diff options
author | netblue30 <netblue30@yahoo.com> | 2018-08-29 07:35:28 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-08-29 07:35:28 -0400 |
commit | ec9ac7df45acdde1eaaec75b2e85c6ad22f6c1a6 (patch) | |
tree | 44309790dc138e59143d147dda63ea7afac4094d /src/firejail/fs_whitelist.c | |
parent | silence warning about failed unmounting of /sys (overlay options) (diff) | |
download | firejail-ec9ac7df45acdde1eaaec75b2e85c6ad22f6c1a6.tar.gz firejail-ec9ac7df45acdde1eaaec75b2e85c6ad22f6c1a6.tar.zst firejail-ec9ac7df45acdde1eaaec75b2e85c6ad22f6c1a6.zip |
cleanup
Diffstat (limited to 'src/firejail/fs_whitelist.c')
-rw-r--r-- | src/firejail/fs_whitelist.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index e983a071d..8a402f692 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -506,14 +506,18 @@ void fs_whitelist(void) { | |||
506 | // both path and absolute path are under /home | 506 | // both path and absolute path are under /home |
507 | if (strncmp(fname, cfg.homedir, strlen(cfg.homedir)) == 0) { | 507 | if (strncmp(fname, cfg.homedir, strlen(cfg.homedir)) == 0) { |
508 | // entire home directory is not allowed | 508 | // entire home directory is not allowed |
509 | if (*(fname + strlen(cfg.homedir)) != '/') | 509 | if (*(fname + strlen(cfg.homedir)) != '/') { |
510 | free(fname); | ||
510 | goto errexit; | 511 | goto errexit; |
512 | } | ||
511 | } | 513 | } |
512 | else { | 514 | else { |
513 | if (checkcfg(CFG_FOLLOW_SYMLINK_AS_USER)) { | 515 | if (checkcfg(CFG_FOLLOW_SYMLINK_AS_USER)) { |
514 | // check if the file is owned by the user | 516 | // check if the file is owned by the user |
515 | if (stat(fname, &s) == 0 && s.st_uid != getuid()) | 517 | if (stat(fname, &s) == 0 && s.st_uid != getuid()) { |
518 | free(fname); | ||
516 | goto errexit; | 519 | goto errexit; |
520 | } | ||
517 | } | 521 | } |
518 | } | 522 | } |
519 | } | 523 | } |