mainline merge

7 files changed, 38 insertions, 34 deletions

diff --git a/etc/disable-devel.inc b/etc/disable-devel.inc
index 0327e717e..627856803 100644
--- a/etc/disable-devel.inc
+++ b/etc/disable-devel.inc
@@ -26,7 +26,8 @@ blacklist /usr/include
 blacklist ${PATH}/clang*
 blacklist ${PATH}/lldb*
 blacklist ${PATH}/llvm*
-blacklist /usr/lib/llvm*
+# see issue #2106 - it disables hardware acceleration in Firefox on Radeon GPU
+# blacklist /usr/lib/llvm*
 
 # tcc - Tiny C Compiler
 blacklist ${PATH}/tcc
diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile
index 6069c5174..4d9ebcb2e 100644
--- a/etc/start-tor-browser.profile
+++ b/etc/start-tor-browser.profile
@@ -28,7 +28,7 @@ protocol unix,inet,inet6
 seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
 shell none
 # tracelog may cause issues, see github issue #1930
-tracelog
+#tracelog
 
 disable-mnt
 private-bin bash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile
index f175b6590..307377acc 100644
--- a/etc/torbrowser-launcher.profile
+++ b/etc/torbrowser-launcher.profile
@@ -43,7 +43,7 @@ protocol unix,inet,inet6
 seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
 shell none
 # tracelog may cause issues, see github issue #1930
-tracelog
+#tracelog
 
 disable-mnt
 private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,tar,tclsh,test,tor-browser-en,torbrowser-launcher,xz
diff --git a/src/firejail/join.c b/src/firejail/join.c
index b22a6e054..569cfcff7 100644
--- a/src/firejail/join.c
+++ b/src/firejail/join.c
@@ -333,6 +333,7 @@ void join(pid_t pid, int argc, char **argv, int index) {
                                 caps_set(caps);
                 }
 
+                EUID_USER();
                 // set nice
                 if (arg_nice) {
                         errno = 0;
@@ -345,8 +346,6 @@ void join(pid_t pid, int argc, char **argv, int index) {
                 }
 
                 // set environment, add x11 display
-                EUID_USER();
-
                 env_defaults();
                 if (display) {
                         char *display_str;
diff --git a/src/firejail/macros.c b/src/firejail/macros.c
index 283de57f2..27893938f 100644
--- a/src/firejail/macros.c
+++ b/src/firejail/macros.c
@@ -92,6 +92,7 @@ int is_macro(const char *name) {
 
 // returns mallocated memory
 static char *resolve_xdg(const char *var) {
+        EUID_ASSERT();
         char *fname;
         struct stat s;
         size_t length = strlen(var);
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 3e22e5a53..f9be62a79 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -882,7 +882,6 @@ int sandbox(void* sandbox_arg) {
                 }
         }
 
-        EUID_ROOT();
         // set nice
         if (arg_nice) {
                 errno = 0;
@@ -893,6 +892,7 @@ int sandbox(void* sandbox_arg) {
                         errno = 0;
                 }
         }
+        EUID_ROOT();
 
         //****************************
         // set security filters
diff --git a/src/firejail/util.c b/src/firejail/util.c
index ff2bceacd..4a164901d 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -33,7 +33,7 @@
 
 #define MAX_GROUPS 1024
 #define MAXBUF 4098
-
+#define EMPTY_STRING ("")
 
 
 // send the error to /var/log/auth.log and exit after a small delay
@@ -1049,7 +1049,7 @@ void disable_file_path(const char *path, const char *file) {
 }
 
 // The returned file descriptor should be suitable for privileged operations on
-// user controlled paths. Passed flags are ignored if path is a top level directory.
+// user controlled paths
 int safe_fd(const char *path, int flags) {
         assert(path);
 
@@ -1059,13 +1059,7 @@ int safe_fd(const char *path, int flags) {
         // reject ".."
         if (strstr(path, ".."))
                 goto errexit;
-
-        // work with a copy of path
-        char *dup = strdup(path);
-        if (dup == NULL)
-                errExit("strdup");
-
-        char *p = strrchr(dup, '/');
+        char *p = strrchr(path, '/');
         assert(p);
         // reject trailing slash, root directory
         if (*(p + 1) == '\0')
@@ -1073,45 +1067,54 @@ int safe_fd(const char *path, int flags) {
         // reject trailing dot
         if (*(p + 1) == '.' && *(p + 2) == '\0')
                 goto errexit;
-        // if there is more than one path segment, keep the last one for later
-        if (p != dup)
-                *p = '\0';
+
+        // work with a copy of path
+        char *dup = strdup(path);
+        if (!dup)
+                errExit("strdup");
 
         int parentfd = open("/", O_PATH|O_DIRECTORY|O_CLOEXEC);
         if (parentfd == -1)
                 errExit("open");
 
         // traverse the path and return -1 if a symlink is encountered
-        int weird_pathname = 1;
         int fd = -1;
+        char *current_tok = EMPTY_STRING;
         char *tok = strtok(dup, "/");
+        assert(tok);
         while (tok) {
                 // skip all "/./"
                 if (strcmp(tok, ".") == 0) {
                         tok = strtok(NULL, "/");
                         continue;
                 }
-                weird_pathname = 0;
-
-                // open the directory
+                // open the element, assuming it is a directory; this fails with ENOTDIR if it is a symbolic link
                 fd = openat(parentfd, tok, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC);
-                close(parentfd);
                 if (fd == -1) {
+                        // if the following token is NULL, the current token is the final path element
+                        // try again to open it, this time using the passed flags, and return -1 or the descriptor
+                        current_tok = tok;
+                        tok = strtok(NULL, "/");
+                        if (!tok)
+                                fd = openat(parentfd, current_tok, flags|O_NOFOLLOW);
+                        close(parentfd);
                         free(dup);
-                        return -1;
+                        return fd; // -1 if open failed
                 }
-
-                parentfd = fd;
+                // move on to next path segment
+                current_tok = tok;
                 tok = strtok(NULL, "/");
+                if (tok) {
+                        close(parentfd);
+                        parentfd = fd;
+                }
         }
-        if (p != dup) {
-                // consistent flags for top level directories (////foo, /.///foo)
-                if (weird_pathname)
-                        flags = O_PATH|O_DIRECTORY|O_CLOEXEC;
-                // open last path segment
-                fd = openat(parentfd, p + 1, flags|O_NOFOLLOW);
-                close(parentfd);
-        }
+
+        // we are here because the last path element exists and is of file type directory
+        // reopen it using the passed flags
+        close(fd);
+        fd = openat(parentfd, current_tok, flags|O_NOFOLLOW);
+        close(parentfd);
         free(dup);
         return fd; // -1 if open failed