diff options
author | netblue30 <netblue30@yahoo.com> | 2017-08-30 11:08:37 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-08-30 11:08:37 -0400 |
commit | 12d64e7151e633f50e86b283c24cf85db7f1db41 (patch) | |
tree | d41ca03cfc415abf85bf7057258307ee448dd158 /src | |
parent | fix seccomp secondary filter printing on i386 platform (diff) | |
download | firejail-12d64e7151e633f50e86b283c24cf85db7f1db41.tar.gz firejail-12d64e7151e633f50e86b283c24cf85db7f1db41.tar.zst firejail-12d64e7151e633f50e86b283c24cf85db7f1db41.zip |
removed zsh from travis test suite, fixed handling of /dev/shm whitelist for Debian wheezy and Ubuntu 14.04
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs_whitelist.c | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 480df1766..dad8545a0 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -368,12 +368,12 @@ void fs_whitelist(void) { | |||
368 | // replace ~/ or ${HOME} into /home/username | 368 | // replace ~/ or ${HOME} into /home/username |
369 | new_name = expand_home(dataptr, cfg.homedir); | 369 | new_name = expand_home(dataptr, cfg.homedir); |
370 | assert(new_name); | 370 | assert(new_name); |
371 | if (arg_debug) | 371 | if (arg_debug || arg_debug_whitelists) |
372 | fprintf(stderr, "Debug %d: new_name #%s#, %s\n", __LINE__, new_name, (nowhitelist_flag)? "nowhitelist": "whitelist"); | 372 | fprintf(stderr, "Debug %d: new_name #%s#, %s\n", __LINE__, new_name, (nowhitelist_flag)? "nowhitelist": "whitelist"); |
373 | 373 | ||
374 | // valid path referenced to filesystem root | 374 | // valid path referenced to filesystem root |
375 | if (*new_name != '/') { | 375 | if (*new_name != '/') { |
376 | if (arg_debug) | 376 | if (arg_debug || arg_debug_whitelists) |
377 | fprintf(stderr, "Debug %d: \n", __LINE__); | 377 | fprintf(stderr, "Debug %d: \n", __LINE__); |
378 | goto errexit; | 378 | goto errexit; |
379 | } | 379 | } |
@@ -417,6 +417,8 @@ void fs_whitelist(void) { | |||
417 | entry->data = EMPTY_STRING; | 417 | entry->data = EMPTY_STRING; |
418 | continue; | 418 | continue; |
419 | } | 419 | } |
420 | else if (arg_debug_whitelists) | ||
421 | printf("real path %s\n", fname); | ||
420 | 422 | ||
421 | if (nowhitelist_flag) { | 423 | if (nowhitelist_flag) { |
422 | // store the path in nowhitelist array | 424 | // store the path in nowhitelist array |
@@ -501,9 +503,15 @@ void fs_whitelist(void) { | |||
501 | else if (strncmp(new_name, "/dev/", 5) == 0) { | 503 | else if (strncmp(new_name, "/dev/", 5) == 0) { |
502 | entry->dev_dir = 1; | 504 | entry->dev_dir = 1; |
503 | dev_dir = 1; | 505 | dev_dir = 1; |
504 | // both path and absolute path are under /dev | 506 | |
505 | if (strncmp(fname, "/dev/", 5) != 0) { | 507 | // special handling for /dev/shm |
506 | goto errexit; | 508 | // on some platforms (Debian wheezy, Ubuntu 14.04), it is a symlink to /run/shm |
509 | if (strcmp(new_name, "/dev/shm") == 0 && strcmp(fname, "/run/shm") == 0); | ||
510 | else { | ||
511 | // both path and absolute path are under /dev | ||
512 | if (strncmp(fname, "/dev/", 5) != 0) { | ||
513 | goto errexit; | ||
514 | } | ||
507 | } | 515 | } |
508 | } | 516 | } |
509 | else if (strncmp(new_name, "/opt/", 5) == 0) { | 517 | else if (strncmp(new_name, "/opt/", 5) == 0) { |
@@ -708,7 +716,6 @@ void fs_whitelist(void) { | |||
708 | } | 716 | } |
709 | 717 | ||
710 | 718 | ||
711 | |||
712 | // go through profile rules again, and interpret whitelist commands | 719 | // go through profile rules again, and interpret whitelist commands |
713 | entry = cfg.profile; | 720 | entry = cfg.profile; |
714 | while (entry) { | 721 | while (entry) { |