1 files changed, 17 insertions, 22 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 6d01b5e5d..1a9a8df0d 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -23,7 +23,6 @@
 #include <sys/stat.h>
 #include <sys/statvfs.h>
 #include <sys/wait.h>
-#include <linux/limits.h>
 #include <fnmatch.h>
 #include <glob.h>
 #include <dirent.h>
@@ -633,34 +632,30 @@ out:
 }
 // remount recursively; requires a resolved path
-static void fs_remount_rec(const char *dir, OPERATION op) {
+static void fs_remount_rec(const char *path, OPERATION op) {
        EUID_ASSERT();
-        assert(dir);
+        assert(op < OPERATION_MAX);
+        assert(path);
-        struct stat s;
+        // no need to search /proc/self/mountinfo for submounts if not a directory
-        if (stat(dir, &s) != 0)
+        int fd = open(path, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC);
-                return;
+        if (fd < 0) {
-        if (!S_ISDIR(s.st_mode)) {
+                fs_remount_simple(path, op);
-                // no need to search in /proc/self/mountinfo for submounts if not a directory
-                fs_remount_simple(dir, op);
                return;
        }
-        // get mount point of the directory
-        int mountid = get_mount_id(dir);
+        // get mount id of the directory
-        if (mountid == -1)
+        int mountid = get_mount_id(fd);
-                return;
+        close(fd);
-        if (mountid == -2) {
+        if (mountid < 0) {
-                // falling back to a simple remount on old kernels
+                // falling back to a simple remount
-                static int mount_warning = 0;
+                fwarning("%s %s not applied recursively\n", opstr[op], path);
-                if (!mount_warning) {
+                fs_remount_simple(path, op);
-                        fwarning("read-only, read-write and noexec options are not applied recursively\n");
-                        mount_warning = 1;
-                }
-                fs_remount_simple(dir, op);
                return;
        }
        // build array with all mount points that need to get remounted
-        char **arr = build_mount_array(mountid, dir);
+        char **arr = build_mount_array(mountid, path);
        assert(arr);
        // remount
        char **tmp = arr;

diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 6d01b5e5d..1a9a8df0d 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c
@@ -23,7 +23,6 @@
23	#include <sys/stat.h>	23	#include <sys/stat.h>
24	#include <sys/statvfs.h>	24	#include <sys/statvfs.h>
25	#include <sys/wait.h>	25	#include <sys/wait.h>
26	#include <linux/limits.h>
27	#include <fnmatch.h>	26	#include <fnmatch.h>
28	#include <glob.h>	27	#include <glob.h>
29	#include <dirent.h>	28	#include <dirent.h>
@@ -633,34 +632,30 @@ out:
633	}	632	}
634		633
635	// remount recursively; requires a resolved path	634	// remount recursively; requires a resolved path
636	static void fs_remount_rec(const char *dir, OPERATION op) {	635	static void fs_remount_rec(const char *path, OPERATION op) {
637	EUID_ASSERT();	636	EUID_ASSERT();
638	assert(dir);	637	assert(op < OPERATION_MAX);
		638	assert(path);
639		639
640	struct stat s;	640	// no need to search /proc/self/mountinfo for submounts if not a directory
641	if (stat(dir, &s) != 0)	641	int fd = open(path, O_PATH\|O_DIRECTORY\|O_NOFOLLOW\|O_CLOEXEC);
642	return;	642	if (fd < 0) {
643	if (!S_ISDIR(s.st_mode)) {	643	fs_remount_simple(path, op);
644	// no need to search in /proc/self/mountinfo for submounts if not a directory
645	fs_remount_simple(dir, op);
646	return;	644	return;
647	}	645	}
648	// get mount point of the directory	646
649	int mountid = get_mount_id(dir);	647	// get mount id of the directory
650	if (mountid == -1)	648	int mountid = get_mount_id(fd);
651	return;	649	close(fd);
652	if (mountid == -2) {	650	if (mountid < 0) {
653	// falling back to a simple remount on old kernels	651	// falling back to a simple remount
654	static int mount_warning = 0;	652	fwarning("%s %s not applied recursively\n", opstr[op], path);
655	if (!mount_warning) {	653	fs_remount_simple(path, op);
656	fwarning("read-only, read-write and noexec options are not applied recursively\n");
657	mount_warning = 1;
658	}
659	fs_remount_simple(dir, op);
660	return;	654	return;
661	}	655	}
		656
662	// build array with all mount points that need to get remounted	657	// build array with all mount points that need to get remounted
663	char **arr = build_mount_array(mountid, dir);	658	char **arr = build_mount_array(mountid, path);
664	assert(arr);	659	assert(arr);
665	// remount	660	// remount
666	char **tmp = arr;	661	char **tmp = arr;