From 4615457c7b0ae0164687adf29579542927393619 Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Sat, 14 Mar 2020 23:46:05 +0100
Subject: improve the previous fix: don't remount FUSE without permission

previous commit 3d35c039074cc11fbacf8de5bc8cb1a0952ceae4
issue #3277
---
 src/firejail/fs.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

(limited to 'src')

diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index aa2852910..ed2cc86dc 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -482,8 +482,15 @@ static void fs_remount_simple(const char *path, OPERATION op) {
 		errExit("open");
 	// identify file owner
 	struct stat s;
-	if (fstat(fd, &s) == -1)
-		errExit("fstat");
+	if (fstat(fd, &s) == -1) {
+		// fstat can fail with EACCES if path is a FUSE mount,
+		// mounted without 'allow_root' or 'allow_other'
+		if (errno != EACCES)
+			errExit("fstat");
+		fwarning("not remounting %s\n", path);
+		close(fd);
+		return;
+	}
 	// get mount flags
 	struct statvfs buf;
 	if (fstatvfs(fd, &buf) == -1)
@@ -592,9 +599,7 @@ static void fs_remount_rec(const char *dir, OPERATION op) {
 	// remount
 	char **tmp = arr;
 	while (*tmp) {
-		// FUSE submounts mounted without allow_root/allow_other break
-		// fs_remount_simple, sort them out by calling realpath first
-		fs_remount(*tmp, op, 0);
+		fs_remount_simple(*tmp, op);
 		free(*tmp++);
 	}
 	free(arr);
-- 
cgit v1.2.3-54-g00ecf