diff options
author | netblue30 <netblue30@yahoo.com> | 2017-01-29 15:21:24 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-01-29 15:21:24 -0500 |
commit | a9f45ae11452e7f0170aca4d70f951c3f7c21d10 (patch) | |
tree | be8db089a6cbaad99bec3103c59d8194d618127a | |
parent | Merge pull request #1079 from ibukanov/copy_to_root_fix (diff) | |
download | firejail-a9f45ae11452e7f0170aca4d70f951c3f7c21d10.tar.gz firejail-a9f45ae11452e7f0170aca4d70f951c3f7c21d10.tar.zst firejail-a9f45ae11452e7f0170aca4d70f951c3f7c21d10.zip |
merges
-rw-r--r-- | README | 2 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 17 |
2 files changed, 19 insertions, 0 deletions
@@ -98,6 +98,8 @@ valoq (https://github.com/valoq) | |||
98 | - added skanlite, ssh-agent, transmission-cli, tracker, transmission-show, w3m, xfburn, xpra profiles | 98 | - added skanlite, ssh-agent, transmission-cli, tracker, transmission-show, w3m, xfburn, xpra profiles |
99 | - added wget profile | 99 | - added wget profile |
100 | - disable gnupg and systemd directories under /run/user | 100 | - disable gnupg and systemd directories under /run/user |
101 | Igor Bukanov (https://github.com/ibukanov) | ||
102 | - found/fiixed privilege escalation in --hosts-file option | ||
101 | Cat (https://github.com/ecat3) | 103 | Cat (https://github.com/ecat3) |
102 | - prevent tmux connecting to an existing session | 104 | - prevent tmux connecting to an existing session |
103 | Zack Weinberg (https://github.com/zackw) | 105 | Zack Weinberg (https://github.com/zackw) |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 812112b51..d6d7d3887 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -629,6 +629,23 @@ int sandbox(void* sandbox_arg) { | |||
629 | #ifdef HAVE_OVERLAYFS | 629 | #ifdef HAVE_OVERLAYFS |
630 | if (arg_overlay) { | 630 | if (arg_overlay) { |
631 | fs_overlayfs(); | 631 | fs_overlayfs(); |
632 | |||
633 | //todo - bring it back for overlay-named | ||
634 | #if 0 | ||
635 | fs_overlayfs(); | ||
636 | // force caps and seccomp if not started as root | ||
637 | if (getuid() != 0) { | ||
638 | enforce_filters(); | ||
639 | #ifdef HAVE_SECCOMP | ||
640 | enforce_seccomp = 1; | ||
641 | #endif | ||
642 | } | ||
643 | else | ||
644 | arg_seccomp = 1; | ||
645 | #endif | ||
646 | |||
647 | |||
648 | |||
632 | } | 649 | } |
633 | else | 650 | else |
634 | #endif | 651 | #endif |