From 39160643721f76d99cf24aea63ee9ec35d4f4d70 Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Sun, 26 Jan 2020 13:43:30 +0100
Subject: fix read-only=/

---
 src/firejail/fs.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 316057ec5..ce1ee4618 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -521,12 +521,16 @@ void fs_remount(const char *dir, OPERATION op, unsigned check_mnt) {
 		if (mount(dir, dir, NULL, MS_BIND|MS_REC, NULL) < 0 ||
 		    mount(NULL, dir, NULL, flags|MS_BIND|MS_REMOUNT, NULL) < 0)
 			errExit("remounting");
+		// run a sanity check on /proc/self/mountinfo
 		if (check_mnt) {
-			// run a sanity check on /proc/self/mountinfo
+			// confirm target of the last mount operation was dir; if there are other
+			// mount points contained inside dir, one of those will show up as target
+			// of the last mount operation instead
 			MountData *mptr = get_last_mount();
 			size_t len = strlen(dir);
-			if (strncmp(mptr->dir, dir, len) != 0 ||
+			if ((strncmp(mptr->dir, dir, len) != 0 ||
 			   (*(mptr->dir + len) != '\0' && *(mptr->dir + len) != '/'))
+			   && strcmp(dir, "/") != 0) // support read-only=/
 				errLogExit("invalid %s mount", opstr[op]);
 		}
 		fs_logger2(opstr[op], dir);
-- 
cgit v1.2.3-54-g00ecf