diff options
Diffstat (limited to 'src/firejail/fs_whitelist.c')
-rw-r--r-- | src/firejail/fs_whitelist.c | 38 |
1 files changed, 22 insertions, 16 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 33037da29..11e626b6e 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -554,24 +554,30 @@ void fs_whitelist(void) { | |||
554 | 554 | ||
555 | // /media mountpoint | 555 | // /media mountpoint |
556 | if (media_dir) { | 556 | if (media_dir) { |
557 | // keep a copy of real /media directory in RUN_WHITELIST_MEDIA_DIR | 557 | // some distros don't have a /media directory |
558 | int rv = mkdir(RUN_WHITELIST_MEDIA_DIR, 0755); | 558 | struct stat s; |
559 | if (rv == -1) | 559 | if (stat("/media", &s) == 0) { |
560 | errExit("mkdir"); | 560 | // keep a copy of real /media directory in RUN_WHITELIST_MEDIA_DIR |
561 | if (chown(RUN_WHITELIST_MEDIA_DIR, 0, 0) < 0) | 561 | int rv = mkdir(RUN_WHITELIST_MEDIA_DIR, 0755); |
562 | errExit("chown"); | 562 | if (rv == -1) |
563 | if (chmod(RUN_WHITELIST_MEDIA_DIR, 0755) < 0) | 563 | errExit("mkdir"); |
564 | errExit("chmod"); | 564 | if (chown(RUN_WHITELIST_MEDIA_DIR, 0, 0) < 0) |
565 | errExit("chown"); | ||
566 | if (chmod(RUN_WHITELIST_MEDIA_DIR, 0755) < 0) | ||
567 | errExit("chmod"); | ||
565 | 568 | ||
566 | if (mount("/media", RUN_WHITELIST_MEDIA_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) | 569 | if (mount("/media", RUN_WHITELIST_MEDIA_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) |
567 | errExit("mount bind"); | 570 | errExit("mount bind"); |
568 | 571 | ||
569 | // mount tmpfs on /media | 572 | // mount tmpfs on /media |
570 | if (arg_debug || arg_debug_whitelists) | 573 | if (arg_debug || arg_debug_whitelists) |
571 | printf("Mounting tmpfs on /media directory\n"); | 574 | printf("Mounting tmpfs on /media directory\n"); |
572 | if (mount("tmpfs", "/media", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) | 575 | if (mount("tmpfs", "/media", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) |
573 | errExit("mounting tmpfs on /media"); | 576 | errExit("mounting tmpfs on /media"); |
574 | fs_logger("tmpfs /media"); | 577 | fs_logger("tmpfs /media"); |
578 | } | ||
579 | else | ||
580 | media_dir = 0; | ||
575 | } | 581 | } |
576 | 582 | ||
577 | // /var mountpoint | 583 | // /var mountpoint |