From 092898da755fa6bc1965c7e786718dd6429cefc1 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Thu, 25 Jan 2018 16:09:32 -0500
Subject: whitelist, private-dev, private-tmp support for chroot and overlay
 sandboxes

---
 src/firejail/sandbox.c | 31 +++++++------------------------
 1 file changed, 7 insertions(+), 24 deletions(-)

(limited to 'src')

diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index ed0a253b3..47bb94a52 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -763,14 +763,8 @@ int sandbox(void* sandbox_arg) {
 			fs_private();
 	}
 
-	if (arg_private_dev) {
-		if (cfg.chrootdir)
-			fwarning("private-dev feature is disabled in chroot\n");
-		else if (arg_overlay)
-			fwarning("private-dev feature is disabled in overlay\n");
-		else
-			fs_private_dev();
-	}
+	if (arg_private_dev)
+		fs_private_dev();
 
 	if (arg_private_etc) {
 		if (cfg.chrootdir)
@@ -835,16 +829,10 @@ int sandbox(void* sandbox_arg) {
 	}
 
 	if (arg_private_tmp) {
-		if (cfg.chrootdir)
-			fwarning("private-tmp feature is disabled in chroot\n");
-		else if (arg_overlay)
-			fwarning("private-tmp feature is disabled in overlay\n");
-		else {
-			// private-tmp is implemented as a whitelist
-			EUID_USER();
-			fs_private_tmp();
-			EUID_ROOT();
-		}
+		// private-tmp is implemented as a whitelist
+		EUID_USER();
+		fs_private_tmp();
+		EUID_ROOT();
 	}
 
 	//****************************
@@ -877,12 +865,7 @@ int sandbox(void* sandbox_arg) {
 	// apply the profile file
 	//****************************
 	// apply all whitelist commands ...
-	if (cfg.chrootdir)
-		fwarning("whitelist feature is disabled in chroot\n");
-	else if (arg_overlay)
-		fwarning("whitelist feature is disabled in overlay\n");
-	else
-		fs_whitelist();
+	fs_whitelist();
 
 	// ... followed by blacklist commands
 	fs_blacklist(); // mkdir and mkfile are processed all over again
-- 
cgit v1.2.3-54-g00ecf