From 3813d1c47e6ac48b23c2a401e65b7a412f5de5f6 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Thu, 13 Apr 2017 07:02:44 -0400
Subject: fix /sys handling for overlayfs and chroot

---
 src/firejail/fs.c         | 10 ++++------
 test/chroot/configure     |  2 +-
 test/chroot/fs_chroot.exp |  8 ++++++++
 test/overlay/fs.exp       |  8 ++++++++
 4 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 71cefffe0..f6aba7048 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -502,12 +502,10 @@ void fs_proc_sys_dev_boot(void) {
 		printf("Remounting /sys directory\n");
 	if (umount2("/sys", MNT_DETACH) < 0)
 		fprintf(stderr, "Warning: failed to unmount /sys\n");
-	else {
-		if (mount("sysfs", "/sys", "sysfs", MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REC, NULL) < 0)
-			fprintf(stderr, "Warning: failed to mount /sys\n");
-		else
-			fs_logger("remount /sys");
-	}
+	if (mount("sysfs", "/sys", "sysfs", MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REC, NULL) < 0)
+		fprintf(stderr, "Warning: failed to mount /sys\n");
+	else
+		fs_logger("remount /sys");
 		
 	disable_file(BLACKLIST_FILE, "/sys/firmware");
 	disable_file(BLACKLIST_FILE, "/sys/hypervisor");
diff --git a/test/chroot/configure b/test/chroot/configure
index ba8238803..26a516931 100755
--- a/test/chroot/configure
+++ b/test/chroot/configure
@@ -8,7 +8,7 @@ DEFAULT_FILES+=`find /lib -name libnss*`	# files required by glibc
 DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /sbin/ifconfig /usr/bin/touch /bin/ip /bin/hostname /bin/grep /usr/bin/dig /usr/bin/openssl /usr/bin/id /usr/bin/getent /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount"
 
 rm -fr $ROOTDIR
-mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc}
+mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc,sys}
 chmod 777 $ROOTDIR/tmp
 mkdir -p $ROOTDIR/etc/firejail
 mkdir -p $ROOTDIR/home/netblue/.config/firejail
diff --git a/test/chroot/fs_chroot.exp b/test/chroot/fs_chroot.exp
index 295ff8ff9..2190db359 100755
--- a/test/chroot/fs_chroot.exp
+++ b/test/chroot/fs_chroot.exp
@@ -49,6 +49,14 @@ expect {
 }
 after 100
 
+# check /sys directory
+send -- "ls /sys\r"
+expect {
+	timeout {puts "TESTING ERROR 6\n";exit}
+	"block"
+}
+after 100
+
 
 puts "all done\n"
 
diff --git a/test/overlay/fs.exp b/test/overlay/fs.exp
index 15ada9203..15828f437 100755
--- a/test/overlay/fs.exp
+++ b/test/overlay/fs.exp
@@ -40,7 +40,15 @@ expect {
 	"xyzxyzxyz" {puts "TESTING ERROR 5.1\n";exit}
 	"done"
 }
+after 100
 
+# check /sys directory
+send -- "ls /sys\r"
+expect {
+	timeout {puts "TESTING ERROR 6\n";exit}
+	"block"
+}
 after 100
+
 puts "\nall done\n"
 
-- 
cgit v1.2.3-54-g00ecf