mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-15 14:16:14 -06:00
a4e6495fd1
When trying to prevent a file or directory in the user home from being written to, it is not uncommon to replace it with a symlink to /dev/null. If this path is also blacklisted (such as by disable-common.inc), the symlink will be followed, resulting in /dev/null itself being blacklisted, which can cause issues with (unrelated) programs that have their output redirected to /dev/null (for example). To avoid disabling /dev/null, when applying commands from `disable_file()` (such as `blacklist` and `read-only`), if a file is a symlink to /dev/null, avoid following the symlink and perform the operation on the link itself instead. Using these commands with "/dev/null" directly as the argument (that is, without going through a symlink) should still work the same way. It has been confirmed to work on Linux 3.8[1], so it should work on at least 3.8 and later. Closes #5803. [1] https://github.com/netblue30/firejail/pull/7129#issuecomment-4233141574 Reported-by: @fgpietersz Suggested-by: @Changaco Tested-by: @Changaco Tested-by: @Zopolis4
Symbolic link
1 line
No EOL
9 B
Text
Symbolic link
1 line
No EOL
9 B
Text
/dev/null |