diff options
-rw-r--r-- | src/firejail/firejail.h | 3 | ||||
-rw-r--r-- | src/firejail/fs_whitelist.c | 23 |
2 files changed, 24 insertions, 2 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 5a917fd1f..58c497cd8 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -86,7 +86,8 @@ typedef struct interface_t { | |||
86 | 86 | ||
87 | typedef struct profile_entry_t { | 87 | typedef struct profile_entry_t { |
88 | struct profile_entry_t *next; | 88 | struct profile_entry_t *next; |
89 | char *data; | 89 | char *data; // expanded name of the file |
90 | char *link; // link name - set if the file is a link | ||
90 | }ProfileEntry; | 91 | }ProfileEntry; |
91 | 92 | ||
92 | typedef struct config_t { | 93 | typedef struct config_t { |
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index fac08705d..c856359f6 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -143,9 +143,16 @@ void fs_whitelist(void) { | |||
143 | } | 143 | } |
144 | 144 | ||
145 | char *new_name = expand_home(entry->data + 10, cfg.homedir); | 145 | char *new_name = expand_home(entry->data + 10, cfg.homedir); |
146 | |||
146 | assert(new_name); | 147 | assert(new_name); |
147 | char *fname = realpath(new_name, NULL); | 148 | char *fname = realpath(new_name, NULL); |
148 | free(new_name); | 149 | |
150 | // mark symbolic links | ||
151 | if (is_link(new_name)) | ||
152 | entry->link = new_name; | ||
153 | else | ||
154 | free(new_name); | ||
155 | |||
149 | if (fname) { | 156 | if (fname) { |
150 | // change file name in entry->data | 157 | // change file name in entry->data |
151 | if (strcmp(fname, entry->data + 10) != 0) { | 158 | if (strcmp(fname, entry->data + 10) != 0) { |
@@ -194,8 +201,22 @@ void fs_whitelist(void) { | |||
194 | continue; | 201 | continue; |
195 | } | 202 | } |
196 | 203 | ||
204 | // whitelist the real file | ||
197 | whitelist_path(entry->data + 10); | 205 | whitelist_path(entry->data + 10); |
198 | 206 | ||
207 | // create the link if any | ||
208 | if (entry->link) { | ||
209 | // if the link is already there, do not bother | ||
210 | struct stat s; | ||
211 | if (stat(entry->link, &s) != 0) { | ||
212 | int rv = symlink(entry->data + 10, entry->link); | ||
213 | if (rv) | ||
214 | fprintf(stderr, "Warning cannot create symbolic link %s\n", entry->link); | ||
215 | else if (arg_debug) | ||
216 | printf("Created symbolic link %s -> %s\n", entry->link, entry->data + 10); | ||
217 | } | ||
218 | } | ||
219 | |||
199 | entry = entry->next; | 220 | entry = entry->next; |
200 | } | 221 | } |
201 | 222 | ||