diff options
| author |  smitsohu <smitsohu@gmail.com> | 2020-11-19 01:28:35 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2020-11-19 01:28:35 +0100 |
| commit | 26fb154b792891097419c374fa8c124fc4de4473 (patch) | |
| tree | 62dd7feee9e8665102d871199993d8c5e43e2e76 /src | |
| parent | Merge pull request #3746 from netblue30/private-lib-fcopy (diff) | |
| download | firejail-26fb154b792891097419c374fa8c124fc4de4473.tar.gz firejail-26fb154b792891097419c374fa8c124fc4de4473.tar.zst firejail-26fb154b792891097419c374fa8c124fc4de4473.zip | |
add macro, globbing support to --tmpfs option
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/fs.c | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 76ec102c3..65f53bf76 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
| @@ -162,6 +162,12 @@ static void disable_file(OPERATION op, const char *filename) { | |||
| 162 | } | 162 | } |
| 163 | else if (op == MOUNT_TMPFS) { | 163 | else if (op == MOUNT_TMPFS) { |
| 164 | if (S_ISDIR(s.st_mode)) { | 164 | if (S_ISDIR(s.st_mode)) { |
| 165 | if (getuid() && | ||
| 166 | (strncmp(cfg.homedir, fname, strlen(cfg.homedir)) != 0 || | ||
| 167 | fname[strlen(cfg.homedir)] != '/')) { | ||
| 168 | fprintf(stderr, "Error: tmpfs outside $HOME is only available for root\n"); | ||
| 169 | exit(1); | ||
| 170 | } | ||
| 165 | fs_tmpfs(fname, getuid()); | 171 | fs_tmpfs(fname, getuid()); |
| 166 | last_disable = SUCCESSFUL; | 172 | last_disable = SUCCESSFUL; |
| 167 | } | 173 | } |
| @@ -366,14 +372,6 @@ void fs_blacklist(void) { | |||
| 366 | else if (strncmp(entry->data, "tmpfs ", 6) == 0) { | 372 | else if (strncmp(entry->data, "tmpfs ", 6) == 0) { |
| 367 | ptr = entry->data + 6; | 373 | ptr = entry->data + 6; |
| 368 | op = MOUNT_TMPFS; | 374 | op = MOUNT_TMPFS; |
| 369 | char *resolved_path = realpath(ptr, NULL); | ||
| 370 | if (!resolved_path || strncmp(cfg.homedir, resolved_path, strlen(cfg.homedir)) != 0) { | ||
| 371 | if (getuid() != 0) { | ||
| 372 | fprintf(stderr, "Error: tmpfs outside $HOME is only available for root\n"); | ||
| 373 | exit(1); | ||
| 374 | } | ||
| 375 | } | ||
| 376 | free(resolved_path); | ||
| 377 | } | 375 | } |
| 378 | else if (strncmp(entry->data, "mkdir ", 6) == 0) { | 376 | else if (strncmp(entry->data, "mkdir ", 6) == 0) { |
| 379 | EUID_USER(); | 377 | EUID_USER(); |