fix: --private-etc and --writable-etc are mutually exclusive

author: netblue30 <netblue30@yahoo.com> 2016-04-20 09:03:27 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-04-20 09:03:27 -0400
commit: 4288f19e27005e559c0b75387738da831bf64035 (patch)
tree: 0f9fe890c30b8c171193860658fcee746766c3ca /src
parent: RELNOTES fix (diff)
download: firejail-4288f19e27005e559c0b75387738da831bf64035.tar.gz
firejail-4288f19e27005e559c0b75387738da831bf64035.tar.zst
firejail-4288f19e27005e559c0b75387738da831bf64035.zip
2 files changed, 13 insertions, 0 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 15720b4c6..0f7809fea 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1279,6 +1279,10 @@ int main(int argc, char **argv) {
                                fprintf(stderr, "Error: --writable-etc is available only for root user\n");
                                exit(1);
                        }
+                        if (cfg.etc_private_keep) {
+                                fprintf(stderr, "Error: --private-etc and --writable-etc are mutually exclusive\n");
+                                exit(1);
+                        }
                        arg_writable_etc = 1;
                }
                else if (strcmp(argv[i], "--writable-var") == 0) {
@@ -1304,6 +1308,11 @@ int main(int argc, char **argv) {
                        arg_private_dev = 1;
                }
                else if (strncmp(argv[i], "--private-etc=", 14) == 0) {
+                        if (arg_writable_etc) {
+                                fprintf(stderr, "Error: --private-etc and --writable-etc are mutually exclusive\n");
+                                exit(1);
+                        }
+                        
                        // extract private etc list
                        cfg.etc_private_keep = argv[i] + 14;
                        if (*cfg.etc_private_keep == '\0') {
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 7ff7c7926..a2336090f 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -580,6 +580,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
        // private /etc list of files and directories
        if (strncmp(ptr, "private-etc ", 12) == 0) {
+                if (arg_writable_etc) {
+                        fprintf(stderr, "Error: --private-etc and --writable-etc are mutually exclusive\n");
+                        exit(1);
+                }
                cfg.etc_private_keep = ptr + 12;
                fs_check_etc_list();
                if (*cfg.etc_private_keep != '\0')
author	netblue30 <netblue30@yahoo.com>	2016-04-20 09:03:27 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-04-20 09:03:27 -0400
commit	4288f19e27005e559c0b75387738da831bf64035 (patch)
tree	0f9fe890c30b8c171193860658fcee746766c3ca /src
parent	RELNOTES fix (diff)
download	firejail-4288f19e27005e559c0b75387738da831bf64035.tar.gz firejail-4288f19e27005e559c0b75387738da831bf64035.tar.zst firejail-4288f19e27005e559c0b75387738da831bf64035.zip