diff options
Diffstat (limited to 'src/firejail/fs_home.c')
-rw-r--r-- | src/firejail/fs_home.c | 21 |
1 files changed, 6 insertions, 15 deletions
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index f61d43c29..ec6dab947 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -287,17 +287,9 @@ void fs_private_homedir(void) { | |||
287 | exit(1); | 287 | exit(1); |
288 | } | 288 | } |
289 | // mount via the links in /proc/self/fd | 289 | // mount via the links in /proc/self/fd |
290 | char *proc_src, *proc_dst; | 290 | if (bind_mount_by_fd(src, dst)) |
291 | if (asprintf(&proc_src, "/proc/self/fd/%d", src) == -1) | ||
292 | errExit("asprintf"); | ||
293 | if (asprintf(&proc_dst, "/proc/self/fd/%d", dst) == -1) | ||
294 | errExit("asprintf"); | ||
295 | if (mount(proc_src, proc_dst, NULL, MS_NOSUID | MS_NODEV | MS_BIND | MS_REC, NULL) < 0) | ||
296 | errExit("mount bind"); | 291 | errExit("mount bind"); |
297 | free(proc_src); | 292 | |
298 | free(proc_dst); | ||
299 | close(src); | ||
300 | close(dst); | ||
301 | // check /proc/self/mountinfo to confirm the mount is ok | 293 | // check /proc/self/mountinfo to confirm the mount is ok |
302 | MountData *mptr = get_last_mount(); | 294 | MountData *mptr = get_last_mount(); |
303 | size_t len = strlen(homedir); | 295 | size_t len = strlen(homedir); |
@@ -305,6 +297,8 @@ void fs_private_homedir(void) { | |||
305 | (*(mptr->dir + len) != '\0' && *(mptr->dir + len) != '/')) | 297 | (*(mptr->dir + len) != '\0' && *(mptr->dir + len) != '/')) |
306 | errLogExit("invalid private mount"); | 298 | errLogExit("invalid private mount"); |
307 | 299 | ||
300 | close(src); | ||
301 | close(dst); | ||
308 | fs_logger3("mount-bind", private_homedir, homedir); | 302 | fs_logger3("mount-bind", private_homedir, homedir); |
309 | fs_logger2("whitelist", homedir); | 303 | fs_logger2("whitelist", homedir); |
310 | // preserve mode and ownership | 304 | // preserve mode and ownership |
@@ -590,13 +584,10 @@ void fs_private_home_list(void) { | |||
590 | exit(1); | 584 | exit(1); |
591 | } | 585 | } |
592 | // mount using the file descriptor | 586 | // mount using the file descriptor |
593 | char *proc; | 587 | if (bind_mount_path_to_fd(RUN_HOME_DIR, fd)) |
594 | if (asprintf(&proc, "/proc/self/fd/%d", fd) == -1) | ||
595 | errExit("asprintf"); | ||
596 | if (mount(RUN_HOME_DIR, proc, NULL, MS_BIND|MS_REC, NULL) < 0) | ||
597 | errExit("mount bind"); | 588 | errExit("mount bind"); |
598 | free(proc); | ||
599 | close(fd); | 589 | close(fd); |
590 | |||
600 | // check /proc/self/mountinfo to confirm the mount is ok | 591 | // check /proc/self/mountinfo to confirm the mount is ok |
601 | MountData *mptr = get_last_mount(); | 592 | MountData *mptr = get_last_mount(); |
602 | if (strcmp(mptr->dir, homedir) != 0 || strcmp(mptr->fstype, "tmpfs") != 0) | 593 | if (strcmp(mptr->dir, homedir) != 0 || strcmp(mptr->fstype, "tmpfs") != 0) |