diff options
-rw-r--r-- | src/firejail/fs.c | 26 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 2 | ||||
-rw-r--r-- | src/man/firejail.txt | 2 |
3 files changed, 13 insertions, 17 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 1fc1c0942..5b8093885 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -152,27 +152,24 @@ static char *create_empty_file(void) { | |||
152 | return RO_FILE; | 152 | return RO_FILE; |
153 | } | 153 | } |
154 | 154 | ||
155 | static void disable_file(OPERATION op, const char *fname, const char *emptydir, const char *emptyfile) { | 155 | static void disable_file(OPERATION op, const char *filename, const char *emptydir, const char *emptyfile) { |
156 | assert(fname); | 156 | assert(filename); |
157 | assert(emptydir); | 157 | assert(emptydir); |
158 | assert(emptyfile); | 158 | assert(emptyfile); |
159 | assert(op <OPERATION_MAX); | 159 | assert(op <OPERATION_MAX); |
160 | 160 | ||
161 | // if the file is a link, follow the link | 161 | // Resolve all symlinks |
162 | char *lnk = NULL; | 162 | char* fname = realpath(filename, NULL); |
163 | if (is_link(fname)) { | 163 | if (fname == NULL) { |
164 | lnk = get_link(fname); | 164 | printf("Warning: %s is an invalid file, skipping...\n", filename); |
165 | if (lnk) | 165 | return; |
166 | fname = lnk; | ||
167 | else | ||
168 | fprintf(stderr, "Warning: cannot follow link %s, skipping...\n", fname); | ||
169 | } | 166 | } |
170 | 167 | ||
171 | // if the file is not present, do nothing | 168 | // if the file is not present, do nothing |
172 | struct stat s; | 169 | struct stat s; |
173 | if (stat(fname, &s) == -1) { | 170 | if (stat(fname, &s) == -1) { |
174 | if (lnk) | 171 | printf("Warning: %s does not exist, skipping...\n", fname); |
175 | free(lnk); | 172 | free(fname); |
176 | return; | 173 | return; |
177 | } | 174 | } |
178 | 175 | ||
@@ -211,8 +208,7 @@ static void disable_file(OPERATION op, const char *fname, const char *emptydir, | |||
211 | else | 208 | else |
212 | assert(0); | 209 | assert(0); |
213 | 210 | ||
214 | if (lnk) | 211 | free(fname); |
215 | free(lnk); | ||
216 | } | 212 | } |
217 | 213 | ||
218 | static void globbing(OPERATION op, const char *fname, const char *emptydir, const char *emptyfile) { | 214 | static void globbing(OPERATION op, const char *fname, const char *emptydir, const char *emptyfile) { |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index ff265c198..4941d8b8b 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -130,7 +130,7 @@ Enable an user namespace without root user defined. | |||
130 | 130 | ||
131 | .SH Resource limits | 131 | .SH Resource limits |
132 | These profile entries define the limits on system resources (rlimits) for the processes inside the sandbox. | 132 | These profile entries define the limits on system resources (rlimits) for the processes inside the sandbox. |
133 | The limits can be modified inside the sandbox using the regular \fBulimt\fR command. Examples: | 133 | The limits can be modified inside the sandbox using the regular \fBulimit\fR command. Examples: |
134 | 134 | ||
135 | .TP | 135 | .TP |
136 | \f\rlimit-fsize 1024 | 136 | \f\rlimit-fsize 1024 |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 21310aebc..fe2a909c9 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -734,7 +734,7 @@ sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotif | |||
734 | .br | 734 | .br |
735 | Example: | 735 | Example: |
736 | .br | 736 | .br |
737 | $ firejail \-\-sccomp | 737 | $ firejail \-\-seccomp |
738 | .TP | 738 | .TP |
739 | \fB\-\-seccomp=syscall,syscall,syscall | 739 | \fB\-\-seccomp=syscall,syscall,syscall |
740 | Enable seccomp filter, blacklist the default list and the syscalls specified by the command. | 740 | Enable seccomp filter, blacklist the default list and the syscalls specified by the command. |