13 files changed, 226 insertions, 134 deletions
diff --git a/etc/inc/disable-proc.inc b/etc/inc/disable-proc.inc
new file mode 100644
index 000000000..81a8883f3
--- /dev/null
+++ b/etc/inc/disable-proc.inc
@@ -0,0 +1,82 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include disable-proc.local
+blacklist /proc/acpi
+blacklist /proc/asound
+blacklist /proc/bootconfig
+blacklist /proc/buddyinfo
+blacklist /proc/cgroups
+blacklist /proc/cmdline
+blacklist /proc/config.gz
+blacklist /proc/consoles
+#blacklist /proc/cpuinfo
+blacklist /proc/crypto
+blacklist /proc/devices
+blacklist /proc/diskstats
+blacklist /proc/dma
+#blacklist /proc/driver
+blacklist /proc/dynamic_debug
+blacklist /proc/execdomains
+blacklist /proc/fb
+#blacklist /proc/filesystems
+blacklist /proc/fs
+blacklist /proc/i8k
+blacklist /proc/interrupts
+blacklist /proc/iomem
+blacklist /proc/ioports
+blacklist /proc/irq
+blacklist /proc/kallsyms
+blacklist /proc/kcore
+blacklist /proc/keys
+blacklist /proc/key-users
+blacklist /proc/kmsg
+blacklist /proc/kpagecgroup
+blacklist /proc/kpagecount
+blacklist /proc/kpageflags
+blacklist /proc/latency_stats
+#blacklist /proc/loadavg
+blacklist /proc/locks
+blacklist /proc/mdstat
+#blacklist /proc/meminfo
+blacklist /proc/misc
+#blacklist /proc/modules
+#blacklist /proc/mounts
+blacklist /proc/mtrr
+#blacklist /proc/net
+blacklist /proc/partitions
+blacklist /proc/pressure
+blacklist /proc/sched_debug
+blacklist /proc/schedstat
+blacklist /proc/scsi
+#blacklist /proc/self
+blacklist /proc/slabinfo
+blacklist /proc/softirqs
+blacklist /proc/spl
+#blacklist /proc/stat
+blacklist /proc/swaps
+#blacklist /proc/sys
+blacklist /proc/sysrq-trigger
+blacklist /proc/sysvipc
+#blacklist /proc/thread-self
+blacklist /proc/timer_list
+blacklist /proc/tty
+#blacklist /proc/uptime
+#blacklist /proc/version
+blacklist /proc/version_signature
+blacklist /proc/vmallocinfo
+#blacklist /proc/vmstat
+#blacklist /proc/zoneinfo
+blacklist /proc/sys/abi
+blacklist /proc/sys/crypto
+blacklist /proc/sys/debug
+blacklist /proc/sys/dev
+blacklist /proc/sys/fs
+blacklist /proc/sys/net
+blacklist /proc/sys/user
+blacklist /proc/sys/vm
+noblacklist /proc/sys/kernel/osrelease
+noblacklist /proc/sys/kernel/yama
+blacklist /proc/sys/*/*
diff --git a/etc/profile-a-l/jumpnbump-menu.profile b/etc/profile-a-l/jumpnbump-menu.profile
index 8d391b90f..59d762f55 100644
--- a/etc/profile-a-l/jumpnbump-menu.profile
+++ b/etc/profile-a-l/jumpnbump-menu.profile
@@ -10,7 +10,7 @@ include jumpnbump-menu.local
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
-private-bin jumpnbump-menu,python3*
+private-bin env,jumpnbump-menu,python3*
 # Redirect
 include jumpnbump.profile
diff --git a/etc/profile-m-z/tremulous.profile b/etc/profile-m-z/tremulous.profile
index 4e16df553..96541ae25 100644
--- a/etc/profile-m-z/tremulous.profile
+++ b/etc/profile-m-z/tremulous.profile
@@ -8,6 +8,9 @@ include globals.local
 noblacklist ${HOME}/.tremulous
+# Allow /bin/sh (blacklisted by disable-shell.inc)
+include allow-bin-sh.inc
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -41,7 +44,7 @@ shell none
 tracelog
 disable-mnt
-private-bin tremded,tremulous,tremulous-wrapper
+private-bin env,sh,tremded,tremulous,tremulous-wrapper
 private-cache
 private-dev
 private-tmp
diff --git a/etc/profile-m-z/warsow.profile b/etc/profile-m-z/warsow.profile
index b57f9ba1d..2f818b733 100644
--- a/etc/profile-m-z/warsow.profile
+++ b/etc/profile-m-z/warsow.profile
@@ -11,6 +11,9 @@ ignore noexec ${HOME}
 noblacklist ${HOME}/.cache/warsow-2.1
 noblacklist ${HOME}/.local/share/warsow-2.1
+# Allow /bin/sh (blacklisted by disable-shell.inc)
+include allow-bin-sh.inc
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -39,13 +42,13 @@ noroot
 notv
 nou2f
 novideo
-protocol unix,inet,inet6
+protocol unix,inet,inet6,netlink
 seccomp
 shell none
 tracelog
 disable-mnt
-private-bin warsow
+private-bin basename,bash,dirname,sed,sh,uname,warsow
 private-cache
 private-dev
 private-tmp
diff --git a/etc/templates/profile.template b/etc/templates/profile.template
index 7628313e0..44197b547 100644
--- a/etc/templates/profile.template
+++ b/etc/templates/profile.template
@@ -116,6 +116,7 @@ include globals.local
 #include disable-devel.inc
 #include disable-exec.inc
 #include disable-interpreters.inc
+#include disable-proc.inc
 #include disable-programs.inc
 #include disable-shell.inc
 #include disable-write-mnt.inc
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c
index 8700e0ba1..a1847284c 100644
--- a/src/fbuilder/build_fs.c
+++ b/src/fbuilder/build_fs.c
@@ -236,9 +236,6 @@ void build_share(const char *fname, FILE *fp) {
 //*******************************************
 static FileDB *tmp_out = NULL;
 static void tmp_callback(char *ptr) {
-        // skip strace file
-        if (strncmp(ptr, "/tmp/firejail-strace", 20) == 0)
-                return;
        if (strncmp(ptr, "/tmp/runtime-", 13) == 0)
                return;
        if (strcmp(ptr, "/tmp") == 0)
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 5bebec185..a6924b830 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -519,6 +519,7 @@ void touch_file_as_user(const char *fname, mode_t mode);
 int is_dir(const char *fname);
 int is_link(const char *fname);
 char *realpath_as_user(const char *fname);
+ssize_t readlink_as_user(const char *fname, char *buf, size_t sz);
 int stat_as_user(const char *fname, struct stat *s);
 int lstat_as_user(const char *fname, struct stat *s);
 void trim_trailing_slash_or_dot(char *path);
@@ -566,7 +567,7 @@ typedef struct {
 // mountinfo.c
 MountData *get_last_mount(void);
 int get_mount_id(int fd);
-char **build_mount_array(const int mount_id, const char *path);
+char **build_mount_array(const int mountid, const char *path);
 // fs_var.c
 void fs_var_log(void);  // mounting /var/log
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 0b9a38035..9c1b889ed 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -654,12 +654,13 @@ static void fs_remount_rec(const char *path, OPERATION op) {
        // build array with all mount points that need to get remounted
        char **arr = build_mount_array(mountid, path);
-        assert(arr);
+        if (!arr)
+                return;
        // remount
-        char **tmp = arr;
+        int i;
-        while (*tmp) {
+        for (i = 0; arr[i]; i++) {
-                fs_remount_simple(*tmp, op);
+                fs_remount_simple(arr[i], op);
-                free(*tmp++);
+                free(arr[i]);
        }
        free(arr);
 }
diff --git a/src/firejail/main.c b/src/firejail/main.c
index c5b3d5739..1ba70b0bd 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -2156,6 +2156,10 @@ int main(int argc, char **argv, char **envp) {
                        arg_novideo = 1;
                else if (strcmp(argv[i], "--no3d") == 0)
                        arg_no3d = 1;
+                else if (strcmp(argv[i], "--noprinters") == 0) {
+                        profile_add("blacklist /dev/lp*");
+                        profile_add("blacklist /run/cups/cups.sock");
+                }
                else if (strcmp(argv[i], "--notv") == 0)
                        arg_notv = 1;
                else if (strcmp(argv[i], "--nodvd") == 0)
diff --git a/src/firejail/mountinfo.c b/src/firejail/mountinfo.c
index 304f80eee..ee437e10b 100644
--- a/src/firejail/mountinfo.c
+++ b/src/firejail/mountinfo.c
@@ -33,43 +33,38 @@ static MountData mdata;
 // Convert octal escape sequence to decimal value
-static int read_oct(const char *path) {
+static unsigned read_oct(char *s) {
-        int dec = 0;
+        assert(s[0] == '\\');
-        int digit, i;
+        s++;
-        // there are always exactly three octal digits
-        for (i = 1; i < 4; i++) {
+        int i;
-                digit = *(path + i);
+        for (i = 0; i < 3; i++)
-                if (digit < '0' || digit > '7') {
+                assert(s[i] >= '0' && s[i] <= '7');
-                        fprintf(stderr, "Error: cannot read /proc/self/mountinfo\n");
-                        exit(1);
+        return ((s[0] - '0') << 6 |
-                }
+                (s[1] - '0') << 3 |
-                dec = (dec << 3) + (digit - '0');
+                (s[2] - '0') << 0);
-        }
-        return dec;
 }
 // Restore empty spaces in pathnames extracted from /proc/self/mountinfo
 static void unmangle_path(char *path) {
-        char *p = strchr(path, '\\');
+        char *r = strchr(path, '\\');
-        if (p && read_oct(p) == ' ') {
+        if (!r)
-                *p = ' ';
+                return;
-                int i = 3;
-                do {
+        char *w = r;
-                        p++;
+        do {
-                        if (*(p + i) == '\\' && read_oct(p + i) == ' ') {
+                while (*r == '\\') {
-                                *p = ' ';
+                        *w++ = read_oct(r);
-                                i += 3;
+                        r += 4;
-                        }
+                }
-                        else
+                *w++ = *r;
-                                *p = *(p + i);
+        } while (*r++);
-                } while (*p);
-        }
 }
 // Parse a line from /proc/self/mountinfo,
 // the function does an exit(1) if anything goes wrong.
 static void parse_line(char *line, MountData *output) {
-        assert(line && output);
        memset(output, 0, sizeof(*output));
        // extract mount id, filesystem name, directory and filesystem types
        // examples:
@@ -87,8 +82,6 @@ static void parse_line(char *line, MountData *output) {
        char *ptr = strtok(line, " ");
        if (!ptr)
                goto errexit;
-        if (ptr != line)
-                goto errexit;
        output->mountid = atoi(ptr);
        int cnt = 1;
@@ -109,10 +102,9 @@ static void parse_line(char *line, MountData *output) {
        ptr = strtok(NULL, " ");
        if (!ptr)
                goto errexit;
-        output->fstype = ptr++;
+        output->fstype = ptr;
+        if (output->mountid < 0 ||
-        if (output->mountid == 0 ||
            output->fsname == NULL ||
            output->dir == NULL ||
            output->fstype == NULL)
@@ -195,9 +187,9 @@ static int get_mount_id_from_fdinfo(int fd) {
        char buf[MAX_BUF];
        while (fgets(buf, MAX_BUF, fp)) {
                if (strncmp(buf, "mnt_id:", 7) == 0) {
-                        if (sscanf(buf + 7, "%d", &rv) != 1)
+                        if (sscanf(buf + 7, "%d", &rv) == 1)
-                                goto errexit;
+                                break;
-                        break;
+                        goto errexit;
                }
        }
@@ -219,62 +211,50 @@ int get_mount_id(int fd) {
 // Check /proc/self/mountinfo if path contains any mounts points.
 // Returns an array that can be iterated over for recursive remounting.
-char **build_mount_array(const int mount_id, const char *path) {
+char **build_mount_array(const int mountid, const char *path) {
        assert(path);
-        // open /proc/self/mountinfo
        FILE *fp = fopen("/proc/self/mountinfo", "re");
        if (!fp) {
                fprintf(stderr, "Error: cannot read /proc/self/mountinfo\n");
                exit(1);
        }
-        // array to be returned
+        // try to find line with mount id
-        size_t cnt = 0;
+        int found = 0;
+        MountData mntp;
+        char line[MAX_BUF];
+        while (fgets(line, MAX_BUF, fp)) {
+                parse_line(line, &mntp);
+                if (mntp.mountid == mountid) {
+                        found = 1;
+                        break;
+                }
+        }
+        if (!found) {
+                fclose(fp);
+                return NULL;
+        }
+        // allocate array
        size_t size = 32;
        char **rv = malloc(size * sizeof(*rv));
        if (!rv)
                errExit("malloc");
-        // read /proc/self/mountinfo
+        // add directory itself
-        size_t pathlen = strlen(path);
+        size_t cnt = 0;
-        char buf[MAX_BUF];
+        rv[cnt] = strdup(path);
-        MountData mntp;
+        if (rv[cnt] == NULL)
-        int found = 0;
+                errExit("strdup");
-        if (fgets(buf, MAX_BUF, fp) == NULL) {
+        // and add all following mountpoints contained in this directory
-                fprintf(stderr, "Error: cannot read /proc/self/mountinfo\n");
+        size_t pathlen = strlen(path);
-                exit(1);
+        while (fgets(line, MAX_BUF, fp)) {
-        }
+                parse_line(line, &mntp);
-        do {
+                if (strncmp(mntp.dir, path, pathlen) == 0 && mntp.dir[pathlen] == '/') {
-                parse_line(buf, &mntp);
+                        if (++cnt == size) {
-                // find mount point with mount id
-                if (!found) {
-                        if (mntp.mountid == mount_id) {
-                                // give up if mount id has been reassigned,
-                                // don't remount blacklisted path
-                                if (strncmp(mntp.dir, path, strlen(mntp.dir)) ||
-                                    strstr(mntp.fsname, "firejail.ro.dir") ||
-                                    strstr(mntp.fsname, "firejail.ro.file"))
-                                            break;
-                                rv[cnt] = strdup(path);
-                                if (rv[cnt] == NULL)
-                                        errExit("strdup");
-                                cnt++;
-                                found = 1;
-                                continue;
-                        }
-                        continue;
-                }
-                // from here on add all mount points below path,
-                // don't remount blacklisted paths
-                if (strncmp(mntp.dir, path, pathlen) == 0 &&
-                    mntp.dir[pathlen] == '/' &&
-                    strstr(mntp.fsname, "firejail.ro.dir") == NULL &&
-                    strstr(mntp.fsname, "firejail.ro.file") == NULL) {
-                        if (cnt == size) {
                                size *= 2;
                                rv = realloc(rv, size * sizeof(*rv));
                                if (!rv)
@@ -283,18 +263,17 @@ char **build_mount_array(const int mount_id, const char *path) {
                        rv[cnt] = strdup(mntp.dir);
                        if (rv[cnt] == NULL)
                                errExit("strdup");
-                        cnt++;
                }
-        } while (fgets(buf, MAX_BUF, fp));
+        }
+        fclose(fp);
-        if (cnt == size) {
+        // end of array
-                size++;
+        if (++cnt == size) {
+                ++size;
                rv = realloc(rv, size * sizeof(*rv));
                if (!rv)
                        errExit("realloc");
        }
-        rv[cnt] = NULL; // end of the array
+        rv[cnt] = NULL;
-        fclose(fp);
        return rv;
 }
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 9d92b6199..babc3941e 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -449,6 +449,11 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                arg_no3d = 1;
                return 0;
        }
+        else if (strcmp(ptr, "noprinters") == 0) {
+                profile_add("blacklist /dev/lp*");
+                profile_add("blacklist /run/cups/cups.sock");
+                return 0;
+        }
        else if (strcmp(ptr, "noinput") == 0) {
                arg_noinput = 1;
                return 0;
diff --git a/src/firejail/util.c b/src/firejail/util.c
index 732e93134..55dcdc246 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -484,13 +484,6 @@ int is_link(const char *fname) {
        if (*fname == '\0')
                return 0;
-        int called_as_root = 0;
-        if (geteuid() == 0)
-                called_as_root = 1;
-        if (called_as_root)
-                EUID_USER();
        // remove trailing '/' if any
        char *tmp = strdup(fname);
        if (!tmp)
@@ -498,12 +491,9 @@ int is_link(const char *fname) {
        trim_trailing_slash_or_dot(tmp);
        char c;
-        ssize_t rv = readlink(tmp, &c, 1);
+        ssize_t rv = readlink_as_user(tmp, &c, 1);
        free(tmp);
-        if (called_as_root)
-                EUID_ROOT();
        return (rv != -1);
 }
@@ -525,6 +515,24 @@ char *realpath_as_user(const char *fname) {
        return rv;
 }
+ssize_t readlink_as_user(const char *fname, char *buf, size_t sz) {
+        assert(fname && buf && sz);
+        int called_as_root = 0;
+        if (geteuid() == 0)
+                called_as_root = 1;
+        if (called_as_root)
+                EUID_USER();
+        ssize_t rv = readlink(fname, buf, sz);
+        if (called_as_root)
+                EUID_ROOT();
+        return rv;
+}
 int stat_as_user(const char *fname, struct stat *s) {
        assert(fname);
@@ -997,31 +1005,33 @@ int create_empty_dir_as_user(const char *dir, mode_t mode) {
        assert(dir);
        mode &= 07777;
-        if (access(dir, F_OK) != 0) {
+        if (access(dir, F_OK) == 0)
+                return 0;
+        pid_t child = fork();
+        if (child < 0)
+                errExit("fork");
+        if (child == 0) {
+                // drop privileges
+                drop_privs(0);
                if (arg_debug)
                        printf("Creating empty %s directory\n", dir);
-                pid_t child = fork();
+                if (mkdir(dir, mode) == 0) {
-                if (child < 0)
+                        int err = chmod(dir, mode);
-                        errExit("fork");
+                        (void) err;
-                if (child == 0) {
+                }
-                        // drop privileges
+                else if (arg_debug)
-                        drop_privs(0);
+                        printf("Directory %s not created: %s\n", dir, strerror(errno));
-                        if (mkdir(dir, mode) == 0) {
-                                int err = chmod(dir, mode);
-                                (void) err;
-                        }
-                        else if (arg_debug)
-                                printf("Directory %s not created: %s\n", dir, strerror(errno));
-                        __gcov_flush();
+                __gcov_flush();
-                        _exit(0);
+                _exit(0);
-                }
-                waitpid(child, NULL, 0);
-                if (access(dir, F_OK) == 0)
-                        return 1;
        }
+        waitpid(child, NULL, 0);
+        if (access(dir, F_OK) == 0)
+                        return 1;
        return 0;
 }
@@ -1411,7 +1421,7 @@ static int has_link(const char *dir) {
 void check_homedir(const char *dir) {
        assert(dir);
        if (dir[0] != '/') {
-                fprintf(stderr, "Error: invalid user directory \"%s\"\n", cfg.homedir);
+                fprintf(stderr, "Error: invalid user directory \"%s\"\n", dir);
                exit(1);
        }
        // symlinks are rejected in many places
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 154def585..e724e4bb9 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -310,6 +310,11 @@ regular user, nonewprivs and a default capabilities filter are enabled.
 Example:
 .br
 $ firejail \-\-chroot=/media/ubuntu warzone2100
+.br
+.br
+For automatic mounting of X11 and PulseAudio sockets set environment variables
+FIREJAIL_CHROOT_X11 and FIREJAIL_CHROOT_PULSE.
 #endif
 .TP
 \fB\-\-cpu=cpu-number,cpu-number,cpu-number
@@ -2192,6 +2197,11 @@ More information about groups can be found in /usr/share/doc/firejail/syscalls.t
 .br
 .br
+The default list can be customized, see \-\-seccomp= for a description.
+It can be customized also globally in /etc/firejail/firejail.config file.
+.br
+.br
 System architecture is strictly imposed only if flag
 \-\-seccomp.block-secondary is used. The filter is applied at run time
 only if the correct architecture was detected. For the case of I386
@@ -2206,11 +2216,7 @@ Firejail will print seccomp violations to the audit log if the kernel was compil
 Example:
 .br
 $ firejail \-\-seccomp
-.br
-.br
-The default list can be customized, see \-\-seccomp= for a description. It can be customized
-also globally in /etc/firejail/firejail.config file.
 .TP
 \fB\-\-seccomp=syscall,@group,!syscall2