[PR #289] [MERGED] Fix problem with relative path in storage_find function #3585

New issue

Closed

opened 2026-05-05 10:04:07 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:04:07 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/289
Author: @manevich
Created: 2/10/2016
Status: ✅ Merged
Merged: 2/11/2016
Merged by: @netblue30

Base: master ← Head: patch-2

📝 Commits (1)

d4e6b2e Fix problem with relative path in storage_find function

📊 Changes

1 file changed (+55 additions, -22 deletions)

View changed files

📝 src/libtracelog/libtracelog.c (+55 -22)

📄 Description

storage_find function fails on relative path, so nothing reported to log when blacklisted file accessed by relative path.
This is because CWD is NULL when realpath function called.

How to reproduce:

touch /home/user/somefile
firejail --blacklist=somefile --tracelog cat somefile

Solution: keep CWD value and set it before calling realpath. In order to do this:

new wrapper for chdir call, and variable to keep CWD added.
storage_find modified to chdir before calling realpath function.
order of storage_find and orig_* calls in syscall wrappers changed,
to prevent error set by calls in storage_find leak outside.
condition for calling realpath changed to include double-slash
and path without initial slash

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/289 **Author:** [@manevich](https://github.com/manevich) **Created:** 2/10/2016 **Status:** ✅ Merged **Merged:** 2/11/2016 **Merged by:** [@netblue30](https://github.com/netblue30) **Base:** `master` ← **Head:** `patch-2` --- ### 📝 Commits (1) - [`d4e6b2e`](https://github.com/netblue30/firejail/commit/d4e6b2e16866fa74acc5ba491e3b862e8a634dd4) Fix problem with relative path in storage_find function ### 📊 Changes **1 file changed** (+55 additions, -22 deletions) <details> <summary>View changed files</summary> 📝 `src/libtracelog/libtracelog.c` (+55 -22) </details> ### 📄 Description storage_find function fails on relative path, so nothing reported to log when blacklisted file accessed by relative path. This is because CWD is NULL when realpath function called. How to reproduce: ``` touch /home/user/somefile firejail --blacklist=somefile --tracelog cat somefile ``` Solution: keep CWD value and set it before calling realpath. In order to do this: - new wrapper for chdir call, and variable to keep CWD added. - storage_find modified to chdir before calling realpath function. - order of storage_find and orig_\* calls in syscall wrappers changed, to prevent error set by calls in storage_find leak outside. - condition for calling realpath changed to include double-slash and path without initial slash --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:04:07 -06:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3585

No description provided.

Rows
Columns