diff options
author | netblue30 <netblue30@yahoo.com> | 2015-11-17 10:41:52 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-11-17 10:41:52 -0500 |
commit | c3bd40d2404319cca625ecc521a4514d27e8f76a (patch) | |
tree | e26c188478bd45e28c44f58d33e8f06243410c88 /src | |
parent | handle ~/.config/user-dirs.dirs (diff) | |
download | firejail-c3bd40d2404319cca625ecc521a4514d27e8f76a.tar.gz firejail-c3bd40d2404319cca625ecc521a4514d27e8f76a.tar.zst firejail-c3bd40d2404319cca625ecc521a4514d27e8f76a.zip |
allow mixing of whitelist and private
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs_whitelist.c | 10 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 8 |
2 files changed, 11 insertions, 7 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index fd2a29372..9203e3d00 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -213,6 +213,15 @@ void fs_whitelist(void) { | |||
213 | 213 | ||
214 | // check for supported directories | 214 | // check for supported directories |
215 | if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0) { | 215 | if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0) { |
216 | // whitelisting home directory is disabled if --private or --private-home option is present | ||
217 | if (arg_private) { | ||
218 | if (arg_debug) | ||
219 | printf("Removed whitelist path %s, --private option is present\n", entry->data); | ||
220 | |||
221 | *entry->data = '\0'; | ||
222 | continue; | ||
223 | } | ||
224 | |||
216 | entry->home_dir = 1; | 225 | entry->home_dir = 1; |
217 | home_dir = 1; | 226 | home_dir = 1; |
218 | // both path and absolute path are under /home | 227 | // both path and absolute path are under /home |
@@ -271,6 +280,7 @@ void fs_whitelist(void) { | |||
271 | 280 | ||
272 | // create mount points | 281 | // create mount points |
273 | fs_build_mnt_dir(); | 282 | fs_build_mnt_dir(); |
283 | |||
274 | 284 | ||
275 | // /home/user | 285 | // /home/user |
276 | if (home_dir) { | 286 | if (home_dir) { |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 384688b54..c105894bb 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -354,13 +354,7 @@ int sandbox(void* sandbox_arg) { | |||
354 | //**************************** | 354 | //**************************** |
355 | if (cfg.profile) { | 355 | if (cfg.profile) { |
356 | // apply all whitelist commands ... | 356 | // apply all whitelist commands ... |
357 | if (arg_whitelist) { | 357 | fs_whitelist(); |
358 | // whitelist commands are disabled if --private or --private-home option is present | ||
359 | if (arg_private == 0) | ||
360 | fs_whitelist(); | ||
361 | else | ||
362 | fprintf(stderr, "Warning: whitelists disabled by private or private-home\n"); | ||
363 | } | ||
364 | 358 | ||
365 | // ... followed by blacklist commands | 359 | // ... followed by blacklist commands |
366 | fs_blacklist(); | 360 | fs_blacklist(); |