From 2a57a24561e3382059e199cac8aa8bba1bab44a0 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Wed, 18 May 2016 13:22:15 -0400 Subject: --read-only fix --- src/firejail/util.c | 2 +- src/man/firejail.txt | 16 +++++++++------- 2 files changed, 10 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/src/firejail/util.c b/src/firejail/util.c index da73bbfd5..3d5fc214d 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c @@ -548,7 +548,7 @@ char *expand_home(const char *path, const char* homedir) { errExit("asprintf"); return new_name; } - else if (strncmp(path, "~/", 2) == 0) { + else if (*path == '~') { if (asprintf(&new_name, "%s%s", homedir, path + 1) == -1) errExit("asprintf"); return new_name; diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 29a84f71e..e3a660286 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -153,14 +153,7 @@ Example: .br $ sudo firejail \-\-caps.keep=chown,net_bind_service,setgid,\\ setuid /etc/init.d/nginx start -.br -.br -A short note about mixing \-\-whitelist and \-\-read-only options. Whitelisted directories -should be made read-only independently. Making a parent directory read-only, will not -make the whitelist read-only. Example: -.br -$ firejail --whitelist=~/work --read-only=~/ --read-only=~/work .TP \fB\-\-caps.print=name|pid Print the caps filter for the sandbox identified by name or by PID. @@ -1138,6 +1131,15 @@ Set directory or file read-only. Example: .br $ firejail \-\-read-only=~/.mozilla firefox +.br + +.br +A short note about mixing \-\-whitelist and \-\-read-only options. Whitelisted directories +should be made read-only independently. Making a parent directory read-only, will not +make the whitelist read-only. Example: +.br +$ firejail --whitelist=~/work --read-only=~/ --read-only=~/work + .TP \fB\-\-rlimit-fsize=number Set the maximum file size that can be created by a process. -- cgit v1.2.3-54-g00ecf