1 files changed, 20 insertions, 13 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index e57038ee0..4ae7dbfa4 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -171,21 +171,28 @@ static void disable_file(OPERATION op, const char *filename) {
                fs_remount_rec(fname, op);
        }
        else if (op == MOUNT_TMPFS) {
-                if (S_ISDIR(s.st_mode)) {
+                if (!S_ISDIR(s.st_mode)) {
-                        if (getuid()) {
+                        fwarning("%s is not a directory; cannot mount a tmpfs on top of it.\n", fname);
-                                if (strncmp(cfg.homedir, fname, strlen(cfg.homedir)) != 0 ||
+                        free(fname);
-                                    fname[strlen(cfg.homedir)] != '/') {
+                        return;
-                                        fprintf(stderr, "Error: tmpfs outside $HOME is only available for root\n");
+                }
-                                        exit(1);
-                                }
+                uid_t uid = getuid();
+                if (uid != 0) {
+                        // only user owned directories in user home
+                        if (s.st_uid != uid ||
+                            strncmp(cfg.homedir, fname, strlen(cfg.homedir)) != 0 ||
+                            fname[strlen(cfg.homedir)] != '/') {
+                                fwarning("you are not allowed to mount a tmpfs on %s\n", fname);
+                                free(fname);
+                                return;
                        }
-                        // fs_tmpfs returns with EUID 0
-                        fs_tmpfs(fname, getuid());
-                        selinux_relabel_path(fname, fname);
-                        EUID_USER();
                }
-                else
-                        fwarning("%s is not a directory; cannot mount a tmpfs on top of it.\n", fname);
+                fs_tmpfs(fname, uid);
+                EUID_USER(); // fs_tmpfs returns with EUID 0
+                selinux_relabel_path(fname, fname);
        }
        else
                assert(0);

diff --git a/src/firejail/fs.c b/src/firejail/fs.c index e57038ee0..4ae7dbfa4 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c
@@ -171,21 +171,28 @@ static void disable_file(OPERATION op, const char *filename) {
171	fs_remount_rec(fname, op);	171	fs_remount_rec(fname, op);
172	}	172	}
173	else if (op == MOUNT_TMPFS) {	173	else if (op == MOUNT_TMPFS) {
174	if (S_ISDIR(s.st_mode)) {	174	if (!S_ISDIR(s.st_mode)) {
175	if (getuid()) {	175	fwarning("%s is not a directory; cannot mount a tmpfs on top of it.\n", fname);
176	if (strncmp(cfg.homedir, fname, strlen(cfg.homedir)) != 0 \|\|	176	free(fname);
177	fname[strlen(cfg.homedir)] != '/') {	177	return;
178	fprintf(stderr, "Error: tmpfs outside $HOME is only available for root\n");	178	}
179	exit(1);	179
180	}	180	uid_t uid = getuid();
		181	if (uid != 0) {
		182	// only user owned directories in user home
		183	if (s.st_uid != uid \|\|
		184	strncmp(cfg.homedir, fname, strlen(cfg.homedir)) != 0 \|\|
		185	fname[strlen(cfg.homedir)] != '/') {
		186	fwarning("you are not allowed to mount a tmpfs on %s\n", fname);
		187	free(fname);
		188	return;
181	}	189	}
182	// fs_tmpfs returns with EUID 0
183	fs_tmpfs(fname, getuid());
184	selinux_relabel_path(fname, fname);
185	EUID_USER();
186	}	190	}
187	else	191
188	fwarning("%s is not a directory; cannot mount a tmpfs on top of it.\n", fname);	192	fs_tmpfs(fname, uid);
		193	EUID_USER(); // fs_tmpfs returns with EUID 0
		194
		195	selinux_relabel_path(fname, fname);
189	}	196	}
190	else	197	else
191	assert(0);	198	assert(0);