1 files changed, 16 insertions, 0 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 0b860c0d5..3377b2592 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -55,6 +55,13 @@ static int whitelist_mkpath(const char *parentdir, const char *relpath, mode_t m
        if (parentfd < 0)
                errExit("open");
+        // top level directory mount id
+        int mountid = get_mount_id(parentfd);
+        if (mountid < 0) {
+                close(parentfd);
+                return -1;
+        }
        // work on a copy of the path
        char *dup = strdup(relpath);
        if (!dup)
@@ -95,6 +102,15 @@ static int whitelist_mkpath(const char *parentdir, const char *relpath, mode_t m
                        free(dup);
                        return -1;
                }
+                // different mount id indicates earlier whitelist mount
+                if (get_mount_id(fd) != mountid) {
+                        if (arg_debug || arg_debug_whitelists)
+                                printf("Debug %d: whitelisted already\n", __LINE__);
+                        close(parentfd);
+                        close(fd);
+                        free(dup);
+                        return -1;
+                }
                // move on to next path segment
                close(parentfd);
                parentfd = fd;

diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 0b860c0d5..3377b2592 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c
@@ -55,6 +55,13 @@ static int whitelist_mkpath(const char parentdir, const char relpath, mode_t m
55	if (parentfd < 0)	55	if (parentfd < 0)
56	errExit("open");	56	errExit("open");
57		57
		58	// top level directory mount id
		59	int mountid = get_mount_id(parentfd);
		60	if (mountid < 0) {
		61	close(parentfd);
		62	return -1;
		63	}
		64
58	// work on a copy of the path	65	// work on a copy of the path
59	char *dup = strdup(relpath);	66	char *dup = strdup(relpath);
60	if (!dup)	67	if (!dup)
@@ -95,6 +102,15 @@ static int whitelist_mkpath(const char parentdir, const char relpath, mode_t m
95	free(dup);	102	free(dup);
96	return -1;	103	return -1;
97	}	104	}
		105	// different mount id indicates earlier whitelist mount
		106	if (get_mount_id(fd) != mountid) {
		107	if (arg_debug \|\| arg_debug_whitelists)
		108	printf("Debug %d: whitelisted already\n", __LINE__);
		109	close(parentfd);
		110	close(fd);
		111	free(dup);
		112	return -1;
		113	}
98	// move on to next path segment	114	// move on to next path segment
99	close(parentfd);	115	close(parentfd);
100	parentfd = fd;	116	parentfd = fd;