From edfccb3f673541557d90aca13d7e2cbde2b0aeb8 Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Sat, 27 Jul 2019 16:24:28 +0200
Subject: fix private-tmp/pam-tmpdir interaction - #2685

---
 src/firejail/fs_whitelist.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 666f02e4d..122c100f8 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -735,6 +735,22 @@ void fs_whitelist(void) {
 				errExit("mounting tmpfs on /tmp");
 			fs_logger("tmpfs /tmp");
 
+			// pam-tmpdir - issue #2685
+			char *env = getenv("TMP");
+			if (env) {
+				char *pamtmpdir;
+				if (asprintf(&pamtmpdir, "/tmp/user/%u", getuid()) == -1)
+					errExit("asprintf");
+				if (strcmp(env, pamtmpdir) == 0) {
+					// create empty user-owned /tmp/user/$uid directory
+					mkdir_attr("/tmp/user", 0755, 0, 0);
+					fs_logger("mkdir /tmp/user");
+					mkdir_attr(pamtmpdir, 0700, getuid(), getgid());
+					fs_logger2("mkdir", pamtmpdir);
+				}
+				free(pamtmpdir);
+			}
+
 			// autowhitelist home directory if it is masked by the tmpfs
 			if (strncmp(cfg.homedir, "/tmp/", 5) == 0)
 				whitelist_home(WLDIR_TMP);
-- 
cgit v1.2.3-54-g00ecf