From bdf8118dd69a6ef734b3fdefccfc7374398723f5 Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Mon, 1 Oct 2018 17:13:12 +0200
Subject: mount empty home if macro can't be whitelisted

---
 src/firejail/firejail.h     |  1 +
 src/firejail/fs_whitelist.c | 16 ++++++++++------
 src/firejail/macros.c       |  2 +-
 3 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 389bdbbcb..1b34a882d 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -498,6 +498,7 @@ char *expand_home(const char *path, const char *homedir);
 char *resolve_macro(const char *name);
 void invalid_filename(const char *fname, int globbing);
 int is_macro(const char *name);
+int macro_id(const char *name);
 
 
 // util.c
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 86a901506..2d4640430 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -372,12 +372,16 @@ void fs_whitelist(void) {
 		assert(new_name);
 
 		// skip command if resolving the macro was not successful
-		if (is_macro(new_name)) {
-			if (!nowhitelist_flag && !arg_quiet && !arg_private) {
-				fprintf(stderr, "***\n");
-				fprintf(stderr, "*** Warning: cannot whitelist %s directory\n", new_name);
-				fprintf(stderr, "*** Any file saved in this directory will be lost when the sandbox is closed.\n");
-				fprintf(stderr, "***\n");
+		if (is_macro(new_name) && macro_id(new_name) > -1) {
+			// mount empty home directory and print a warning
+			if (!nowhitelist_flag && !arg_private) {
+				home_dir = 1;
+				if (!arg_quiet) {
+					fprintf(stderr, "***\n");
+					fprintf(stderr, "*** Warning: cannot whitelist %s directory\n", new_name);
+					fprintf(stderr, "*** Any file saved in this directory will be lost when the sandbox is closed.\n");
+					fprintf(stderr, "***\n");
+				}
 			}
 			entry->data = EMPTY_STRING;
 			entry = entry->next;
diff --git a/src/firejail/macros.c b/src/firejail/macros.c
index 27893938f..4bf3d3589 100644
--- a/src/firejail/macros.c
+++ b/src/firejail/macros.c
@@ -69,7 +69,7 @@ Macro macro[] = {
 };
 
 // return -1 if not found
-static int macro_id(const char *name) {
+int macro_id(const char *name) {
 	int i = 0;
 	while (macro[i].name != NULL) {
 		if (strcmp(name, macro[i].name) == 0)
-- 
cgit v1.2.3-70-g09d2