diff options
-rw-r--r-- | src/firejail/fs_whitelist.c | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 6cc0a3b2b..21fa8e624 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -402,7 +402,19 @@ void fs_whitelist(void) { | |||
402 | 402 | ||
403 | // extract the absolute path of the file | 403 | // extract the absolute path of the file |
404 | // realpath function will fail with ENOENT if the file is not found | 404 | // realpath function will fail with ENOENT if the file is not found |
405 | char *fname = realpath(new_name, NULL); | 405 | // special processing for /dev/fd, /dev/stdin, /dev/stdout and /dev/stderr |
406 | char *fname; | ||
407 | if (strcmp(new_name, "/dev/fd") == 0) | ||
408 | fname = strdup("/proc/self/fd"); | ||
409 | else if (strcmp(new_name, "/dev/stdin") == 0) | ||
410 | fname = strdup("/proc/self/fd/0"); | ||
411 | else if (strcmp(new_name, "/dev/stdout") == 0) | ||
412 | fname = strdup("/proc/self/fd/1"); | ||
413 | else if (strcmp(new_name, "/dev/stderr") == 0) | ||
414 | fname = strdup("/proc/self/fd/2"); | ||
415 | else | ||
416 | fname = realpath(new_name, NULL); | ||
417 | |||
406 | if (!fname) { | 418 | if (!fname) { |
407 | // file not found, blank the entry in the list and continue | 419 | // file not found, blank the entry in the list and continue |
408 | if (arg_debug || arg_debug_whitelists) { | 420 | if (arg_debug || arg_debug_whitelists) { |
@@ -533,6 +545,11 @@ void fs_whitelist(void) { | |||
533 | // special handling for /dev/shm | 545 | // special handling for /dev/shm |
534 | // on some platforms (Debian wheezy, Ubuntu 14.04), it is a symlink to /run/shm | 546 | // on some platforms (Debian wheezy, Ubuntu 14.04), it is a symlink to /run/shm |
535 | if (strcmp(new_name, "/dev/shm") == 0 && strcmp(fname, "/run/shm") == 0); | 547 | if (strcmp(new_name, "/dev/shm") == 0 && strcmp(fname, "/run/shm") == 0); |
548 | // special processing for /proc/self/fd files | ||
549 | else if (strcmp(new_name, "/dev/fd") == 0 && strcmp(fname, "/proc/self/fd") == 0); | ||
550 | else if (strcmp(new_name, "/dev/stdin") == 0 && strcmp(fname, "/proc/self/fd/0") == 0); | ||
551 | else if (strcmp(new_name, "/dev/stdout") == 0 && strcmp(fname, "/proc/self/fd/1") == 0); | ||
552 | else if (strcmp(new_name, "/dev/stderr") == 0 && strcmp(fname, "/proc/self/fd/2") == 0); | ||
536 | else { | 553 | else { |
537 | // both path and absolute path are under /dev | 554 | // both path and absolute path are under /dev |
538 | if (strncmp(fname, "/dev/", 5) != 0) { | 555 | if (strncmp(fname, "/dev/", 5) != 0) { |