From 22414adf2a79b08a77bacbc002fb6ebb126d5b32 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Fri, 10 Mar 2017 10:17:00 -0500
Subject: allow tmpfs for regular users for files in home directory

---
 src/firejail/profile.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index c4feadad0..d5d62e929 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -970,8 +970,19 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 		ptr += 7;
 	else if (strncmp(ptr, "tmpfs ", 6) == 0) {
 		if (getuid() != 0) {
-			fprintf(stderr, "Error: tmpfs available only when running the sandbox as root\n");
-			exit(1);
+			// allow a non-root user  to mount tmpfs in user home directory, links are not allowed
+			invalid_filename(ptr + 6);
+			char *newfname = expand_home(ptr + 6, cfg.homedir);
+			assert(newfname);
+			if (is_link(newfname)) {
+				fprintf(stderr, "Error: for regular user, tmpfs is not available for symbolic links\n");
+				exit(1);	
+			}
+			if (strncmp(newfname, cfg.homedir, strlen(cfg.homedir)) != 0) {
+				fprintf(stderr, "Error: for regular user, tmpfs is available only for files in user home directory\n");
+				exit(1);	
+			}
+			free(newfname);
 		}
 		ptr += 6;
 	}
-- 
cgit v1.2.3-70-g09d2