diff options
author | netblue30 <netblue30@yahoo.com> | 2017-10-16 21:12:55 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-10-16 21:12:55 -0400 |
commit | 826bbf14599f8bf04c4a0452d734cbc596e35a4e (patch) | |
tree | f99054096448c91abb91035d953200df7bdda553 | |
parent | enabled private-lib in xviewer (Mint) (diff) | |
download | firejail-826bbf14599f8bf04c4a0452d734cbc596e35a4e.tar.gz firejail-826bbf14599f8bf04c4a0452d734cbc596e35a4e.tar.zst firejail-826bbf14599f8bf04c4a0452d734cbc596e35a4e.zip |
commented out private-etc in firefox profile, fixed whitelisting problems for /srv directory
-rw-r--r-- | etc/firefox.profile | 5 | ||||
-rw-r--r-- | src/firejail/fs_whitelist.c | 2 |
2 files changed, 5 insertions, 2 deletions
diff --git a/etc/firefox.profile b/etc/firefox.profile index 80cdb6ab0..551e1aa90 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
@@ -76,7 +76,10 @@ tracelog | |||
76 | # firefox requires a shell to launch on Arch. We can possibly remove sh though. | 76 | # firefox requires a shell to launch on Arch. We can possibly remove sh though. |
77 | # private-bin firefox,which,sh,dbus-launch,dbus-send,env,sh,bash | 77 | # private-bin firefox,which,sh,dbus-launch,dbus-send,env,sh,bash |
78 | private-dev | 78 | private-dev |
79 | private-etc iceweasel,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse | 79 | |
80 | # private-etc below works fine on most distributions. There are some problems on CentOS. | ||
81 | # private-etc iceweasel,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse | ||
82 | |||
80 | private-tmp | 83 | private-tmp |
81 | 84 | ||
82 | noexec ${HOME} | 85 | noexec ${HOME} |
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 6e766f996..bfc773374 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -413,7 +413,7 @@ void fs_whitelist(void) { | |||
413 | else if (strncmp(new_name, "/opt/", 5) == 0) | 413 | else if (strncmp(new_name, "/opt/", 5) == 0) |
414 | opt_dir = 1; | 414 | opt_dir = 1; |
415 | else if (strncmp(new_name, "/srv/", 5) == 0) | 415 | else if (strncmp(new_name, "/srv/", 5) == 0) |
416 | opt_dir = 1; | 416 | srv_dir = 1; |
417 | } | 417 | } |
418 | 418 | ||
419 | entry->data = EMPTY_STRING; | 419 | entry->data = EMPTY_STRING; |