diff options
Diffstat (limited to 'src/firejail/fs.c')
-rw-r--r-- | src/firejail/fs.c | 39 |
1 files changed, 17 insertions, 22 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 6d01b5e5d..1a9a8df0d 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -23,7 +23,6 @@ | |||
23 | #include <sys/stat.h> | 23 | #include <sys/stat.h> |
24 | #include <sys/statvfs.h> | 24 | #include <sys/statvfs.h> |
25 | #include <sys/wait.h> | 25 | #include <sys/wait.h> |
26 | #include <linux/limits.h> | ||
27 | #include <fnmatch.h> | 26 | #include <fnmatch.h> |
28 | #include <glob.h> | 27 | #include <glob.h> |
29 | #include <dirent.h> | 28 | #include <dirent.h> |
@@ -633,34 +632,30 @@ out: | |||
633 | } | 632 | } |
634 | 633 | ||
635 | // remount recursively; requires a resolved path | 634 | // remount recursively; requires a resolved path |
636 | static void fs_remount_rec(const char *dir, OPERATION op) { | 635 | static void fs_remount_rec(const char *path, OPERATION op) { |
637 | EUID_ASSERT(); | 636 | EUID_ASSERT(); |
638 | assert(dir); | 637 | assert(op < OPERATION_MAX); |
638 | assert(path); | ||
639 | 639 | ||
640 | struct stat s; | 640 | // no need to search /proc/self/mountinfo for submounts if not a directory |
641 | if (stat(dir, &s) != 0) | 641 | int fd = open(path, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC); |
642 | return; | 642 | if (fd < 0) { |
643 | if (!S_ISDIR(s.st_mode)) { | 643 | fs_remount_simple(path, op); |
644 | // no need to search in /proc/self/mountinfo for submounts if not a directory | ||
645 | fs_remount_simple(dir, op); | ||
646 | return; | 644 | return; |
647 | } | 645 | } |
648 | // get mount point of the directory | 646 | |
649 | int mountid = get_mount_id(dir); | 647 | // get mount id of the directory |
650 | if (mountid == -1) | 648 | int mountid = get_mount_id(fd); |
651 | return; | 649 | close(fd); |
652 | if (mountid == -2) { | 650 | if (mountid < 0) { |
653 | // falling back to a simple remount on old kernels | 651 | // falling back to a simple remount |
654 | static int mount_warning = 0; | 652 | fwarning("%s %s not applied recursively\n", opstr[op], path); |
655 | if (!mount_warning) { | 653 | fs_remount_simple(path, op); |
656 | fwarning("read-only, read-write and noexec options are not applied recursively\n"); | ||
657 | mount_warning = 1; | ||
658 | } | ||
659 | fs_remount_simple(dir, op); | ||
660 | return; | 654 | return; |
661 | } | 655 | } |
656 | |||
662 | // build array with all mount points that need to get remounted | 657 | // build array with all mount points that need to get remounted |
663 | char **arr = build_mount_array(mountid, dir); | 658 | char **arr = build_mount_array(mountid, path); |
664 | assert(arr); | 659 | assert(arr); |
665 | // remount | 660 | // remount |
666 | char **tmp = arr; | 661 | char **tmp = arr; |