diff options
author | smitsohu <smitsohu@gmail.com> | 2020-01-26 13:43:30 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-01-26 13:43:30 +0100 |
commit | afb7e0363bd630f12773876d486afed4ad485ad7 (patch) | |
tree | 852be3255b8e089a0618320f8b096ffa92a1aaa4 /src/firejail/fs.c | |
parent | Create allow-php.inc (diff) | |
download | firejail-afb7e0363bd630f12773876d486afed4ad485ad7.tar.gz firejail-afb7e0363bd630f12773876d486afed4ad485ad7.tar.zst firejail-afb7e0363bd630f12773876d486afed4ad485ad7.zip |
fix read-only=/
Diffstat (limited to 'src/firejail/fs.c')
-rw-r--r-- | src/firejail/fs.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 1bce68f15..c7dd91b06 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -521,12 +521,16 @@ void fs_remount(const char *dir, OPERATION op, unsigned check_mnt) { | |||
521 | if (mount(dir, dir, NULL, MS_BIND|MS_REC, NULL) < 0 || | 521 | if (mount(dir, dir, NULL, MS_BIND|MS_REC, NULL) < 0 || |
522 | mount(NULL, dir, NULL, flags|MS_BIND|MS_REMOUNT, NULL) < 0) | 522 | mount(NULL, dir, NULL, flags|MS_BIND|MS_REMOUNT, NULL) < 0) |
523 | errExit("remounting"); | 523 | errExit("remounting"); |
524 | // run a sanity check on /proc/self/mountinfo | ||
524 | if (check_mnt) { | 525 | if (check_mnt) { |
525 | // run a sanity check on /proc/self/mountinfo | 526 | // confirm target of the last mount operation was dir; if there are other |
527 | // mount points contained inside dir, one of those will show up as target | ||
528 | // of the last mount operation instead | ||
526 | MountData *mptr = get_last_mount(); | 529 | MountData *mptr = get_last_mount(); |
527 | size_t len = strlen(dir); | 530 | size_t len = strlen(dir); |
528 | if (strncmp(mptr->dir, dir, len) != 0 || | 531 | if ((strncmp(mptr->dir, dir, len) != 0 || |
529 | (*(mptr->dir + len) != '\0' && *(mptr->dir + len) != '/')) | 532 | (*(mptr->dir + len) != '\0' && *(mptr->dir + len) != '/')) |
533 | && strcmp(dir, "/") != 0) // support read-only=/ | ||
530 | errLogExit("invalid %s mount", opstr[op]); | 534 | errLogExit("invalid %s mount", opstr[op]); |
531 | } | 535 | } |
532 | fs_logger2(opstr[op], dir); | 536 | fs_logger2(opstr[op], dir); |