diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs_home.c | 51 |
1 files changed, 23 insertions, 28 deletions
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index af891d61f..8c7c19203 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -360,43 +360,38 @@ void fs_private(void) { | |||
360 | selinux_relabel_path("/root", "/root"); | 360 | selinux_relabel_path("/root", "/root"); |
361 | fs_logger("tmpfs /root"); | 361 | fs_logger("tmpfs /root"); |
362 | 362 | ||
363 | if (arg_allusers) { | 363 | // mask /home |
364 | if (u != 0) | 364 | if (!arg_allusers) { |
365 | // mask user home directory | ||
366 | // the directory should be owned by the current user | ||
367 | fs_tmpfs(homedir, 1); | ||
368 | } | ||
369 | else { // mask /home | ||
370 | if (arg_debug) | 365 | if (arg_debug) |
371 | printf("Mounting a new /home directory\n"); | 366 | printf("Mounting a new /home directory\n"); |
372 | if (mount("tmpfs", "/home", "tmpfs", MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_STRICTATIME, "mode=755,gid=0") < 0) | 367 | if (mount("tmpfs", "/home", "tmpfs", MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_STRICTATIME, "mode=755,gid=0") < 0) |
373 | errExit("mounting /home directory"); | 368 | errExit("mounting /home directory"); |
374 | selinux_relabel_path("/home", "/home"); | 369 | selinux_relabel_path("/home", "/home"); |
375 | fs_logger("tmpfs /home"); | 370 | fs_logger("tmpfs /home"); |
371 | } | ||
376 | 372 | ||
377 | if (u != 0) { | 373 | if (u != 0) { |
378 | if (strncmp(homedir, "/home/", 6) == 0) { | 374 | if (!arg_allusers && strncmp(homedir, "/home/", 6) == 0) { |
379 | // create /home/user | 375 | // create new empty /home/user directory |
380 | if (arg_debug) | 376 | if (arg_debug) |
381 | printf("Create a new user directory\n"); | 377 | printf("Create a new user directory\n"); |
382 | if (mkdir(homedir, S_IRWXU) == -1) { | 378 | if (mkdir(homedir, S_IRWXU) == -1) { |
383 | if (mkpath_as_root(homedir) == -1) | 379 | if (mkpath_as_root(homedir) == -1) |
384 | errExit("mkpath"); | 380 | errExit("mkpath"); |
385 | if (mkdir(homedir, S_IRWXU) == -1 && errno != EEXIST) | 381 | if (mkdir(homedir, S_IRWXU) == -1) |
386 | errExit("mkdir"); | 382 | errExit("mkdir"); |
387 | } | ||
388 | if (chown(homedir, u, g) < 0) | ||
389 | errExit("chown"); | ||
390 | |||
391 | selinux_relabel_path(homedir, homedir); | ||
392 | fs_logger2("mkdir", homedir); | ||
393 | fs_logger2("tmpfs", homedir); | ||
394 | } | 383 | } |
395 | else | 384 | if (chown(homedir, u, g) < 0) |
396 | // mask user home directory | 385 | errExit("chown"); |
397 | // the directory should be owned by the current user | 386 | |
398 | fs_tmpfs(homedir, 1); | 387 | selinux_relabel_path(homedir, homedir); |
388 | fs_logger2("mkdir", homedir); | ||
389 | fs_logger2("tmpfs", homedir); | ||
399 | } | 390 | } |
391 | else | ||
392 | // mask user home directory | ||
393 | // the directory should be owned by the current user | ||
394 | fs_tmpfs(homedir, 1); | ||
400 | } | 395 | } |
401 | 396 | ||
402 | skel(homedir, u, g); | 397 | skel(homedir, u, g); |