keep original file permissions

[ghost]

Don't force 0755 permissions for whitelisted files. (#149)

[netblue30]

I am sure there is more to come, for example:

$ mkdir aaa
$ touch bbb
$ rm -fr aaa bbb
$ mkdir aaa
$ touch aaa/bbb
$ firejail --whitelist=~/aaa/bbb
Reading profile /etc/firejail/generic.profile
Reading profile /etc/firejail/disable-mgmt.inc
Reading profile /etc/firejail/disable-secret.inc
Reading profile /etc/firejail/disable-common.inc

** Note: you can use --noprofile to disable generic.profile **

Parent pid 8187, child pid 8188
Child process initialized
$ ls -l
total 0
drw-r--r-- 2 netblue netblue 60 Nov 19 19:18 aaa

aaa inherits the permissions of bbb file.

$ ls -l aaa/bbb
ls: cannot access aaa/bbb: Permission denied
$ 

So I had to add a 0111 to the mode in mkpath() function:

static int mkpath(const char* path, mode_t mode) {
    assert(path && *path);
    mode |= 0111;

    // create directories with uid/gid as root or as current user if inside home directory
...

I put "mode |= 0111" fix in, thanks!

[ghost]

That's weird though, and I want to see it work properly, not halfass-hackedly. Can't leave it like that. Damn details.

You're welcome!