diff options
Diffstat (limited to 'src/firejail/fs_whitelist.c')
| -rw-r--r-- | src/firejail/fs_whitelist.c | 28 |
1 files changed, 15 insertions, 13 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index ba6c8cd74..926e5415c 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
| @@ -181,11 +181,15 @@ static void whitelist_path(ProfileEntry *entry) { | |||
| 181 | char *wfile = NULL; | 181 | char *wfile = NULL; |
| 182 | 182 | ||
| 183 | if (entry->home_dir) { | 183 | if (entry->home_dir) { |
| 184 | fname = path + strlen(cfg.homedir); | 184 | if (strncmp(path, cfg.homedir, strlen(cfg.homedir)) == 0) { |
| 185 | if (*fname == '\0') { | 185 | fname = path + strlen(cfg.homedir); |
| 186 | fprintf(stderr, "Error: file %s is not in user home directory, exiting...\n", path); | 186 | if (*fname == '\0') { |
| 187 | exit(1); | 187 | fprintf(stderr, "Error: file %s is not in user home directory, exiting...\n", path); |
| 188 | exit(1); | ||
| 189 | } | ||
| 188 | } | 190 | } |
| 191 | else | ||
| 192 | fname = path; | ||
| 189 | 193 | ||
| 190 | if (asprintf(&wfile, "%s/%s", RUN_WHITELIST_HOME_USER_DIR, fname) == -1) | 194 | if (asprintf(&wfile, "%s/%s", RUN_WHITELIST_HOME_USER_DIR, fname) == -1) |
| 191 | errExit("asprintf"); | 195 | errExit("asprintf"); |
| @@ -248,9 +252,6 @@ static void whitelist_path(ProfileEntry *entry) { | |||
| 248 | printf("Whitelisting %s\n", path); | 252 | printf("Whitelisting %s\n", path); |
| 249 | } | 253 | } |
| 250 | else { | 254 | else { |
| 251 | if (arg_debug || arg_debug_whitelists) { | ||
| 252 | fprintf(stderr, "Warning (whitelisting): %s is an invalid file, skipping...\n", path); | ||
| 253 | } | ||
| 254 | return; | 255 | return; |
| 255 | } | 256 | } |
| 256 | 257 | ||
| @@ -390,13 +391,14 @@ void fs_whitelist(void) { | |||
| 390 | 391 | ||
| 391 | entry->home_dir = 1; | 392 | entry->home_dir = 1; |
| 392 | home_dir = 1; | 393 | home_dir = 1; |
| 394 | if (arg_debug) | ||
| 395 | fprintf(stderr, "Debug %d: fname #%s#, cfg.homedir #%s#\n", | ||
| 396 | __LINE__, fname, cfg.homedir); | ||
| 397 | |||
| 393 | // both path and absolute path are under /home | 398 | // both path and absolute path are under /home |
| 394 | if (strncmp(fname, cfg.homedir, strlen(cfg.homedir)) != 0) { | 399 | // if (strncmp(fname, cfg.homedir, strlen(cfg.homedir)) != 0) { |
| 395 | if (arg_debug) | 400 | // goto errexit; |
| 396 | fprintf(stderr, "Debug %d: fname #%s#, cfg.homedir #%s#\n", | 401 | // } |
| 397 | __LINE__, fname, cfg.homedir); | ||
| 398 | goto errexit; | ||
| 399 | } | ||
| 400 | } | 402 | } |
| 401 | else if (strncmp(new_name, "/tmp/", 5) == 0) { | 403 | else if (strncmp(new_name, "/tmp/", 5) == 0) { |
| 402 | entry->tmp_dir = 1; | 404 | entry->tmp_dir = 1; |