diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/sandbox.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index f26f8b06a..d1557e8b2 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -742,6 +742,20 @@ int sandbox(void* sandbox_arg) { | |||
742 | else { | 742 | else { |
743 | // private-tmp is implemented as a whitelist | 743 | // private-tmp is implemented as a whitelist |
744 | EUID_USER(); | 744 | EUID_USER(); |
745 | // check XAUTHORITY file, KDE keeps it under /tmp | ||
746 | char *xauth = getenv("XAUTHORITY"); | ||
747 | if (xauth) { | ||
748 | char *rp = realpath(xauth, NULL); | ||
749 | if (rp && strncmp(rp, "/tmp/", 5) == 0) { | ||
750 | char *cmd; | ||
751 | if (asprintf(&cmd, "whitelist %s", rp) == -1) | ||
752 | errExit("asprintf"); | ||
753 | profile_add(cmd); // profile_add does not duplicate the string | ||
754 | } | ||
755 | if (rp) | ||
756 | free(rp); | ||
757 | } | ||
758 | // whitelist x11 directory | ||
745 | profile_add("whitelist /tmp/.X11-unix"); | 759 | profile_add("whitelist /tmp/.X11-unix"); |
746 | EUID_ROOT(); | 760 | EUID_ROOT(); |
747 | } | 761 | } |