From 5ca82643d2870782406c19662aa2494a3de89383 Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Mon, 25 Sep 2017 14:05:52 +0200 Subject: [PATCH] flatpak-run: Correctly handle symlinks in flatpak_exports_path_is_visible When we're resolving a symlink to see if the destination is visible, then we have to actually append the rest of the path to look at the final target, not just the intermediate symlinked directory. --- common/flatpak-run.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/common/flatpak-run.c b/common/flatpak-run.c index 6ab46301..fe54edca 100644 --- a/common/flatpak-run.c +++ b/common/flatpak-run.c @@ -2560,7 +2560,7 @@ flatpak_exports_path_is_visible (FlatpakExports *exports, path = canonical = flatpak_canonicalize_filename (path); - parts = g_strsplit (path, "/", -1); + parts = g_strsplit (path+1, "/", -1); /* A path is visible in the sandbox if no parent * path element that is mapped in the sandbox is @@ -2581,10 +2581,21 @@ flatpak_exports_path_is_visible (FlatpakExports *exports, if (S_ISLNK (st.st_mode)) { g_autofree char *resolved = flatpak_resolve_link (path_builder->str, NULL); + g_autoptr(GString) path2_builder = NULL; + int j; + if (resolved == NULL) return FALSE; + path2_builder = g_string_new (resolved); - return flatpak_exports_path_is_visible (exports, resolved); + for (j = i + 1; parts[j] != NULL; j++) + { + g_string_append (path2_builder, "/"); + g_string_append (path2_builder, parts[j]); + } + + + return flatpak_exports_path_is_visible (exports, path2_builder->str); } } else if (parts[i+1] == NULL)