if (mount("tmpfs", "/dev", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=777,gid=0") < 0)
                 errExit("mounting /dev");
 
+        // bring back /dev/log
+        if (have_devlog) {
+                FILE *fp = fopen("/dev/log", "w");
+                if (fp) {
+                        fprintf(fp, "\n");
+                        fclose(fp);
+                        if (mount(DEVLOG_FILE, "/dev/log", NULL, MS_BIND|MS_REC, NULL) < 0)
+                                errExit("mounting /dev/log");
+                }
+        }               
+
         // bring back the /dev/dri directory
         if (have_dri) {
                 /* coverity[toctou] */
@@ -105,7 +130,7 @@ void fs_private_dev(void){
                 if (chmod("/dev/dri",0755) < 0)
                         errExit("chmod");
                 if (mount(DRI_DIR, "/dev/dri", NULL, MS_BIND|MS_REC, NULL) < 0)
-                        errExit("mounting /dev");
+                        errExit("mounting /dev/dri");
         }
         
         // create /dev/shm
diff --git a/todo b/todo
index 54559e837..15f143440 100644
--- a/todo
+++ b/todo
@@ -77,4 +77,7 @@ socat ABSTRACT-LISTEN:/tmp/dbus-awBoQTCc,fork UNIX-CONNECT:/tmp/mysock
 ./configure --enable-fatal-warnings --disable-chroot --prefix=/usr
 ./configure --enable-fatal-warnings --disable-bind --prefix=/usr
 
+12. help and man for all protocol commands
+
+13. add /dev/log to private dev in help and man