bring in private-lib libraries for all private-bin programs. Example:firejail --private-lib --private-bin=bash,ls,find,pwd,grep

1 files changed, 18 insertions, 1 deletions

diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c
index 890f8daf9..38c23a756 100644
--- a/src/firejail/fs_lib.c
+++ b/src/firejail/fs_lib.c
@@ -23,6 +23,8 @@
 #include <sys/types.h>
 #include <unistd.h>
 
+#define MAXBUF 4096
+
 static const char * const lib_paths[] = {
         "/lib",
         "/lib/x86_64-linux-gnu",
@@ -68,7 +70,6 @@ static void copy_libs(const char *lib, const char *private_run_dir, const char *
         if (!fp)
                 errExit("fopen");
 
-#define MAXBUF 4096
         char buf[MAXBUF];
         while (fgets(buf, MAXBUF, fp)) {
                 // remove \n
@@ -200,6 +201,22 @@ void fs_private_lib(void) {
                 fs_logger_print();
         }
 
+        // for private-bin files
+        if (arg_private_bin) {
+                FILE *fp = fopen(RUN_LIB_BIN, "r");
+                if (fp) {
+                        char buf[MAXBUF];
+                        while (fgets(buf, MAXBUF, fp)) {
+                                // remove \n
+                                char *ptr = strchr(buf, '\n');
+                                if (ptr)
+                                        *ptr = '\0';
+                                copy_libs(buf, RUN_LIB_DIR, RUN_LIB_FILE);
+                        }
+                }
+                fclose(fp);
+        }
+
         // for our trace and tracelog libs
         if (arg_trace)
                 duplicate(LIBDIR "/firejail/libtrace.so", RUN_LIB_DIR);