rewrite/partial revert of 8bff773d6a7bf70c97b3d5b751df9ec0dd6c8b5d

the commit in question introduced an early check of Firejail configuration
file, which broke "firejail in firejail" for some sandboxes.

see issue #2877

3 files changed, 10 insertions, 21 deletions

diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index 84054fe76..f94b95d60 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -50,7 +50,6 @@ int checkcfg(int val) {
                 cfg_val[CFG_DISABLE_MNT] = 0;
                 cfg_val[CFG_ARP_PROBES] = DEFAULT_ARP_PROBES;
                 cfg_val[CFG_XPRA_ATTACH] = 0;
-                cfg_val[CFG_HOMEDIR_SYMLINK] = 0;
 
                 // open configuration file
                 const char *fname = SYSCONFDIR "/firejail.config";
@@ -86,7 +85,6 @@ int checkcfg(int val) {
                         ptr = line_remove_spaces(buf);
                         if (!ptr)
                                 continue;
-                        PARSE_YESNO(CFG_HOMEDIR_SYMLINK, "homedir-symlink")
                         PARSE_YESNO(CFG_FILE_TRANSFER, "file-transfer")
                         PARSE_YESNO(CFG_DBUS, "dbus")
                         PARSE_YESNO(CFG_JOIN, "join")
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index d547f9840..14cad4190 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -722,7 +722,6 @@ enum {
         CFG_PRIVATE_CACHE,
         CFG_CGROUP,
         CFG_NAME_CHANGE,
-        CFG_HOMEDIR_SYMLINK,
         // CFG_FILE_COPY_LIMIT - file copy limit handled using setenv/getenv
         CFG_MAX // this should always be the last entry
 };
diff --git a/src/firejail/main.c b/src/firejail/main.c
index f5785ff50..9f44c6281 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -259,25 +259,17 @@ static int has_link(const char *dir) {
         return 0;
 }
 
-static void build_cfg_homedir(const char *dir) {
-        EUID_ASSERT();
-        assert(dir);
-        if (dir[0] != '/' || dir[1] == '\0') { // system users sometimes have root directory as home
-                fprintf(stderr, "Error: invalid user directory \"%s\"\n", dir);
+static void check_homedir(void) {
+        assert(cfg.homedir);
+        if (cfg.homedir[0] != '/' || cfg.homedir[1] == '\0') { // system users sometimes have root directory as home
+                fprintf(stderr, "Error: invalid user directory \"%s\"\n", cfg.homedir);
                 exit(1);
         }
-        // symlinks are rejected in many places, offer a solution for home directories
-        if (checkcfg(CFG_HOMEDIR_SYMLINK)) {
-                cfg.homedir = realpath(dir, NULL);
-                if (cfg.homedir)
-                        return;
+        // symlinks are rejected in many places
+        if (has_link(cfg.homedir)) {
+                fprintf(stderr, "No full support for symbolic links in path of user directory.\n"
+                        "Please provide resolved path in password database (/etc/passwd).\n\n");
         }
-        else if (has_link(dir)) {
-                fwarning("no full support for symbolic links in path of user directory.\n"
-                        "Please provide resolved path in password database (/etc/passwd)\n"
-                        "or enable symbolic link resolution in Firejail configuration file.\n\n");
-        }
-        cfg.homedir = clean_pathname(dir);
 }
 
 // init configuration
@@ -323,8 +315,8 @@ static void init_cfg(int argc, char **argv) {
                 fprintf(stderr, "Error: user %s doesn't have a user directory assigned\n", cfg.username);
                 exit(1);
         }
-        build_cfg_homedir(pw->pw_dir);
-        assert(cfg.homedir);
+        cfg.homedir = clean_pathname(pw->pw_dir);
+        check_homedir();
 
         // initialize random number generator
         sandbox_pid = getpid();