diff options
author | smitsohu <smitsohu@gmail.com> | 2019-11-28 11:36:40 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2019-11-28 11:36:40 +0100 |
commit | f439d08ca2d8abe5be7277ffa3496a032dd53558 (patch) | |
tree | 832f9fa369bbca9c8ea59ce82333081da0d7ca9e | |
parent | fix interaction between private options and allusers option (diff) | |
download | firejail-f439d08ca2d8abe5be7277ffa3496a032dd53558.tar.gz firejail-f439d08ca2d8abe5be7277ffa3496a032dd53558.tar.zst firejail-f439d08ca2d8abe5be7277ffa3496a032dd53558.zip |
mask more private options runtime directories, just to be sure
-rw-r--r-- | src/firejail/fs_etc.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index eb03eb35f..082f8b4a0 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c | |||
@@ -189,5 +189,10 @@ void fs_private_dir_list(const char *private_dir, const char *private_run_dir, c | |||
189 | errExit("mount bind"); | 189 | errExit("mount bind"); |
190 | fs_logger2("mount", private_dir); | 190 | fs_logger2("mount", private_dir); |
191 | 191 | ||
192 | // mask private_run_dir (who knows if there are writable paths, and it is mounted exec) | ||
193 | if (mount("tmpfs", private_run_dir, "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME, "mode=755,gid=0") < 0) | ||
194 | errExit("mounting tmpfs"); | ||
195 | fs_logger2("tmpfs", private_run_dir); | ||
196 | |||
192 | fmessage("Private %s installed in %0.2f ms\n", private_dir, timetrace_end()); | 197 | fmessage("Private %s installed in %0.2f ms\n", private_dir, timetrace_end()); |
193 | } | 198 | } |