diff options
| author |  startx2017 <vradu.startx@yandex.com> | 2018-11-06 10:15:00 -0500 |
|---|---|---|
| committer | startx2017 <vradu.startx@yandex.com> | 2018-11-06 10:15:00 -0500 |
| commit | 66d58b0d1588785d47adf97e4a02044b6253a070 (patch) | |
| tree | e2f6c170c39500c7cde2c840eb2e2a394c4331a9 | |
| parent | mainline merge: adding --net.print command for compatibility with Firetools (diff) | |
| download | firejail-66d58b0d1588785d47adf97e4a02044b6253a070.tar.gz firejail-66d58b0d1588785d47adf97e4a02044b6253a070.tar.zst firejail-66d58b0d1588785d47adf97e4a02044b6253a070.zip | |
mainline merge: mount appimage nodev,nosuid
| -rw-r--r-- | src/firejail/appimage.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c index e8db91958..7adf31eb6 100644 --- a/src/firejail/appimage.c +++ b/src/firejail/appimage.c | |||
| @@ -106,16 +106,19 @@ void appimage_set(const char *appimage) { | |||
| 106 | char *mode; | 106 | char *mode; |
| 107 | if (asprintf(&mode, "mode=700,uid=%d,gid=%d", getuid(), getgid()) == -1) | 107 | if (asprintf(&mode, "mode=700,uid=%d,gid=%d", getuid(), getgid()) == -1) |
| 108 | errExit("asprintf"); | 108 | errExit("asprintf"); |
| 109 | EUID_ROOT(); | 109 | unsigned long flags = MS_MGC_VAL|MS_RDONLY; |
| 110 | if (getuid()) | ||
| 111 | flags |= MS_NODEV|MS_NOSUID; | ||
| 110 | 112 | ||
| 113 | EUID_ROOT(); | ||
| 111 | if (size == 0) { | 114 | if (size == 0) { |
| 112 | fmessage("Mounting appimage type 1\n"); | 115 | fmessage("Mounting appimage type 1\n"); |
| 113 | if (mount(devloop, mntdir, "iso9660",MS_MGC_VAL|MS_RDONLY, mode) < 0) | 116 | if (mount(devloop, mntdir, "iso9660", flags, mode) < 0) |
| 114 | errExit("mounting appimage"); | 117 | errExit("mounting appimage"); |
| 115 | } | 118 | } |
| 116 | else { | 119 | else { |
| 117 | fmessage("Mounting appimage type 2\n"); | 120 | fmessage("Mounting appimage type 2\n"); |
| 118 | if (mount(devloop, mntdir, "squashfs",MS_MGC_VAL|MS_RDONLY, mode) < 0) | 121 | if (mount(devloop, mntdir, "squashfs", flags, mode) < 0) |
| 119 | errExit("mounting appimage"); | 122 | errExit("mounting appimage"); |
| 120 | } | 123 | } |
| 121 | 124 | ||