7 files changed, 39 insertions, 3 deletions
diff --git a/README b/README
index a5a92a9d7..aa8e523a3 100644
--- a/README
+++ b/README
@@ -138,6 +138,9 @@ emacsomancer (https://github.com/emacsomancer)
        - added profile for Conkeror browser
 eventyrer (https://github.com/eventyrer)
        - update gnome-mplayer.profile
+Fabian Würfl (https://github.com/BafDyce)
+        - fixed race condition when creating a new directory
+        - Liferea profile
 Felipe Barriga Richards (https://github.com/fbarriga)
        - --private-etc fix
 Franco (nextime) Lanza (https://github.com/nextime)
diff --git a/README.md b/README.md
index 674664b0d..affd4beca 100644
--- a/README.md
+++ b/README.md
@@ -97,5 +97,5 @@ Use this issue to request new profiles: [#1139](https://github.com/netblue30/fir
 ## New profiles:
-curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, Geary
+curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, Geary, Liferea
diff --git a/RELNOTES b/RELNOTES
index efe4170c7..92ac18618 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,7 +1,7 @@
 firejail (0.9.49) baseline; urgency=low
  * work in progress!
  * new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite,
-  * new profiles: Geary
+  * new profiles: Geary, Liferea
  * bugfixes
 -- netblue30 <netblue30@yahoo.com>  Mon, 12 Jun 2017 20:00:00 -0500
diff --git a/etc/liferea.profile b/etc/liferea.profile
new file mode 100644
index 000000000..92b3b8f88
--- /dev/null
+++ b/etc/liferea.profile
@@ -0,0 +1,29 @@
+# Persistent global definitions go here
+include /etc/firejail/global.local
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/liferea.local
+#######################
+# profile for Liferea #
+#######################
+noblacklist ~/.config/liferea
+mkdir ~/.config/liferea
+whitelist ~/.config/liferea
+noblacklist ~/.local/share/liferea
+mkdir ~/.local/share/liferea
+whitelist ~/.local/share/liferea
+noblacklist ~/.cache/liferea
+mkdir ~/.cache/liferea
+whitelist ~/.cache/liferea
+include /etc/firejail/whitelist-common.inc
+include /etc/firejail/default.profile
+nogroups
+shell none
+private-dev
+private-tmp
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index a8f597b07..214f4f885 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -316,3 +316,4 @@
 /etc/firejail/ghb.profile
 /etc/firejail/kwrite.profile
 /etc/firejail/geary.profile
+/etc/firejail/liferea.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 6a93f4976..c616f040c 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -142,6 +142,7 @@ kwrite
 leafpad
 less
 libreoffice
+liferea
 localc
 lodraw
 loffice
diff --git a/src/firejail/util.c b/src/firejail/util.c
index acbc19234..9ad7271ba 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -821,7 +821,9 @@ void create_empty_dir_as_root(const char *dir, mode_t mode) {
                if (arg_debug)
                        printf("Creating empty %s directory\n", dir);
                /* coverity[toctou] */
-                if (mkdir(dir, mode) == -1)
+                // don't fail if directory already exists. This can be the case in a race
+                // condition, when two jails launch at the same time. See #1013
+                if (mkdir(dir, mode) == -1 && errno != EEXIST)
                        errExit("mkdir");
                if (set_perms(dir, 0, 0, mode))
                        errExit("set_perms");

diff --git a/README b/README index a5a92a9d7..aa8e523a3 100644 --- a/README +++ b/README
@@ -138,6 +138,9 @@ emacsomancer (https://github.com/emacsomancer)
138	- added profile for Conkeror browser	138	- added profile for Conkeror browser
139	eventyrer (https://github.com/eventyrer)	139	eventyrer (https://github.com/eventyrer)
140	- update gnome-mplayer.profile	140	- update gnome-mplayer.profile
		141	Fabian Würfl (https://github.com/BafDyce)
		142	- fixed race condition when creating a new directory
		143	- Liferea profile
141	Felipe Barriga Richards (https://github.com/fbarriga)	144	Felipe Barriga Richards (https://github.com/fbarriga)
142	- --private-etc fix	145	- --private-etc fix
143	Franco (nextime) Lanza (https://github.com/nextime)	146	Franco (nextime) Lanza (https://github.com/nextime)


diff --git a/README.md b/README.md index 674664b0d..affd4beca 100644 --- a/README.md +++ b/README.md
@@ -97,5 +97,5 @@ Use this issue to request new profiles: [#1139](https://github.com/netblue30/fir
97		97
98	## New profiles:	98	## New profiles:
99		99
100	curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, Geary	100	curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, Geary, Liferea
101		101


diff --git a/RELNOTES b/RELNOTES index efe4170c7..92ac18618 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -1,7 +1,7 @@
1	firejail (0.9.49) baseline; urgency=low	1	firejail (0.9.49) baseline; urgency=low
2	* work in progress!	2	* work in progress!
3	* new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite,	3	* new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite,
4	* new profiles: Geary	4	* new profiles: Geary, Liferea
5	* bugfixes	5	* bugfixes
6	-- netblue30 <netblue30@yahoo.com> Mon, 12 Jun 2017 20:00:00 -0500	6	-- netblue30 <netblue30@yahoo.com> Mon, 12 Jun 2017 20:00:00 -0500
7		7


diff --git a/etc/liferea.profile b/etc/liferea.profile new file mode 100644 index 000000000..92b3b8f88 --- /dev/null +++ b/etc/liferea.profile
@@ -0,0 +1,29 @@
		1	# Persistent global definitions go here
		2	include /etc/firejail/global.local
		3
		4	# This file is overwritten during software install.
		5	# Persistent customizations should go in a .local file.
		6	include /etc/firejail/liferea.local
		7
		8	#######################
		9	# profile for Liferea #
		10	#######################
		11	noblacklist ~/.config/liferea
		12	mkdir ~/.config/liferea
		13	whitelist ~/.config/liferea
		14
		15	noblacklist ~/.local/share/liferea
		16	mkdir ~/.local/share/liferea
		17	whitelist ~/.local/share/liferea
		18
		19	noblacklist ~/.cache/liferea
		20	mkdir ~/.cache/liferea
		21	whitelist ~/.cache/liferea
		22
		23	include /etc/firejail/whitelist-common.inc
		24	include /etc/firejail/default.profile
		25
		26	nogroups
		27	shell none
		28	private-dev
		29	private-tmp


diff --git a/platform/debian/conffiles b/platform/debian/conffiles index a8f597b07..214f4f885 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles
@@ -316,3 +316,4 @@
316	/etc/firejail/ghb.profile	316	/etc/firejail/ghb.profile
317	/etc/firejail/kwrite.profile	317	/etc/firejail/kwrite.profile
318	/etc/firejail/geary.profile	318	/etc/firejail/geary.profile
		319	/etc/firejail/liferea.profile


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 6a93f4976..c616f040c 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -142,6 +142,7 @@ kwrite
142	leafpad	142	leafpad
143	less	143	less
144	libreoffice	144	libreoffice
		145	liferea
145	localc	146	localc
146	lodraw	147	lodraw
147	loffice	148	loffice


diff --git a/src/firejail/util.c b/src/firejail/util.c index acbc19234..9ad7271ba 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c
@@ -821,7 +821,9 @@ void create_empty_dir_as_root(const char *dir, mode_t mode) {
821	if (arg_debug)	821	if (arg_debug)
822	printf("Creating empty %s directory\n", dir);	822	printf("Creating empty %s directory\n", dir);
823	/* coverity[toctou] */	823	/* coverity[toctou] */
824	if (mkdir(dir, mode) == -1)	824	// don't fail if directory already exists. This can be the case in a race
		825	// condition, when two jails launch at the same time. See #1013
		826	if (mkdir(dir, mode) == -1 && errno != EEXIST)
825	errExit("mkdir");	827	errExit("mkdir");
826	if (set_perms(dir, 0, 0, mode))	828	if (set_perms(dir, 0, 0, mode))
827	errExit("set_perms");	829	errExit("set_perms");