From 75b80b445d01ee34f105ff0d8a47d1b09f2c7898 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Tue, 12 Apr 2016 13:22:39 -0400
Subject: --private-bin fixes

---
 src/firejail/fs.c     |  2 +-
 src/firejail/fs_bin.c | 35 ++++++++++++++++++++++-------------
 src/firejail/paths.c  |  5 +++--
 3 files changed, 26 insertions(+), 16 deletions(-)

(limited to 'src')

diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index b4eb708d8..b3fafa0c2 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -506,7 +506,7 @@ void fs_blacklist(void) {
 			if (strncmp(ptr, "${PATH}", 7) == 0) {
 				char *fname = ptr + 7;
 				size_t fname_len = strlen(fname);
-				char **paths = build_paths(); //{"/usr/local/bin", "/bin", "/usr/bin/", "/sbin", "/usr/sbin", NULL};
+				char **paths = build_paths(); //{"/usr/local/bin", "/usr/local/sbin", "/bin", "/usr/bin/", "/sbin", "/usr/sbin", NULL};
 				int i = 0;
 				while (paths[i] != NULL) {
 					char *path = paths[i];
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c
index 87d63c6e6..c3d24aaac 100644
--- a/src/firejail/fs_bin.c
+++ b/src/firejail/fs_bin.c
@@ -26,10 +26,11 @@
 
 static char *paths[] = {
 	"/usr/local/bin",
-	"/bin",
 	"/usr/bin",
-	"/sbin",
+	"/bin",
+	"/usr/local/sbin",
 	"/usr/sbin",
+	"/sbin",
 	NULL
 };
 
@@ -173,6 +174,7 @@ void fs_private_bin_list(void) {
 	
 	// check bin paths
 	int i = 0;
+#if 0
 	while (paths[i]) {
 		struct stat s;
 		if (stat(paths[i], &s) == -1) {
@@ -181,6 +183,7 @@ void fs_private_bin_list(void) {
 		}
 		i++;
 	}
+#endif
 
 	// create /tmp/firejail/mnt/bin directory
 	fs_build_mnt_dir();
@@ -230,12 +233,15 @@ void fs_private_bin_list(void) {
 	// mount-bind
 	i = 0;
 	while (paths[i]) {
-		if (arg_debug)
-			printf("Mount-bind %s on top of %s\n", RUN_BIN_DIR, paths[i]);
-		if (mount(RUN_BIN_DIR, paths[i], NULL, MS_BIND|MS_REC, NULL) < 0)
-			errExit("mount bind");
-		fs_logger2("tmpfs", paths[i]);
-		fs_logger2("mount", paths[i]);
+		struct stat s;
+		if (stat(paths[i], &s) == 0) {
+			if (arg_debug)
+				printf("Mount-bind %s on top of %s\n", RUN_BIN_DIR, paths[i]);
+			if (mount(RUN_BIN_DIR, paths[i], NULL, MS_BIND|MS_REC, NULL) < 0)
+				errExit("mount bind");
+			fs_logger2("tmpfs", paths[i]);
+			fs_logger2("mount", paths[i]);
+		}
 		i++;
 	}
 	
@@ -249,11 +255,14 @@ void fs_private_bin_list(void) {
 	while (ptr) {
 		i = 0;
 		while (paths[i]) {
-			char *fname;
-			if (asprintf(&fname, "%s/%s", paths[i], ptr) == -1)
-				errExit("asprintf");
-			fs_logger2("clone", fname);
-			free(fname);
+			struct stat s;
+			if (stat(paths[i], &s) == 0) {
+				char *fname;
+				if (asprintf(&fname, "%s/%s", paths[i], ptr) == -1)
+					errExit("asprintf");
+				fs_logger2("clone", fname);
+				free(fname);
+			}
 			i++;
 		}
 		ptr = strtok(NULL, ",");
diff --git a/src/firejail/paths.c b/src/firejail/paths.c
index 74b8dfe55..97a1d5a98 100644
--- a/src/firejail/paths.c
+++ b/src/firejail/paths.c
@@ -76,10 +76,11 @@ char **build_paths(void) {
 
 		// add default paths
 		add_path("/usr/local/bin");
-		add_path("/bin");
 		add_path("/usr/bin");
-		add_path("/sbin");
+		add_path("/bin");
+		add_path("/usr/local/sbin");
 		add_path("/usr/sbin");
+		add_path("/sbin");
 
 		path2 = strdup(path1);
 		if (!path2)
-- 
cgit v1.2.3-54-g00ecf