diff options
author | netblue30 <netblue30@yahoo.com> | 2017-03-10 10:17:00 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-03-10 10:17:00 -0500 |
commit | 22414adf2a79b08a77bacbc002fb6ebb126d5b32 (patch) | |
tree | 4a00f60c09c0c78f288f748b1e909552515add60 /src | |
parent | config support to disable access to /mnt and /media (diff) | |
download | firejail-22414adf2a79b08a77bacbc002fb6ebb126d5b32.tar.gz firejail-22414adf2a79b08a77bacbc002fb6ebb126d5b32.tar.zst firejail-22414adf2a79b08a77bacbc002fb6ebb126d5b32.zip |
allow tmpfs for regular users for files in home directory
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/profile.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index c4feadad0..d5d62e929 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -970,8 +970,19 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
970 | ptr += 7; | 970 | ptr += 7; |
971 | else if (strncmp(ptr, "tmpfs ", 6) == 0) { | 971 | else if (strncmp(ptr, "tmpfs ", 6) == 0) { |
972 | if (getuid() != 0) { | 972 | if (getuid() != 0) { |
973 | fprintf(stderr, "Error: tmpfs available only when running the sandbox as root\n"); | 973 | // allow a non-root user to mount tmpfs in user home directory, links are not allowed |
974 | exit(1); | 974 | invalid_filename(ptr + 6); |
975 | char *newfname = expand_home(ptr + 6, cfg.homedir); | ||
976 | assert(newfname); | ||
977 | if (is_link(newfname)) { | ||
978 | fprintf(stderr, "Error: for regular user, tmpfs is not available for symbolic links\n"); | ||
979 | exit(1); | ||
980 | } | ||
981 | if (strncmp(newfname, cfg.homedir, strlen(cfg.homedir)) != 0) { | ||
982 | fprintf(stderr, "Error: for regular user, tmpfs is available only for files in user home directory\n"); | ||
983 | exit(1); | ||
984 | } | ||
985 | free(newfname); | ||
975 | } | 986 | } |
976 | ptr += 6; | 987 | ptr += 6; |
977 | } | 988 | } |