aboutsummaryrefslogtreecommitdiffstats
path: root/src/firejail/fs_whitelist.c
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2018-08-29 07:35:28 -0400
committerLibravatar netblue30 <netblue30@yahoo.com>2018-08-29 07:35:28 -0400
commitec9ac7df45acdde1eaaec75b2e85c6ad22f6c1a6 (patch)
tree44309790dc138e59143d147dda63ea7afac4094d /src/firejail/fs_whitelist.c
parentsilence warning about failed unmounting of /sys (overlay options) (diff)
downloadfirejail-ec9ac7df45acdde1eaaec75b2e85c6ad22f6c1a6.tar.gz
firejail-ec9ac7df45acdde1eaaec75b2e85c6ad22f6c1a6.tar.zst
firejail-ec9ac7df45acdde1eaaec75b2e85c6ad22f6c1a6.zip
cleanup
Diffstat (limited to 'src/firejail/fs_whitelist.c')
-rw-r--r--src/firejail/fs_whitelist.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index e983a071d..8a402f692 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -506,14 +506,18 @@ void fs_whitelist(void) {
506 // both path and absolute path are under /home 506 // both path and absolute path are under /home
507 if (strncmp(fname, cfg.homedir, strlen(cfg.homedir)) == 0) { 507 if (strncmp(fname, cfg.homedir, strlen(cfg.homedir)) == 0) {
508 // entire home directory is not allowed 508 // entire home directory is not allowed
509 if (*(fname + strlen(cfg.homedir)) != '/') 509 if (*(fname + strlen(cfg.homedir)) != '/') {
510 free(fname);
510 goto errexit; 511 goto errexit;
512 }
511 } 513 }
512 else { 514 else {
513 if (checkcfg(CFG_FOLLOW_SYMLINK_AS_USER)) { 515 if (checkcfg(CFG_FOLLOW_SYMLINK_AS_USER)) {
514 // check if the file is owned by the user 516 // check if the file is owned by the user
515 if (stat(fname, &s) == 0 && s.st_uid != getuid()) 517 if (stat(fname, &s) == 0 && s.st_uid != getuid()) {
518 free(fname);
516 goto errexit; 519 goto errexit;
520 }
517 } 521 }
518 } 522 }
519 } 523 }
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-07 14:35:40 +0000