diff options
author | netblue30 <netblue30@protonmail.com> | 2021-05-18 09:00:45 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-05-18 09:00:45 -0500 |
commit | ed7db097bd4eb387cd4583a71ba76cf126e5d8c7 (patch) | |
tree | 58cb4dd296e6ccdab0eb68e972f8919ebcdb5731 /src/firejail/fs_home.c | |
parent | Fix #4282 -- Unable to open X display when running firejail chromium command (diff) | |
parent | add /run whitelist support (diff) | |
download | firejail-ed7db097bd4eb387cd4583a71ba76cf126e5d8c7.tar.gz firejail-ed7db097bd4eb387cd4583a71ba76cf126e5d8c7.tar.zst firejail-ed7db097bd4eb387cd4583a71ba76cf126e5d8c7.zip |
Merge pull request #4229 from smitsohu/whitelist2
Whitelist2
Diffstat (limited to 'src/firejail/fs_home.c')
-rw-r--r-- | src/firejail/fs_home.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index c7b87235a..4bcefa443 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -262,10 +262,10 @@ void fs_private_homedir(void) { | |||
262 | if (arg_debug) | 262 | if (arg_debug) |
263 | printf("Mount-bind %s on top of %s\n", private_homedir, homedir); | 263 | printf("Mount-bind %s on top of %s\n", private_homedir, homedir); |
264 | // get file descriptors for homedir and private_homedir, fails if there is any symlink | 264 | // get file descriptors for homedir and private_homedir, fails if there is any symlink |
265 | int src = safe_fd(private_homedir, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC); | 265 | int src = safer_openat(-1, private_homedir, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC); |
266 | if (src == -1) | 266 | if (src == -1) |
267 | errExit("opening private directory"); | 267 | errExit("opening private directory"); |
268 | int dst = safe_fd(homedir, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC); | 268 | int dst = safer_openat(-1, homedir, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC); |
269 | if (dst == -1) | 269 | if (dst == -1) |
270 | errExit("opening home directory"); | 270 | errExit("opening home directory"); |
271 | // both mount source and target should be owned by the user | 271 | // both mount source and target should be owned by the user |
@@ -576,7 +576,7 @@ void fs_private_home_list(void) { | |||
576 | if (arg_debug) | 576 | if (arg_debug) |
577 | printf("Mount-bind %s on top of %s\n", RUN_HOME_DIR, homedir); | 577 | printf("Mount-bind %s on top of %s\n", RUN_HOME_DIR, homedir); |
578 | 578 | ||
579 | int fd = safe_fd(homedir, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC); | 579 | int fd = safer_openat(-1, homedir, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC); |
580 | if (fd == -1) | 580 | if (fd == -1) |
581 | errExit("opening home directory"); | 581 | errExit("opening home directory"); |
582 | // home directory should be owned by the user | 582 | // home directory should be owned by the user |