diff options
author | smitsohu <smitsohu@gmail.com> | 2020-03-14 23:46:05 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-03-14 23:46:05 +0100 |
commit | 4615457c7b0ae0164687adf29579542927393619 (patch) | |
tree | 41326507eca0f7a11c5b874266c6807eac47be61 /src | |
parent | tentative: don't remount FUSE without permission (diff) | |
download | firejail-4615457c7b0ae0164687adf29579542927393619.tar.gz firejail-4615457c7b0ae0164687adf29579542927393619.tar.zst firejail-4615457c7b0ae0164687adf29579542927393619.zip |
improve the previous fix: don't remount FUSE without permission
previous commit 3d35c039074cc11fbacf8de5bc8cb1a0952ceae4
issue #3277
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index aa2852910..ed2cc86dc 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -482,8 +482,15 @@ static void fs_remount_simple(const char *path, OPERATION op) { | |||
482 | errExit("open"); | 482 | errExit("open"); |
483 | // identify file owner | 483 | // identify file owner |
484 | struct stat s; | 484 | struct stat s; |
485 | if (fstat(fd, &s) == -1) | 485 | if (fstat(fd, &s) == -1) { |
486 | errExit("fstat"); | 486 | // fstat can fail with EACCES if path is a FUSE mount, |
487 | // mounted without 'allow_root' or 'allow_other' | ||
488 | if (errno != EACCES) | ||
489 | errExit("fstat"); | ||
490 | fwarning("not remounting %s\n", path); | ||
491 | close(fd); | ||
492 | return; | ||
493 | } | ||
487 | // get mount flags | 494 | // get mount flags |
488 | struct statvfs buf; | 495 | struct statvfs buf; |
489 | if (fstatvfs(fd, &buf) == -1) | 496 | if (fstatvfs(fd, &buf) == -1) |
@@ -592,9 +599,7 @@ static void fs_remount_rec(const char *dir, OPERATION op) { | |||
592 | // remount | 599 | // remount |
593 | char **tmp = arr; | 600 | char **tmp = arr; |
594 | while (*tmp) { | 601 | while (*tmp) { |
595 | // FUSE submounts mounted without allow_root/allow_other break | 602 | fs_remount_simple(*tmp, op); |
596 | // fs_remount_simple, sort them out by calling realpath first | ||
597 | fs_remount(*tmp, op, 0); | ||
598 | free(*tmp++); | 603 | free(*tmp++); |
599 | } | 604 | } |
600 | free(arr); | 605 | free(arr); |