diff options
| author |  netblue30 <netblue30@yahoo.com> | 2017-02-05 11:16:45 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2017-02-05 11:16:45 -0500 |
| commit | a387deeef7858653f27a835509ab420d55769307 (patch) | |
| tree | 1b7a579751da5b1e99a886c5b0a6e7d86e5e0550 | |
| parent | --git-install/--git-uninstall (diff) | |
| download | firejail-a387deeef7858653f27a835509ab420d55769307.tar.gz firejail-a387deeef7858653f27a835509ab420d55769307.tar.zst firejail-a387deeef7858653f27a835509ab420d55769307.zip | |
enable strict seccomp filter on overlay options
| -rw-r--r-- | src/firejail/sandbox.c | 8 |
1 files changed, 0 insertions, 8 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index e56526f34..81cce7e98 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
| @@ -630,10 +630,6 @@ int sandbox(void* sandbox_arg) { | |||
| 630 | #ifdef HAVE_OVERLAYFS | 630 | #ifdef HAVE_OVERLAYFS |
| 631 | if (arg_overlay) { | 631 | if (arg_overlay) { |
| 632 | fs_overlayfs(); | 632 | fs_overlayfs(); |
| 633 | |||
| 634 | //todo - bring it back for overlay-named | ||
| 635 | #if 0 | ||
| 636 | fs_overlayfs(); | ||
| 637 | // force caps and seccomp if not started as root | 633 | // force caps and seccomp if not started as root |
| 638 | if (getuid() != 0) { | 634 | if (getuid() != 0) { |
| 639 | enforce_filters(); | 635 | enforce_filters(); |
| @@ -643,10 +639,6 @@ int sandbox(void* sandbox_arg) { | |||
| 643 | } | 639 | } |
| 644 | else | 640 | else |
| 645 | arg_seccomp = 1; | 641 | arg_seccomp = 1; |
| 646 | #endif | ||
| 647 | |||
| 648 | |||
| 649 | |||
| 650 | } | 642 | } |
| 651 | else | 643 | else |
| 652 | #endif | 644 | #endif |