diff options
-rw-r--r-- | etc/inc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/profile-m-z/steam.profile | 5 | ||||
-rw-r--r-- | src/fcopy/main.c | 9 | ||||
-rw-r--r-- | src/firejail/fs_etc.c | 9 |
4 files changed, 14 insertions, 10 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 5a189559a..255da0fbd 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -286,6 +286,7 @@ blacklist ${HOME}/.config/LibreCAD | |||
286 | blacklist ${HOME}/.config/Loop_Hero | 286 | blacklist ${HOME}/.config/Loop_Hero |
287 | blacklist ${HOME}/.config/Luminance | 287 | blacklist ${HOME}/.config/Luminance |
288 | blacklist ${HOME}/.config/LyX | 288 | blacklist ${HOME}/.config/LyX |
289 | blacklist ${HOME}/.config/MangoHud | ||
289 | blacklist ${HOME}/.config/Mattermost | 290 | blacklist ${HOME}/.config/Mattermost |
290 | blacklist ${HOME}/.config/Meltytech | 291 | blacklist ${HOME}/.config/Meltytech |
291 | blacklist ${HOME}/.config/Mendeley Ltd. | 292 | blacklist ${HOME}/.config/Mendeley Ltd. |
diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile index b31818274..b0be8a517 100644 --- a/etc/profile-m-z/steam.profile +++ b/etc/profile-m-z/steam.profile | |||
@@ -8,6 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Epic | 9 | noblacklist ${HOME}/.config/Epic |
10 | noblacklist ${HOME}/.config/Loop_Hero | 10 | noblacklist ${HOME}/.config/Loop_Hero |
11 | noblacklist ${HOME}/.config/MangoHud | ||
11 | noblacklist ${HOME}/.config/ModTheSpire | 12 | noblacklist ${HOME}/.config/ModTheSpire |
12 | noblacklist ${HOME}/.config/RogueLegacy | 13 | noblacklist ${HOME}/.config/RogueLegacy |
13 | noblacklist ${HOME}/.config/RogueLegacyStorageContainer | 14 | noblacklist ${HOME}/.config/RogueLegacyStorageContainer |
@@ -55,6 +56,7 @@ include disable-programs.inc | |||
55 | 56 | ||
56 | mkdir ${HOME}/.config/Epic | 57 | mkdir ${HOME}/.config/Epic |
57 | mkdir ${HOME}/.config/Loop_Hero | 58 | mkdir ${HOME}/.config/Loop_Hero |
59 | mkdir ${HOME}/.config/MangoHud | ||
58 | mkdir ${HOME}/.config/ModTheSpire | 60 | mkdir ${HOME}/.config/ModTheSpire |
59 | mkdir ${HOME}/.config/RogueLegacy | 61 | mkdir ${HOME}/.config/RogueLegacy |
60 | mkdir ${HOME}/.config/unity3d | 62 | mkdir ${HOME}/.config/unity3d |
@@ -85,6 +87,7 @@ mkfile ${HOME}/.steampath | |||
85 | mkfile ${HOME}/.steampid | 87 | mkfile ${HOME}/.steampid |
86 | whitelist ${HOME}/.config/Epic | 88 | whitelist ${HOME}/.config/Epic |
87 | whitelist ${HOME}/.config/Loop_Hero | 89 | whitelist ${HOME}/.config/Loop_Hero |
90 | whitelist ${HOME}/.config/MangoHud | ||
88 | whitelist ${HOME}/.config/ModTheSpire | 91 | whitelist ${HOME}/.config/ModTheSpire |
89 | whitelist ${HOME}/.config/RogueLegacy | 92 | whitelist ${HOME}/.config/RogueLegacy |
90 | whitelist ${HOME}/.config/RogueLegacyStorageContainer | 93 | whitelist ${HOME}/.config/RogueLegacyStorageContainer |
@@ -162,3 +165,5 @@ private-tmp | |||
162 | 165 | ||
163 | # dbus-user none | 166 | # dbus-user none |
164 | # dbus-system none | 167 | # dbus-system none |
168 | |||
169 | read-only ${HOME}/.config/MangoHud | ||
diff --git a/src/fcopy/main.c b/src/fcopy/main.c index 4be35e23f..c64d20127 100644 --- a/src/fcopy/main.c +++ b/src/fcopy/main.c | |||
@@ -402,15 +402,6 @@ static void duplicate_link(const char *src, const char *dest, struct stat *s) { | |||
402 | gid_t gid = s->st_gid; | 402 | gid_t gid = s->st_gid; |
403 | mode_t mode = s->st_mode; | 403 | mode_t mode = s->st_mode; |
404 | 404 | ||
405 | // NixOS problem #4887: | ||
406 | // /etc/fonts is a double symlink to a directory - copy the files instead of copying the symlink | ||
407 | if (strcmp(src, "/etc/fonts") == 0) { | ||
408 | duplicate_dir(src, dest, s); | ||
409 | free(rsrc); | ||
410 | free(rdest); | ||
411 | return; | ||
412 | } | ||
413 | |||
414 | // build destination file name | 405 | // build destination file name |
415 | char *name; | 406 | char *name; |
416 | // char *ptr = strrchr(rsrc, '/'); | 407 | // char *ptr = strrchr(rsrc, '/'); |
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index 786e0d360..deaee31bb 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c | |||
@@ -165,7 +165,14 @@ static void duplicate(const char *fname, const char *private_dir, const char *pr | |||
165 | errExit("asprintf"); | 165 | errExit("asprintf"); |
166 | 166 | ||
167 | build_dirs(src, dst, strlen(private_dir), strlen(private_run_dir)); | 167 | build_dirs(src, dst, strlen(private_dir), strlen(private_run_dir)); |
168 | sbox_run(SBOX_ROOT | SBOX_SECCOMP, 3, PATH_FCOPY, src, dst); | 168 | |
169 | // follow links! this will make a copy of the file or directory pointed by the symlink | ||
170 | // this will solve problems such as NixOS #4887 | ||
171 | // don't follow links to dynamic directories such as /proc | ||
172 | if (strcmp(src, "/etc/mtab") == 0) | ||
173 | sbox_run(SBOX_ROOT | SBOX_SECCOMP, 3, PATH_FCOPY, src, dst); | ||
174 | else | ||
175 | sbox_run(SBOX_ROOT | SBOX_SECCOMP, 4, PATH_FCOPY, "--follow-link", src, dst); | ||
169 | 176 | ||
170 | free(dst); | 177 | free(dst); |
171 | fs_logger2("clone", src); | 178 | fs_logger2("clone", src); |