diff options
author | smitsohu <smitsohu@gmail.com> | 2019-11-14 16:46:53 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2019-11-14 16:46:53 +0100 |
commit | cc17fbf8701da0a211685c76f8303d67cc97d81f (patch) | |
tree | b5777a778dd7cc4d45f05ad811dcf507a7336665 | |
parent | blacklist private-home runtime directory (diff) | |
download | firejail-cc17fbf8701da0a211685c76f8303d67cc97d81f.tar.gz firejail-cc17fbf8701da0a211685c76f8303d67cc97d81f.tar.zst firejail-cc17fbf8701da0a211685c76f8303d67cc97d81f.zip |
fixing the fix
get previous commit acbf707889ae241bfd476f5371df4599103b6606
in line with treatment of other directories in /run/firejail/mnt
-rw-r--r-- | src/firejail/fs_home.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 1ff8c2722..d09f92697 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -593,9 +593,9 @@ void fs_private_home_list(void) { | |||
593 | errLogExit("invalid private-home mount"); | 593 | errLogExit("invalid private-home mount"); |
594 | fs_logger2("tmpfs", homedir); | 594 | fs_logger2("tmpfs", homedir); |
595 | 595 | ||
596 | // blacklist RUN_HOME_DIR, it is writable and not noexec | 596 | // mask RUN_HOME_DIR, it is writable and not noexec |
597 | if (mount(RUN_RO_DIR, RUN_HOME_DIR, NULL, MS_BIND, NULL) < 0) | 597 | if (mount("tmpfs", RUN_HOME_DIR, "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME, "mode=755,gid=0") < 0) |
598 | errExit("blacklisting " RUN_HOME_DIR); | 598 | errExit("mounting tmpfs"); |
599 | fs_logger2("tmpfs", RUN_HOME_DIR); | 599 | fs_logger2("tmpfs", RUN_HOME_DIR); |
600 | 600 | ||
601 | if (uid != 0) { | 601 | if (uid != 0) { |