improve the previous fix: don't remount FUSE without permission

previous commit 3d35c039074cc11fbacf8de5bc8cb1a0952ceae4
issue #3277

1 files changed, 10 insertions, 5 deletions

diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index aa2852910..ed2cc86dc 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -482,8 +482,15 @@ static void fs_remount_simple(const char *path, OPERATION op) {
                 errExit("open");
         // identify file owner
         struct stat s;
-        if (fstat(fd, &s) == -1)
-                errExit("fstat");
+        if (fstat(fd, &s) == -1) {
+                // fstat can fail with EACCES if path is a FUSE mount,
+                // mounted without 'allow_root' or 'allow_other'
+                if (errno != EACCES)
+                        errExit("fstat");
+                fwarning("not remounting %s\n", path);
+                close(fd);
+                return;
+        }
         // get mount flags
         struct statvfs buf;
         if (fstatvfs(fd, &buf) == -1)
@@ -592,9 +599,7 @@ static void fs_remount_rec(const char *dir, OPERATION op) {
         // remount
         char **tmp = arr;
         while (*tmp) {
-                // FUSE submounts mounted without allow_root/allow_other break
-                // fs_remount_simple, sort them out by calling realpath first
-                fs_remount(*tmp, op, 0);
+                fs_remount_simple(*tmp, op);
                 free(*tmp++);
         }
         free(arr);