fix gvfs bug

author: netblue30 <netblue30@yahoo.com> 2016-01-21 12:03:16 -0500
committer: netblue30 <netblue30@yahoo.com> 2016-01-21 12:03:16 -0500
commit: dfdf8603e231b73e502e080176dd763d4ecb43d2 (patch)
tree: a1736a0cd98392a97d96d5832545f87ed9decb20 /src
parent: whitelist fix (diff)
download: firejail-dfdf8603e231b73e502e080176dd763d4ecb43d2.tar.gz
firejail-dfdf8603e231b73e502e080176dd763d4ecb43d2.tar.zst
firejail-dfdf8603e231b73e502e080176dd763d4ecb43d2.zip
1 files changed, 30 insertions, 1 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index cef1cc68b..50e55f868 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -181,11 +181,40 @@ static void disable_file(OPERATION op, const char *filename) {
        
        // Resolve all symlinks
        char* fname = realpath(filename, NULL);
-        if (fname == NULL) {
+        if (fname == NULL && errno != EACCES) {
                if (arg_debug)
                        printf("Warning: %s is an invalid file, skipping...\n", filename);
                return;
        }
+        if (fname == NULL && errno == EACCES) {
+                if (arg_debug)
+                        printf("Debug: no access to file %s, forcing mount\n", filename);
+                // realpath and stat funtions will fail on FUSE filesystems
+                // they don't seem to like a uid of 0
+                // force mounting
+                int rv = mount(RUN_RO_DIR, filename, "none", MS_BIND, "mode=400,gid=0");
+                if (rv == 0)
+                        last_disable = SUCCESSFUL;
+                else {
+                        rv = mount(RUN_RO_FILE, filename, "none", MS_BIND, "mode=400,gid=0");
+                        if (rv == 0)
+                                last_disable = SUCCESSFUL;
+                }
+                if (last_disable == SUCCESSFUL) {
+                        if (arg_debug)
+                                printf("Disable %s\n", filename);
+                        if (op == BLACKLIST_FILE)
+                                fs_logger2("blacklist", filename);
+                        else
+                                fs_logger2("blacklist-nolog", filename);
+                }
+                else {
+                        if (arg_debug)
+                                printf("Warning: %s is an invalid file, skipping...\n", filename);
+                }
+                                
+                return;
+        }
        
        // if the file is not present, do nothing
        struct stat s;
author	netblue30 <netblue30@yahoo.com>	2016-01-21 12:03:16 -0500
committer	netblue30 <netblue30@yahoo.com>	2016-01-21 12:03:16 -0500
commit	dfdf8603e231b73e502e080176dd763d4ecb43d2 (patch)
tree	a1736a0cd98392a97d96d5832545f87ed9decb20 /src
parent	whitelist fix (diff)
download	firejail-dfdf8603e231b73e502e080176dd763d4ecb43d2.tar.gz firejail-dfdf8603e231b73e502e080176dd763d4ecb43d2.tar.zst firejail-dfdf8603e231b73e502e080176dd763d4ecb43d2.zip

diff --git a/src/firejail/fs.c b/src/firejail/fs.c index cef1cc68b..50e55f868 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c
@@ -181,11 +181,40 @@ static void disable_file(OPERATION op, const char *filename) {
181		181
182	// Resolve all symlinks	182	// Resolve all symlinks
183	char* fname = realpath(filename, NULL);	183	char* fname = realpath(filename, NULL);
184	if (fname == NULL) {	184	if (fname == NULL && errno != EACCES) {
185	if (arg_debug)	185	if (arg_debug)
186	printf("Warning: %s is an invalid file, skipping...\n", filename);	186	printf("Warning: %s is an invalid file, skipping...\n", filename);
187	return;	187	return;
188	}	188	}
		189	if (fname == NULL && errno == EACCES) {
		190	if (arg_debug)
		191	printf("Debug: no access to file %s, forcing mount\n", filename);
		192	// realpath and stat funtions will fail on FUSE filesystems
		193	// they don't seem to like a uid of 0
		194	// force mounting
		195	int rv = mount(RUN_RO_DIR, filename, "none", MS_BIND, "mode=400,gid=0");
		196	if (rv == 0)
		197	last_disable = SUCCESSFUL;
		198	else {
		199	rv = mount(RUN_RO_FILE, filename, "none", MS_BIND, "mode=400,gid=0");
		200	if (rv == 0)
		201	last_disable = SUCCESSFUL;
		202	}
		203	if (last_disable == SUCCESSFUL) {
		204	if (arg_debug)
		205	printf("Disable %s\n", filename);
		206	if (op == BLACKLIST_FILE)
		207	fs_logger2("blacklist", filename);
		208	else
		209	fs_logger2("blacklist-nolog", filename);
		210	}
		211	else {
		212	if (arg_debug)
		213	printf("Warning: %s is an invalid file, skipping...\n", filename);
		214	}
		215
		216	return;
		217	}
189		218
190	// if the file is not present, do nothing	219	// if the file is not present, do nothing
191	struct stat s;	220	struct stat s;