diff options
author | netblue30 <netblue30@yahoo.com> | 2016-04-20 09:03:27 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-04-20 09:03:27 -0400 |
commit | 4288f19e27005e559c0b75387738da831bf64035 (patch) | |
tree | 0f9fe890c30b8c171193860658fcee746766c3ca /src | |
parent | RELNOTES fix (diff) | |
download | firejail-4288f19e27005e559c0b75387738da831bf64035.tar.gz firejail-4288f19e27005e559c0b75387738da831bf64035.tar.zst firejail-4288f19e27005e559c0b75387738da831bf64035.zip |
fix: --private-etc and --writable-etc are mutually exclusive
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 9 | ||||
-rw-r--r-- | src/firejail/profile.c | 4 |
2 files changed, 13 insertions, 0 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 15720b4c6..0f7809fea 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1279,6 +1279,10 @@ int main(int argc, char **argv) { | |||
1279 | fprintf(stderr, "Error: --writable-etc is available only for root user\n"); | 1279 | fprintf(stderr, "Error: --writable-etc is available only for root user\n"); |
1280 | exit(1); | 1280 | exit(1); |
1281 | } | 1281 | } |
1282 | if (cfg.etc_private_keep) { | ||
1283 | fprintf(stderr, "Error: --private-etc and --writable-etc are mutually exclusive\n"); | ||
1284 | exit(1); | ||
1285 | } | ||
1282 | arg_writable_etc = 1; | 1286 | arg_writable_etc = 1; |
1283 | } | 1287 | } |
1284 | else if (strcmp(argv[i], "--writable-var") == 0) { | 1288 | else if (strcmp(argv[i], "--writable-var") == 0) { |
@@ -1304,6 +1308,11 @@ int main(int argc, char **argv) { | |||
1304 | arg_private_dev = 1; | 1308 | arg_private_dev = 1; |
1305 | } | 1309 | } |
1306 | else if (strncmp(argv[i], "--private-etc=", 14) == 0) { | 1310 | else if (strncmp(argv[i], "--private-etc=", 14) == 0) { |
1311 | if (arg_writable_etc) { | ||
1312 | fprintf(stderr, "Error: --private-etc and --writable-etc are mutually exclusive\n"); | ||
1313 | exit(1); | ||
1314 | } | ||
1315 | |||
1307 | // extract private etc list | 1316 | // extract private etc list |
1308 | cfg.etc_private_keep = argv[i] + 14; | 1317 | cfg.etc_private_keep = argv[i] + 14; |
1309 | if (*cfg.etc_private_keep == '\0') { | 1318 | if (*cfg.etc_private_keep == '\0') { |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 7ff7c7926..a2336090f 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -580,6 +580,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
580 | 580 | ||
581 | // private /etc list of files and directories | 581 | // private /etc list of files and directories |
582 | if (strncmp(ptr, "private-etc ", 12) == 0) { | 582 | if (strncmp(ptr, "private-etc ", 12) == 0) { |
583 | if (arg_writable_etc) { | ||
584 | fprintf(stderr, "Error: --private-etc and --writable-etc are mutually exclusive\n"); | ||
585 | exit(1); | ||
586 | } | ||
583 | cfg.etc_private_keep = ptr + 12; | 587 | cfg.etc_private_keep = ptr + 12; |
584 | fs_check_etc_list(); | 588 | fs_check_etc_list(); |
585 | if (*cfg.etc_private_keep != '\0') | 589 | if (*cfg.etc_private_keep != '\0') |