diff options
author | netblue30 <netblue30@yahoo.com> | 2015-08-28 12:38:03 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-08-28 12:38:03 -0400 |
commit | 7e30149e2e1d31c764673273a7e27cb38f67687d (patch) | |
tree | 3a87c36a8b1287c8454494e9279b057decf113ef /src | |
parent | fix firejail-in-firejail again (diff) | |
download | firejail-7e30149e2e1d31c764673273a7e27cb38f67687d.tar.gz firejail-7e30149e2e1d31c764673273a7e27cb38f67687d.tar.zst firejail-7e30149e2e1d31c764673273a7e27cb38f67687d.zip |
don't blacklist directory links, print a warning
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index f4384faf7..1cfdbaea7 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -153,15 +153,20 @@ static void disable_file(OPERATION op, const char *filename, const char *emptydi | |||
153 | 153 | ||
154 | // modify the file | 154 | // modify the file |
155 | if (op == BLACKLIST_FILE) { | 155 | if (op == BLACKLIST_FILE) { |
156 | if (arg_debug) | 156 | // some distros put all executables under /usr/bin and make /bin a symbolic link |
157 | printf("Disable %s\n", fname); | 157 | if (is_link(filename) && S_ISDIR(s.st_mode)) |
158 | if (S_ISDIR(s.st_mode)) { | 158 | fprintf(stderr, "Warning: %s directory link was not blacklisted\n", filename); |
159 | if (mount(emptydir, fname, "none", MS_BIND, "mode=400,gid=0") < 0) | ||
160 | errExit("disable file"); | ||
161 | } | ||
162 | else { | 159 | else { |
163 | if (mount(emptyfile, fname, "none", MS_BIND, "mode=400,gid=0") < 0) | 160 | if (arg_debug) |
164 | errExit("disable file"); | 161 | printf("Disable %s\n", fname); |
162 | if (S_ISDIR(s.st_mode)) { | ||
163 | if (mount(emptydir, fname, "none", MS_BIND, "mode=400,gid=0") < 0) | ||
164 | errExit("disable file"); | ||
165 | } | ||
166 | else { | ||
167 | if (mount(emptyfile, fname, "none", MS_BIND, "mode=400,gid=0") < 0) | ||
168 | errExit("disable file"); | ||
169 | } | ||
165 | } | 170 | } |
166 | } | 171 | } |
167 | else if (op == MOUNT_READONLY) { | 172 | else if (op == MOUNT_READONLY) { |