diff options
-rw-r--r-- | src/firejail/fs_whitelist.c | 53 |
1 files changed, 14 insertions, 39 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 1fd1fb675..9bedcc708 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -35,19 +35,6 @@ | |||
35 | #define EMPTY_STRING ("") | 35 | #define EMPTY_STRING ("") |
36 | #define MAXBUF 4098 | 36 | #define MAXBUF 4098 |
37 | 37 | ||
38 | // returns mallocated memory | ||
39 | char *parse_nowhitelist(int nowhitelist_flag, char *ptr1) { | ||
40 | char *rv; | ||
41 | if (nowhitelist_flag) { | ||
42 | if (asprintf(&rv, "nowhitelist ~/%s", ptr1) == -1) | ||
43 | errExit("asprintf"); | ||
44 | } | ||
45 | else { | ||
46 | if (asprintf(&rv, "whitelist ~/%s", ptr1) == -1) | ||
47 | errExit("asprintf"); | ||
48 | } | ||
49 | return rv; | ||
50 | } | ||
51 | 38 | ||
52 | static int mkpath(const char* path, mode_t mode) { | 39 | static int mkpath(const char* path, mode_t mode) { |
53 | assert(path && *path); | 40 | assert(path && *path); |
@@ -369,35 +356,23 @@ void fs_whitelist(void) { | |||
369 | } | 356 | } |
370 | char *dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; | 357 | char *dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; |
371 | 358 | ||
372 | // resolve macros | 359 | // replace ~/ or ${HOME} into /home/username or resolve macro |
373 | if (is_macro(dataptr)) { | ||
374 | char *tmp = resolve_macro(dataptr); // returns allocated mem | ||
375 | if (tmp != NULL) { | ||
376 | char *tmp1 = parse_nowhitelist(nowhitelist_flag, tmp); | ||
377 | assert(tmp1); | ||
378 | free(tmp); | ||
379 | tmp = tmp1; | ||
380 | } | ||
381 | if (tmp) { | ||
382 | entry->data = tmp; | ||
383 | dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; | ||
384 | } | ||
385 | else { | ||
386 | if (!nowhitelist_flag && !arg_quiet && !arg_private) { | ||
387 | fprintf(stderr, "***\n"); | ||
388 | fprintf(stderr, "*** Warning: cannot whitelist %s directory\n", dataptr); | ||
389 | fprintf(stderr, "*** Any file saved in this directory will be lost when the sandbox is closed.\n"); | ||
390 | fprintf(stderr, "***\n"); | ||
391 | } | ||
392 | entry->data = EMPTY_STRING; | ||
393 | continue; | ||
394 | } | ||
395 | } | ||
396 | |||
397 | // replace ~/ or ${HOME} into /home/username | ||
398 | new_name = expand_home(dataptr, cfg.homedir); | 360 | new_name = expand_home(dataptr, cfg.homedir); |
399 | assert(new_name); | 361 | assert(new_name); |
400 | 362 | ||
363 | // skip command if resolving the macro was not successful | ||
364 | if (is_macro(new_name)) { | ||
365 | if (!nowhitelist_flag && !arg_quiet && !arg_private) { | ||
366 | fprintf(stderr, "***\n"); | ||
367 | fprintf(stderr, "*** Warning: cannot whitelist %s directory\n", new_name); | ||
368 | fprintf(stderr, "*** Any file saved in this directory will be lost when the sandbox is closed.\n"); | ||
369 | fprintf(stderr, "***\n"); | ||
370 | } | ||
371 | free(new_name); | ||
372 | entry->data = EMPTY_STRING; | ||
373 | continue; | ||
374 | } | ||
375 | |||
401 | // remove trailing slashes and single dots | 376 | // remove trailing slashes and single dots |
402 | trim_trailing_slash_or_dot(new_name); | 377 | trim_trailing_slash_or_dot(new_name); |
403 | 378 | ||