mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-15 14:16:14 -06:00
a4e6495fd1
When trying to prevent a file or directory in the user home from being written to, it is not uncommon to replace it with a symlink to /dev/null. If this path is also blacklisted (such as by disable-common.inc), the symlink will be followed, resulting in /dev/null itself being blacklisted, which can cause issues with (unrelated) programs that have their output redirected to /dev/null (for example). To avoid disabling /dev/null, when applying commands from `disable_file()` (such as `blacklist` and `read-only`), if a file is a symlink to /dev/null, avoid following the symlink and perform the operation on the link itself instead. Using these commands with "/dev/null" directly as the argument (that is, without going through a symlink) should still work the same way. It has been confirmed to work on Linux 3.8[1], so it should work on at least 3.8 and later. Closes #5803. [1] https://github.com/netblue30/firejail/pull/7129#issuecomment-4233141574 Reported-by: @fgpietersz Suggested-by: @Changaco Tested-by: @Changaco Tested-by: @Zopolis4 |
||
|---|---|---|
| .. | ||
| apparmor | ||
| appimage | ||
| apps | ||
| capabilities | ||
| chroot | ||
| compile | ||
| environment | ||
| fcopy | ||
| filters | ||
| firecfg | ||
| fnetfilter | ||
| fnettrace | ||
| fs | ||
| network | ||
| private-etc | ||
| private-lib | ||
| profiles | ||
| seccomp-extra | ||
| utils | ||
| hidepid-howto | ||
| Makefile | ||