diff options
-rw-r--r-- | src/firejail/fs_whitelist.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 0b860c0d5..3377b2592 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -55,6 +55,13 @@ static int whitelist_mkpath(const char *parentdir, const char *relpath, mode_t m | |||
55 | if (parentfd < 0) | 55 | if (parentfd < 0) |
56 | errExit("open"); | 56 | errExit("open"); |
57 | 57 | ||
58 | // top level directory mount id | ||
59 | int mountid = get_mount_id(parentfd); | ||
60 | if (mountid < 0) { | ||
61 | close(parentfd); | ||
62 | return -1; | ||
63 | } | ||
64 | |||
58 | // work on a copy of the path | 65 | // work on a copy of the path |
59 | char *dup = strdup(relpath); | 66 | char *dup = strdup(relpath); |
60 | if (!dup) | 67 | if (!dup) |
@@ -95,6 +102,15 @@ static int whitelist_mkpath(const char *parentdir, const char *relpath, mode_t m | |||
95 | free(dup); | 102 | free(dup); |
96 | return -1; | 103 | return -1; |
97 | } | 104 | } |
105 | // different mount id indicates earlier whitelist mount | ||
106 | if (get_mount_id(fd) != mountid) { | ||
107 | if (arg_debug || arg_debug_whitelists) | ||
108 | printf("Debug %d: whitelisted already\n", __LINE__); | ||
109 | close(parentfd); | ||
110 | close(fd); | ||
111 | free(dup); | ||
112 | return -1; | ||
113 | } | ||
98 | // move on to next path segment | 114 | // move on to next path segment |
99 | close(parentfd); | 115 | close(parentfd); |
100 | parentfd = fd; | 116 | parentfd = fd; |