From 7310febd4d62eaac54c509244f8c011290e230b0 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Wed, 22 Mar 2017 11:36:25 -0400
Subject: fixed private-tmp problem on KDE systems

---
 src/firejail/sandbox.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'src')

diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index f26f8b06a..d1557e8b2 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -742,6 +742,20 @@ int sandbox(void* sandbox_arg) {
 		else {
 			// private-tmp is implemented as a whitelist
 			EUID_USER();
+			// check XAUTHORITY file, KDE keeps it under /tmp
+			char *xauth = getenv("XAUTHORITY");
+			if (xauth) {
+				char *rp = realpath(xauth, NULL);
+				if (rp && strncmp(rp, "/tmp/", 5) == 0) {
+					char *cmd;
+					if (asprintf(&cmd, "whitelist %s", rp) == -1)
+						errExit("asprintf");
+					profile_add(cmd); // profile_add does not duplicate the string
+				}
+				if (rp)
+					free(rp);
+			}
+			// whitelist x11 directory
 			profile_add("whitelist /tmp/.X11-unix");
 			EUID_ROOT();
 		}
-- 
cgit v1.2.3-70-g09d2