bug: disable whitelists if private home options are present

author: netblue30 <netblue30@yahoo.com> 2015-10-24 21:22:18 -0400
committer: netblue30 <netblue30@yahoo.com> 2015-10-24 21:22:18 -0400
commit: a1a651d9eaed37b5ebf644908ca5a91ba119b7d9 (patch)
tree: 50d8c2fb1a88ee42ef97486d4d627e3b4f62d330 /src
parent: Copyright headers (diff)
download: firejail-a1a651d9eaed37b5ebf644908ca5a91ba119b7d9.tar.gz
firejail-a1a651d9eaed37b5ebf644908ca5a91ba119b7d9.tar.zst
firejail-a1a651d9eaed37b5ebf644908ca5a91ba119b7d9.zip
1 files changed, 8 insertions, 3 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 51ca2daf5..6075fe23e 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -237,9 +237,14 @@ int sandbox(void* sandbox_arg) {
        //****************************
        if (cfg.profile) {
                // apply all whitelist commands ... 
-                if (arg_whitelist)
+                if (arg_whitelist) {
-                        fs_whitelist();
+                        // whitelist commands are disabled if --private or --private-home option is present
+                        if (arg_private == 0)
+                                fs_whitelist();
+                        else
+                                fprintf(stderr, "Warning: whitelists disabled by private or private-home\n");
+                }
+                
                // ... followed by blacklist commands
                fs_blacklist();
        }
author	netblue30 <netblue30@yahoo.com>	2015-10-24 21:22:18 -0400
committer	netblue30 <netblue30@yahoo.com>	2015-10-24 21:22:18 -0400
commit	a1a651d9eaed37b5ebf644908ca5a91ba119b7d9 (patch)
tree	50d8c2fb1a88ee42ef97486d4d627e3b4f62d330 /src
parent	Copyright headers (diff)
download	firejail-a1a651d9eaed37b5ebf644908ca5a91ba119b7d9.tar.gz firejail-a1a651d9eaed37b5ebf644908ca5a91ba119b7d9.tar.zst firejail-a1a651d9eaed37b5ebf644908ca5a91ba119b7d9.zip

diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 51ca2daf5..6075fe23e 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c
@@ -237,9 +237,14 @@ int sandbox(void* sandbox_arg) {
237	//****************************	237	//****************************
238	if (cfg.profile) {	238	if (cfg.profile) {
239	// apply all whitelist commands ...	239	// apply all whitelist commands ...
240	if (arg_whitelist)	240	if (arg_whitelist) {
241	fs_whitelist();	241	// whitelist commands are disabled if --private or --private-home option is present
242		242	if (arg_private == 0)
		243	fs_whitelist();
		244	else
		245	fprintf(stderr, "Warning: whitelists disabled by private or private-home\n");
		246	}
		247
243	// ... followed by blacklist commands	248	// ... followed by blacklist commands
244	fs_blacklist();	249	fs_blacklist();
245	}	250	}