diff options
| author | Jonas Heinrich <onny@project-insanity.org> | 2021-09-19 11:55:30 +0200 |
|---|---|---|
| committer | Jonas Heinrich <onny@project-insanity.org> | 2021-09-19 11:55:30 +0200 |
| commit | defe183dad2ab2b419314515326bdab93d35306a (patch) | |
| tree | 69f1851eea3b9345a47020cc7586e40ac3da36d3 | |
| parent | 3333520a83eed604f597ff6f74aa7a3b522f6865 (diff) | |
| download | nixpkgs-defe183dad2ab2b419314515326bdab93d35306a.tar nixpkgs-defe183dad2ab2b419314515326bdab93d35306a.tar.gz nixpkgs-defe183dad2ab2b419314515326bdab93d35306a.tar.bz2 nixpkgs-defe183dad2ab2b419314515326bdab93d35306a.tar.lz nixpkgs-defe183dad2ab2b419314515326bdab93d35306a.tar.xz nixpkgs-defe183dad2ab2b419314515326bdab93d35306a.tar.zst nixpkgs-defe183dad2ab2b419314515326bdab93d35306a.zip | |
firejail: Remove symlink check patch
| -rw-r--r-- | pkgs/os-specific/linux/firejail/default.nix | 3 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/firejail/remove-link-check.patch | 48 |
2 files changed, 51 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/firejail/default.nix b/pkgs/os-specific/linux/firejail/default.nix index 1a9b7e34f5a..47fce3df533 100644 --- a/pkgs/os-specific/linux/firejail/default.nix +++ b/pkgs/os-specific/linux/firejail/default.nix @@ -20,6 +20,9 @@ stdenv.mkDerivation rec { # By default fbuilder hardcodes the firejail binary to the install path. # On NixOS the firejail binary is a setuid wrapper available in $PATH. ./fbuilder-call-firejail-on-path.patch + # Disable symlink check on /etc/hosts, see + # https://github.com/netblue30/firejail/issues/2758#issuecomment-805174951 + ./remove-link-check.patch ]; prePatch = '' diff --git a/pkgs/os-specific/linux/firejail/remove-link-check.patch b/pkgs/os-specific/linux/firejail/remove-link-check.patch new file mode 100644 index 00000000000..477df57a241 --- /dev/null +++ b/pkgs/os-specific/linux/firejail/remove-link-check.patch @@ -0,0 +1,48 @@ +From ccc726f8ec877d8cda720daa2498e43629b6dd48 Mon Sep 17 00:00:00 2001 +From: Jonas Heinrich <onny@project-insanity.org> +Date: Sun, 19 Sep 2021 11:48:06 +0200 +Subject: [PATCH 1/2] remove hosts file link check + +--- + src/firejail/fs_hostname.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c +index 42255070c4..97ce70f9c1 100644 +--- a/src/firejail/fs_hostname.c ++++ b/src/firejail/fs_hostname.c +@@ -132,10 +132,6 @@ char *fs_check_hosts_file(const char *fname) { + invalid_filename(fname); + char *rv = expand_home(fname, cfg.homedir); + +- // no a link +- if (is_link(rv)) +- goto errexit; +- + // the user has read access to the file + if (access(rv, R_OK)) + goto errexit; + +From c2c51e7ca56075e7388b4f50922b148615d1b125 Mon Sep 17 00:00:00 2001 +From: Jonas Heinrich <onny@project-insanity.org> +Date: Sun, 19 Sep 2021 11:49:08 +0200 +Subject: [PATCH 2/2] remove hosts file link check + +--- + src/firejail/fs_hostname.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c +index 97ce70f9c1..b228707131 100644 +--- a/src/firejail/fs_hostname.c ++++ b/src/firejail/fs_hostname.c +@@ -154,9 +154,6 @@ void fs_mount_hosts_file(void) { + struct stat s; + if (stat("/etc/hosts", &s) == -1) + goto errexit; +- // not a link +- if (is_link("/etc/hosts")) +- goto errexit; + // owned by root + if (s.st_uid != 0) + goto errexit; |