Write to console error message when trying to rename a whitelisted file

[crass]

Since the issue where rename fails on whitelisted files is somewhat common. I suggest that we try to actively notify the user when this issue is triggered. I think we can actively enable this notification only for selected profiles by adding a config option (eg. notify-rename-whitelist).

For such profiles, we could hook rename with LD_PRELOAD library. When a rename fails with EBUSY, check that the file is a mountpoint, and then write to the console a glaring message saying something to the effect that this is a known issue and to go to a url in our wiki explaining the issue and potential work arounds.

For extra points, we could detect that a program is a graphical one and also popup the message in a popup box (using our own custom program or something like xmessage, but prettier, on the host system).

Using LD_PRELOAD won't work for programs that bypass glibc for syscalls, but I'd expect that to be a rare situation.

For reference, see:

• [bug] Whitelisting a file leads to inability to write to it #2071
• "Firefox is not currently set as your default browser" #1355
• ktorrent: configuration does not persist #1793
• keepassxc: cannot save database file (whitelisting issue) #2873

[Vincent43]

Why not add this into whitelist option?

[netblue30]

I would say let's try it out. We are already doing something similar to LD_PRELOAD for --trace and --tracelog. Also seccomp ends up there in some cases.

It's not a pure LD_PRELOAD, more like a global one based on /etc/ld.preload file. So we generate a new /etc/ld.preload file and we place in it some of our libraries (src/libtrace, src/libtracelog, src/libpostexec). When the sandboxed program starts, it will load the .so libraries. The code to build the new /etc/ld.preload is in fs_trace,c.