From a375511686701ab2094980804f4c81ea06c3469b Mon Sep 17 00:00:00 2001 From: smitsohu Date: Tue, 2 Oct 2018 17:31:12 +0200 Subject: incomplete fix: whitelisting of symlinks to other home dirs belongs to previous commit 51eeef2059f00de117472046601e10a9fd958d51 short summary of the new behavior, which should catch a few corner cases better: - a non-existant file in another homedir (say homedirs are "/foo/user" and "/foo/user2") is silently ignored (previously a tmpfs was mounted on the users homedir, which was wrong) - a symlink pointing to an existing file in another homedir now works (but the link will be always dangling; you need --allusers to see this) - a symlink pointing back to the entire homedir now works as expected --- src/firejail/fs_whitelist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 2d4640430..6dd4a7e2d 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c @@ -430,7 +430,7 @@ void fs_whitelist(void) { // if 1 the file was not found; mount an empty directory if (!nowhitelist_flag) { - if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0) { + if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0 && new_name[strlen(cfg.homedir)] == '/') { if(!arg_private) home_dir = 1; } -- cgit v1.2.3-70-g09d2