diff options
author | netblue30 <netblue30@yahoo.com> | 2017-07-25 09:33:38 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-07-25 09:33:38 -0400 |
commit | 2b030c3a5953d4cacd0cb048f58e00ca80ea1e8e (patch) | |
tree | d3372441d3ce3d4108a290e3410316d8bca1bb44 | |
parent | Merge pull request #1403 from topimiettinen/seccomp-add-syscalls (diff) | |
parent | /proc/sys can be nosuid,noexec,nodev (diff) | |
download | firejail-2b030c3a5953d4cacd0cb048f58e00ca80ea1e8e.tar.gz firejail-2b030c3a5953d4cacd0cb048f58e00ca80ea1e8e.tar.zst firejail-2b030c3a5953d4cacd0cb048f58e00ca80ea1e8e.zip |
Merge pull request #1402 from topimiettinen/nosuid-noexec-nodev-proc-sys
/proc/sys can be nosuid,noexec,nodev
-rw-r--r-- | src/firejail/fs.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index c1de53ee5..6695fc6b4 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -515,7 +515,7 @@ void fs_proc_sys_dev_boot(void) { | |||
515 | 515 | ||
516 | // remount /proc/sys readonly | 516 | // remount /proc/sys readonly |
517 | if (mount("/proc/sys", "/proc/sys", NULL, MS_BIND | MS_REC, NULL) < 0 || | 517 | if (mount("/proc/sys", "/proc/sys", NULL, MS_BIND | MS_REC, NULL) < 0 || |
518 | mount(NULL, "/proc/sys", NULL, MS_BIND | MS_REMOUNT | MS_RDONLY | MS_REC, NULL) < 0) | 518 | mount(NULL, "/proc/sys", NULL, MS_BIND | MS_REMOUNT | MS_RDONLY | MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_REC, NULL) < 0) |
519 | errExit("mounting /proc/sys"); | 519 | errExit("mounting /proc/sys"); |
520 | fs_logger("read-only /proc/sys"); | 520 | fs_logger("read-only /proc/sys"); |
521 | 521 | ||