diff options
-rw-r--r-- | src/fcopy/main.c | 9 | ||||
-rw-r--r-- | src/firejail/fs_etc.c | 9 |
2 files changed, 8 insertions, 10 deletions
diff --git a/src/fcopy/main.c b/src/fcopy/main.c index 4be35e23f..c64d20127 100644 --- a/src/fcopy/main.c +++ b/src/fcopy/main.c | |||
@@ -402,15 +402,6 @@ static void duplicate_link(const char *src, const char *dest, struct stat *s) { | |||
402 | gid_t gid = s->st_gid; | 402 | gid_t gid = s->st_gid; |
403 | mode_t mode = s->st_mode; | 403 | mode_t mode = s->st_mode; |
404 | 404 | ||
405 | // NixOS problem #4887: | ||
406 | // /etc/fonts is a double symlink to a directory - copy the files instead of copying the symlink | ||
407 | if (strcmp(src, "/etc/fonts") == 0) { | ||
408 | duplicate_dir(src, dest, s); | ||
409 | free(rsrc); | ||
410 | free(rdest); | ||
411 | return; | ||
412 | } | ||
413 | |||
414 | // build destination file name | 405 | // build destination file name |
415 | char *name; | 406 | char *name; |
416 | // char *ptr = strrchr(rsrc, '/'); | 407 | // char *ptr = strrchr(rsrc, '/'); |
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index 786e0d360..deaee31bb 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c | |||
@@ -165,7 +165,14 @@ static void duplicate(const char *fname, const char *private_dir, const char *pr | |||
165 | errExit("asprintf"); | 165 | errExit("asprintf"); |
166 | 166 | ||
167 | build_dirs(src, dst, strlen(private_dir), strlen(private_run_dir)); | 167 | build_dirs(src, dst, strlen(private_dir), strlen(private_run_dir)); |
168 | sbox_run(SBOX_ROOT | SBOX_SECCOMP, 3, PATH_FCOPY, src, dst); | 168 | |
169 | // follow links! this will make a copy of the file or directory pointed by the symlink | ||
170 | // this will solve problems such as NixOS #4887 | ||
171 | // don't follow links to dynamic directories such as /proc | ||
172 | if (strcmp(src, "/etc/mtab") == 0) | ||
173 | sbox_run(SBOX_ROOT | SBOX_SECCOMP, 3, PATH_FCOPY, src, dst); | ||
174 | else | ||
175 | sbox_run(SBOX_ROOT | SBOX_SECCOMP, 4, PATH_FCOPY, "--follow-link", src, dst); | ||
169 | 176 | ||
170 | free(dst); | 177 | free(dst); |
171 | fs_logger2("clone", src); | 178 | fs_logger2("clone", src); |