rewrite/partial revert of 8bff773d6a

the commit in question introduced an early check of Firejail configuration
file, which broke "firejail in firejail" for some sandboxes.

see issue #2877

etc/firejail.config

@@ -2,9 +2,6 @@
 # keyword-argument pairs, one per line. Most features are enabled by default.
 # Use 'yes' or 'no' as configuration values.
 
-# Resolve symbolic links in path of user home directories, default disabled.
-# homedir-symlink no
-
 # Enable AppArmor functionality, default enabled.
 # apparmor yes
 

src/firejail/checkcfg.c

@@ -50,7 +50,6 @@ int checkcfg(int val) {
 		cfg_val[CFG_DISABLE_MNT] = 0;
 		cfg_val[CFG_ARP_PROBES] = DEFAULT_ARP_PROBES;
 		cfg_val[CFG_XPRA_ATTACH] = 0;
-		cfg_val[CFG_HOMEDIR_SYMLINK] = 0;
 
 		// open configuration file
 		const char *fname = SYSCONFDIR "/firejail.config";
@@ -86,7 +85,6 @@ int checkcfg(int val) {
 			ptr = line_remove_spaces(buf);
 			if (!ptr)
 				continue;
-			PARSE_YESNO(CFG_HOMEDIR_SYMLINK, "homedir-symlink")
 			PARSE_YESNO(CFG_FILE_TRANSFER, "file-transfer")
 			PARSE_YESNO(CFG_DBUS, "dbus")
 			PARSE_YESNO(CFG_JOIN, "join")

src/firejail/firejail.h

@@ -722,7 +722,6 @@ enum {
 	CFG_PRIVATE_CACHE,
 	CFG_CGROUP,
 	CFG_NAME_CHANGE,
-	CFG_HOMEDIR_SYMLINK,
 	// CFG_FILE_COPY_LIMIT - file copy limit handled using setenv/getenv
 	CFG_MAX // this should always be the last entry
 };

src/firejail/main.c

@@ -259,25 +259,17 @@ static int has_link(const char *dir) {
 	return 0;
 }
 
-static void build_cfg_homedir(const char *dir) {
-	EUID_ASSERT();
-	assert(dir);
-	if (dir[0] != '/' || dir[1] == '\0') { // system users sometimes have root directory as home
-		fprintf(stderr, "Error: invalid user directory \"%s\"\n", dir);
+static void check_homedir(void) {
+	assert(cfg.homedir);
+	if (cfg.homedir[0] != '/' || cfg.homedir[1] == '\0') { // system users sometimes have root directory as home
+		fprintf(stderr, "Error: invalid user directory \"%s\"\n", cfg.homedir);
 		exit(1);
 	}
-	// symlinks are rejected in many places, offer a solution for home directories
-	if (checkcfg(CFG_HOMEDIR_SYMLINK)) {
-		cfg.homedir = realpath(dir, NULL);
-		if (cfg.homedir)
-			return;
+	// symlinks are rejected in many places
+	if (has_link(cfg.homedir)) {
+		fprintf(stderr, "No full support for symbolic links in path of user directory.\n"
+			"Please provide resolved path in password database (/etc/passwd).\n\n");
 	}
-	else if (has_link(dir)) {
-		fwarning("no full support for symbolic links in path of user directory.\n"
-			"Please provide resolved path in password database (/etc/passwd)\n"
-			"or enable symbolic link resolution in Firejail configuration file.\n\n");
-	}
-	cfg.homedir = clean_pathname(dir);
 }
 
 // init configuration
@@ -323,8 +315,8 @@ static void init_cfg(int argc, char **argv) {
 		fprintf(stderr, "Error: user %s doesn't have a user directory assigned\n", cfg.username);
 		exit(1);
 	}
-	build_cfg_homedir(pw->pw_dir);
-	assert(cfg.homedir);
+	cfg.homedir = clean_pathname(pw->pw_dir);
+	check_homedir();
 
 	// initialize random number generator
 	sandbox_pid = getpid();