diff options
-rw-r--r-- | src/firejail/fs.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 1bce68f15..c7dd91b06 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -521,12 +521,16 @@ void fs_remount(const char *dir, OPERATION op, unsigned check_mnt) { | |||
521 | if (mount(dir, dir, NULL, MS_BIND|MS_REC, NULL) < 0 || | 521 | if (mount(dir, dir, NULL, MS_BIND|MS_REC, NULL) < 0 || |
522 | mount(NULL, dir, NULL, flags|MS_BIND|MS_REMOUNT, NULL) < 0) | 522 | mount(NULL, dir, NULL, flags|MS_BIND|MS_REMOUNT, NULL) < 0) |
523 | errExit("remounting"); | 523 | errExit("remounting"); |
524 | // run a sanity check on /proc/self/mountinfo | ||
524 | if (check_mnt) { | 525 | if (check_mnt) { |
525 | // run a sanity check on /proc/self/mountinfo | 526 | // confirm target of the last mount operation was dir; if there are other |
527 | // mount points contained inside dir, one of those will show up as target | ||
528 | // of the last mount operation instead | ||
526 | MountData *mptr = get_last_mount(); | 529 | MountData *mptr = get_last_mount(); |
527 | size_t len = strlen(dir); | 530 | size_t len = strlen(dir); |
528 | if (strncmp(mptr->dir, dir, len) != 0 || | 531 | if ((strncmp(mptr->dir, dir, len) != 0 || |
529 | (*(mptr->dir + len) != '\0' && *(mptr->dir + len) != '/')) | 532 | (*(mptr->dir + len) != '\0' && *(mptr->dir + len) != '/')) |
533 | && strcmp(dir, "/") != 0) // support read-only=/ | ||
530 | errLogExit("invalid %s mount", opstr[op]); | 534 | errLogExit("invalid %s mount", opstr[op]); |
531 | } | 535 | } |
532 | fs_logger2(opstr[op], dir); | 536 | fs_logger2(opstr[op], dir); |