1 files changed, 6 insertions, 15 deletions
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index f61d43c29..ec6dab947 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -287,17 +287,9 @@ void fs_private_homedir(void) {
                exit(1);
        }
        // mount via the links in /proc/self/fd
-        char *proc_src, *proc_dst;
+        if (bind_mount_by_fd(src, dst))
-        if (asprintf(&proc_src, "/proc/self/fd/%d", src) == -1)
-                errExit("asprintf");
-        if (asprintf(&proc_dst, "/proc/self/fd/%d", dst) == -1)
-                errExit("asprintf");
-        if (mount(proc_src, proc_dst, NULL, MS_NOSUID | MS_NODEV | MS_BIND | MS_REC, NULL) < 0)
                errExit("mount bind");
-        free(proc_src);
-        free(proc_dst);
-        close(src);
-        close(dst);
        // check /proc/self/mountinfo to confirm the mount is ok
        MountData *mptr = get_last_mount();
        size_t len = strlen(homedir);
@@ -305,6 +297,8 @@ void fs_private_homedir(void) {
           (*(mptr->dir + len) != '\0' && *(mptr->dir + len) != '/'))
                errLogExit("invalid private mount");
+        close(src);
+        close(dst);
        fs_logger3("mount-bind", private_homedir, homedir);
        fs_logger2("whitelist", homedir);
 // preserve mode and ownership
@@ -590,13 +584,10 @@ void fs_private_home_list(void) {
                exit(1);
        }
        // mount using the file descriptor
-        char *proc;
+        if (bind_mount_path_to_fd(RUN_HOME_DIR, fd))
-        if (asprintf(&proc, "/proc/self/fd/%d", fd) == -1)
-                errExit("asprintf");
-        if (mount(RUN_HOME_DIR, proc, NULL, MS_BIND|MS_REC, NULL) < 0)
                errExit("mount bind");
-        free(proc);
        close(fd);
        // check /proc/self/mountinfo to confirm the mount is ok
        MountData *mptr = get_last_mount();
        if (strcmp(mptr->dir, homedir) != 0 || strcmp(mptr->fstype, "tmpfs") != 0)

diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index f61d43c29..ec6dab947 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c
@@ -287,17 +287,9 @@ void fs_private_homedir(void) {
287	exit(1);	287	exit(1);
288	}	288	}
289	// mount via the links in /proc/self/fd	289	// mount via the links in /proc/self/fd
290	char proc_src, proc_dst;	290	if (bind_mount_by_fd(src, dst))
291	if (asprintf(&proc_src, "/proc/self/fd/%d", src) == -1)
292	errExit("asprintf");
293	if (asprintf(&proc_dst, "/proc/self/fd/%d", dst) == -1)
294	errExit("asprintf");
295	if (mount(proc_src, proc_dst, NULL, MS_NOSUID \| MS_NODEV \| MS_BIND \| MS_REC, NULL) < 0)
296	errExit("mount bind");	291	errExit("mount bind");
297	free(proc_src);	292
298	free(proc_dst);
299	close(src);
300	close(dst);
301	// check /proc/self/mountinfo to confirm the mount is ok	293	// check /proc/self/mountinfo to confirm the mount is ok
302	MountData *mptr = get_last_mount();	294	MountData *mptr = get_last_mount();
303	size_t len = strlen(homedir);	295	size_t len = strlen(homedir);
@@ -305,6 +297,8 @@ void fs_private_homedir(void) {
305	((mptr->dir + len) != '\0' && (mptr->dir + len) != '/'))	297	((mptr->dir + len) != '\0' && (mptr->dir + len) != '/'))
306	errLogExit("invalid private mount");	298	errLogExit("invalid private mount");
307		299
		300	close(src);
		301	close(dst);
308	fs_logger3("mount-bind", private_homedir, homedir);	302	fs_logger3("mount-bind", private_homedir, homedir);
309	fs_logger2("whitelist", homedir);	303	fs_logger2("whitelist", homedir);
310	// preserve mode and ownership	304	// preserve mode and ownership
@@ -590,13 +584,10 @@ void fs_private_home_list(void) {
590	exit(1);	584	exit(1);
591	}	585	}
592	// mount using the file descriptor	586	// mount using the file descriptor
593	char *proc;	587	if (bind_mount_path_to_fd(RUN_HOME_DIR, fd))
594	if (asprintf(&proc, "/proc/self/fd/%d", fd) == -1)
595	errExit("asprintf");
596	if (mount(RUN_HOME_DIR, proc, NULL, MS_BIND\|MS_REC, NULL) < 0)
597	errExit("mount bind");	588	errExit("mount bind");
598	free(proc);
599	close(fd);	589	close(fd);
		590
600	// check /proc/self/mountinfo to confirm the mount is ok	591	// check /proc/self/mountinfo to confirm the mount is ok
601	MountData *mptr = get_last_mount();	592	MountData *mptr = get_last_mount();
602	if (strcmp(mptr->dir, homedir) != 0 \|\| strcmp(mptr->fstype, "tmpfs") != 0)	593	if (strcmp(mptr->dir, homedir) != 0 \|\| strcmp(mptr->fstype, "tmpfs") != 0)