From 4288f19e27005e559c0b75387738da831bf64035 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Wed, 20 Apr 2016 09:03:27 -0400
Subject: fix: --private-etc and --writable-etc are mutually exclusive

---
 src/firejail/main.c    | 9 +++++++++
 src/firejail/profile.c | 4 ++++
 2 files changed, 13 insertions(+)

(limited to 'src')

diff --git a/src/firejail/main.c b/src/firejail/main.c
index 15720b4c6..0f7809fea 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1279,6 +1279,10 @@ int main(int argc, char **argv) {
 				fprintf(stderr, "Error: --writable-etc is available only for root user\n");
 				exit(1);
 			}
+			if (cfg.etc_private_keep) {
+				fprintf(stderr, "Error: --private-etc and --writable-etc are mutually exclusive\n");
+				exit(1);
+			}
 			arg_writable_etc = 1;
 		}
 		else if (strcmp(argv[i], "--writable-var") == 0) {
@@ -1304,6 +1308,11 @@ int main(int argc, char **argv) {
 			arg_private_dev = 1;
 		}
 		else if (strncmp(argv[i], "--private-etc=", 14) == 0) {
+			if (arg_writable_etc) {
+				fprintf(stderr, "Error: --private-etc and --writable-etc are mutually exclusive\n");
+				exit(1);
+			}
+			
 			// extract private etc list
 			cfg.etc_private_keep = argv[i] + 14;
 			if (*cfg.etc_private_keep == '\0') {
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 7ff7c7926..a2336090f 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -580,6 +580,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 
 	// private /etc list of files and directories
 	if (strncmp(ptr, "private-etc ", 12) == 0) {
+		if (arg_writable_etc) {
+			fprintf(stderr, "Error: --private-etc and --writable-etc are mutually exclusive\n");
+			exit(1);
+		}
 		cfg.etc_private_keep = ptr + 12;
 		fs_check_etc_list();
 		if (*cfg.etc_private_keep != '\0')
-- 
cgit v1.2.3-54-g00ecf