aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--RELNOTES3
-rw-r--r--src/firejail/fs.c8
-rw-r--r--src/firejail/profile.c21
3 files changed, 23 insertions, 9 deletions
diff --git a/RELNOTES b/RELNOTES
index f38b42c4b..d9036898f 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,3 +1,6 @@
1firejail (0.9.65) baseline; urgency=low
2 * allow --tmpfs inside $HOME for unprivileged users
3
1firejail (0.9.64) baseline; urgency=low 4firejail (0.9.64) baseline; urgency=low
2 * replaced --nowrap option with --wrap in firemon 5 * replaced --nowrap option with --wrap in firemon
3 * The blocking action of seccomp filters has been changed from 6 * The blocking action of seccomp filters has been changed from
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 2000ffc62..2f2bfdc79 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -366,6 +366,14 @@ void fs_blacklist(void) {
366 else if (strncmp(entry->data, "tmpfs ", 6) == 0) { 366 else if (strncmp(entry->data, "tmpfs ", 6) == 0) {
367 ptr = entry->data + 6; 367 ptr = entry->data + 6;
368 op = MOUNT_TMPFS; 368 op = MOUNT_TMPFS;
369 char *resolved_path = realpath(ptr, NULL);
370 if (!resolved_path || strncmp(cfg.homedir, resolved_path, strlen(cfg.homedir)) != 0) {
371 if (getuid() != 0) {
372 fprintf(stderr, "Error: tmpfs outside $HOME is only available for root\n");
373 exit(1);
374 }
375 }
376 free(resolved_path);
369 } 377 }
370 else if (strncmp(entry->data, "mkdir ", 6) == 0) { 378 else if (strncmp(entry->data, "mkdir ", 6) == 0) {
371 EUID_USER(); 379 EUID_USER();
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 5d83e6a73..869183e2f 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -1412,11 +1412,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
1412 // filesystem bind 1412 // filesystem bind
1413 if (strncmp(ptr, "bind ", 5) == 0) { 1413 if (strncmp(ptr, "bind ", 5) == 0) {
1414 if (checkcfg(CFG_BIND)) { 1414 if (checkcfg(CFG_BIND)) {
1415 if (getuid() != 0) {
1416 fprintf(stderr, "Error: --bind option is available only if running as root\n");
1417 exit(1);
1418 }
1419
1420 // extract two directories 1415 // extract two directories
1421 char *dname1 = ptr + 5; 1416 char *dname1 = ptr + 5;
1422 char *dname2 = split_comma(dname1); // this inserts a '0 to separate the two dierctories 1417 char *dname2 = split_comma(dname1); // this inserts a '0 to separate the two dierctories
@@ -1432,6 +1427,18 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
1432 fprintf(stderr, "Error: invalid file name.\n"); 1427 fprintf(stderr, "Error: invalid file name.\n");
1433 exit(1); 1428 exit(1);
1434 } 1429 }
1430 if (getuid() != 0) {
1431 char *resolved_path1 = realpath(dname1, NULL);
1432 char *resolved_path2 = realpath(dname2, NULL);
1433 assert(resolved_path1 && resolved_path2);
1434 if (strncmp(cfg.homedir, resolved_path1, strlen(cfg.homedir)) != 0
1435 || strncmp(cfg.homedir, resolved_path2, strlen(cfg.homedir)) != 0) {
1436 fprintf(stderr, "Error: bind outside $HOME is only available for root\n");
1437 exit(1);
1438 }
1439 free(resolved_path1);
1440 free(resolved_path2);
1441 }
1435 if (is_link(dname1) || is_link(dname2)) { 1442 if (is_link(dname1) || is_link(dname2)) {
1436 fprintf(stderr, "Symbolic links are not allowed for bind command\n"); 1443 fprintf(stderr, "Symbolic links are not allowed for bind command\n");
1437 exit(1); 1444 exit(1);
@@ -1563,10 +1570,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
1563 else if (strncmp(ptr, "noexec ", 7) == 0) 1570 else if (strncmp(ptr, "noexec ", 7) == 0)
1564 ptr += 7; 1571 ptr += 7;
1565 else if (strncmp(ptr, "tmpfs ", 6) == 0) { 1572 else if (strncmp(ptr, "tmpfs ", 6) == 0) {
1566 if (getuid() != 0) {
1567 fprintf(stderr, "Error: tmpfs available only when running the sandbox as root\n");
1568 exit(1);
1569 }
1570 ptr += 6; 1573 ptr += 6;
1571 } 1574 }
1572 else { 1575 else {
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-01 20:16:38 +0000