diff options
| author |  netblue30 <netblue30@yahoo.com> | 2015-11-17 10:41:52 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2015-11-17 10:41:52 -0500 |
| commit | c3bd40d2404319cca625ecc521a4514d27e8f76a (patch) | |
| tree | e26c188478bd45e28c44f58d33e8f06243410c88 /src | |
| parent | handle ~/.config/user-dirs.dirs (diff) | |
| download | firejail-c3bd40d2404319cca625ecc521a4514d27e8f76a.tar.gz firejail-c3bd40d2404319cca625ecc521a4514d27e8f76a.tar.zst firejail-c3bd40d2404319cca625ecc521a4514d27e8f76a.zip | |
allow mixing of whitelist and private
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/fs_whitelist.c | 10 | ||||
| -rw-r--r-- | src/firejail/sandbox.c | 8 |
2 files changed, 11 insertions, 7 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index fd2a29372..9203e3d00 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
| @@ -213,6 +213,15 @@ void fs_whitelist(void) { | |||
| 213 | 213 | ||
| 214 | // check for supported directories | 214 | // check for supported directories |
| 215 | if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0) { | 215 | if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0) { |
| 216 | // whitelisting home directory is disabled if --private or --private-home option is present | ||
| 217 | if (arg_private) { | ||
| 218 | if (arg_debug) | ||
| 219 | printf("Removed whitelist path %s, --private option is present\n", entry->data); | ||
| 220 | |||
| 221 | *entry->data = '\0'; | ||
| 222 | continue; | ||
| 223 | } | ||
| 224 | |||
| 216 | entry->home_dir = 1; | 225 | entry->home_dir = 1; |
| 217 | home_dir = 1; | 226 | home_dir = 1; |
| 218 | // both path and absolute path are under /home | 227 | // both path and absolute path are under /home |
| @@ -271,6 +280,7 @@ void fs_whitelist(void) { | |||
| 271 | 280 | ||
| 272 | // create mount points | 281 | // create mount points |
| 273 | fs_build_mnt_dir(); | 282 | fs_build_mnt_dir(); |
| 283 | |||
| 274 | 284 | ||
| 275 | // /home/user | 285 | // /home/user |
| 276 | if (home_dir) { | 286 | if (home_dir) { |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 384688b54..c105894bb 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
| @@ -354,13 +354,7 @@ int sandbox(void* sandbox_arg) { | |||
| 354 | //**************************** | 354 | //**************************** |
| 355 | if (cfg.profile) { | 355 | if (cfg.profile) { |
| 356 | // apply all whitelist commands ... | 356 | // apply all whitelist commands ... |
| 357 | if (arg_whitelist) { | 357 | fs_whitelist(); |
| 358 | // whitelist commands are disabled if --private or --private-home option is present | ||
| 359 | if (arg_private == 0) | ||
| 360 | fs_whitelist(); | ||
| 361 | else | ||
| 362 | fprintf(stderr, "Warning: whitelists disabled by private or private-home\n"); | ||
| 363 | } | ||
| 364 | 358 | ||
| 365 | // ... followed by blacklist commands | 359 | // ... followed by blacklist commands |
| 366 | fs_blacklist(); | 360 | fs_blacklist(); |