From 14c94f18ccae4739ef4b0e6771f2fd16caaec1fb Mon Sep 17 00:00:00 2001 From: netblue30 Date: Wed, 11 Nov 2015 12:30:57 -0500 Subject: fix symlink whitelist --- src/firejail/firejail.h | 3 ++- src/firejail/fs_whitelist.c | 23 ++++++++++++++++++++++- 2 files changed, 24 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 5a917fd1f..58c497cd8 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -86,7 +86,8 @@ typedef struct interface_t { typedef struct profile_entry_t { struct profile_entry_t *next; - char *data; + char *data; // expanded name of the file + char *link; // link name - set if the file is a link }ProfileEntry; typedef struct config_t { diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index fac08705d..c856359f6 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c @@ -143,9 +143,16 @@ void fs_whitelist(void) { } char *new_name = expand_home(entry->data + 10, cfg.homedir); + assert(new_name); char *fname = realpath(new_name, NULL); - free(new_name); + + // mark symbolic links + if (is_link(new_name)) + entry->link = new_name; + else + free(new_name); + if (fname) { // change file name in entry->data if (strcmp(fname, entry->data + 10) != 0) { @@ -194,8 +201,22 @@ void fs_whitelist(void) { continue; } + // whitelist the real file whitelist_path(entry->data + 10); + // create the link if any + if (entry->link) { + // if the link is already there, do not bother + struct stat s; + if (stat(entry->link, &s) != 0) { + int rv = symlink(entry->data + 10, entry->link); + if (rv) + fprintf(stderr, "Warning cannot create symbolic link %s\n", entry->link); + else if (arg_debug) + printf("Created symbolic link %s -> %s\n", entry->link, entry->data + 10); + } + } + entry = entry->next; } -- cgit v1.2.3-54-g00ecf