reverted back commit 22414ad - TOCTOU condition found by Martin Carpenter

2 files changed, 4 insertions, 13 deletions

diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 3413febcb..e1bac33f3 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -481,6 +481,7 @@ void fs_mnt(void) {
 
 
 void fs_cache(void) {
+#if 0
         if (arg_debug)
                 printf("Deploy ~/.cache tmpfs\n");
         char *cache;
@@ -488,6 +489,7 @@ void fs_cache(void) {
                 errExit("asprintf");
         disable_file(MOUNT_TMPFS, cache);
         free(cache);
+#endif
 }
 
 // mount /proc and /sys directories
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 4b3cab041..993acf2aa 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -970,19 +970,8 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                 ptr += 7;
         else if (strncmp(ptr, "tmpfs ", 6) == 0) {
                 if (getuid() != 0) {
-                        // allow a non-root user  to mount tmpfs in user home directory, links are not allowed
-                        invalid_filename(ptr + 6);
-                        char *newfname = expand_home(ptr + 6, cfg.homedir);
-                        assert(newfname);
-                        if (is_link(newfname)) {
-                                fprintf(stderr, "Error: for regular user, tmpfs is not available for symbolic links\n");
-                                exit(1);        
-                        }
-                        if (strncmp(newfname, cfg.homedir, strlen(cfg.homedir)) != 0) {
-                                fprintf(stderr, "Error: for regular user, tmpfs is available only for files in user home directory\n");
-                                exit(1);        
-                        }
-                        free(newfname);
+                        fprintf(stderr, "Error: tmpfs available only when running the sandbox as root\n");
+                        exit(1);
                 }
                 ptr += 6;
         }