diff options
-rw-r--r-- | src/firejail/fs_whitelist.c | 47 |
1 files changed, 31 insertions, 16 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 7e61bfde5..617e61dcd 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -422,7 +422,12 @@ void fs_whitelist(void) { | |||
422 | entry->var_dir = 1; | 422 | entry->var_dir = 1; |
423 | var_dir = 1; | 423 | var_dir = 1; |
424 | // both path and absolute path are under /var | 424 | // both path and absolute path are under /var |
425 | if (strncmp(fname, "/var/", 5) != 0) { | 425 | // exceptions: /var/run and /var/lock |
426 | if (strcmp(new_name, "/var/run")== 0) | ||
427 | ; | ||
428 | else if (strcmp(new_name, "/var/lock")== 0) | ||
429 | ; | ||
430 | else if (strncmp(fname, "/var/", 5) != 0) { | ||
426 | if (arg_debug) | 431 | if (arg_debug) |
427 | fprintf(stderr, "Debug %d: fname #%s#\n", __LINE__, fname); | 432 | fprintf(stderr, "Debug %d: fname #%s#\n", __LINE__, fname); |
428 | goto errexit; | 433 | goto errexit; |
@@ -618,21 +623,31 @@ void fs_whitelist(void) { | |||
618 | 623 | ||
619 | //printf("here %d#%s#\n", __LINE__, entry->data); | 624 | //printf("here %d#%s#\n", __LINE__, entry->data); |
620 | // whitelist the real file | 625 | // whitelist the real file |
621 | whitelist_path(entry); | 626 | if (strcmp(entry->data, "whitelist /run") == 0 && |
622 | 627 | (strcmp(entry->link, "/var/run") == 0 || strcmp(entry->link, "/var/lock") == 0)) { | |
623 | // create the link if any | 628 | int rv = symlink(entry->data + 10, entry->link); |
624 | if (entry->link) { | 629 | if (rv) |
625 | // if the link is already there, do not bother | 630 | fprintf(stderr, "Warning cannot create symbolic link %s\n", entry->link); |
626 | struct stat s; | 631 | else if (arg_debug || arg_debug_whitelists) |
627 | if (stat(entry->link, &s) != 0) { | 632 | printf("Created symbolic link %s -> %s\n", entry->link, entry->data + 10); |
628 | // create the path if necessary | 633 | } |
629 | mkpath(entry->link, s.st_mode); | 634 | else { |
630 | 635 | whitelist_path(entry); | |
631 | int rv = symlink(entry->data + 10, entry->link); | 636 | |
632 | if (rv) | 637 | // create the link if any |
633 | fprintf(stderr, "Warning cannot create symbolic link %s\n", entry->link); | 638 | if (entry->link) { |
634 | else if (arg_debug || arg_debug_whitelists) | 639 | // if the link is already there, do not bother |
635 | printf("Created symbolic link %s -> %s\n", entry->link, entry->data + 10); | 640 | struct stat s; |
641 | if (stat(entry->link, &s) != 0) { | ||
642 | // create the path if necessary | ||
643 | mkpath(entry->link, s.st_mode); | ||
644 | |||
645 | int rv = symlink(entry->data + 10, entry->link); | ||
646 | if (rv) | ||
647 | fprintf(stderr, "Warning cannot create symbolic link %s\n", entry->link); | ||
648 | else if (arg_debug || arg_debug_whitelists) | ||
649 | printf("Created symbolic link %s -> %s\n", entry->link, entry->data + 10); | ||
650 | } | ||
636 | } | 651 | } |
637 | } | 652 | } |
638 | 653 | ||