diff options
author | startx2017 <vradu.startx@yandex.com> | 2017-09-05 08:35:21 -0400 |
---|---|---|
committer | startx2017 <vradu.startx@yandex.com> | 2017-09-05 08:35:21 -0400 |
commit | b3f3992bcc3c9e4d7bc876ec2460cdf1926263b6 (patch) | |
tree | 1385453b54f3d97cd23e5981736a4efe6e2c99ab | |
parent | Merge pull request #1526 from smitsohu/caps (diff) | |
download | firejail-b3f3992bcc3c9e4d7bc876ec2460cdf1926263b6.tar.gz firejail-b3f3992bcc3c9e4d7bc876ec2460cdf1926263b6.tar.zst firejail-b3f3992bcc3c9e4d7bc876ec2460cdf1926263b6.zip |
fix caps.keep/dac-overwrite
-rw-r--r-- | README | 2 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 4 |
2 files changed, 5 insertions, 1 deletions
@@ -411,6 +411,8 @@ smithsohu (https://github.com/smitsohu) | |||
411 | - fixed device discovery for simple-scan | 411 | - fixed device discovery for simple-scan |
412 | - add novideo support in many profiles | 412 | - add novideo support in many profiles |
413 | - improve server profiles, harden musescore | 413 | - improve server profiles, harden musescore |
414 | - snap profile cleanup | ||
415 | - tighten some capability sets further | ||
414 | soredake (https://github.com/soredake) | 416 | soredake (https://github.com/soredake) |
415 | - fix steam startup with >=llvm-4 | 417 | - fix steam startup with >=llvm-4 |
416 | SpotComms (https://github.com/SpotComms) | 418 | SpotComms (https://github.com/SpotComms) |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 8074fcd74..656942440 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -107,7 +107,9 @@ static void set_caps(void) { | |||
107 | caps_default_filter(); | 107 | caps_default_filter(); |
108 | 108 | ||
109 | // drop discretionary access control capabilities for root sandboxes | 109 | // drop discretionary access control capabilities for root sandboxes |
110 | caps_drop_dac_override(); | 110 | // if caps.keep, the user has to set it manually in the list |
111 | if (!arg_caps_keep) | ||
112 | caps_drop_dac_override(); | ||
111 | } | 113 | } |
112 | 114 | ||
113 | void save_nogroups(void) { | 115 | void save_nogroups(void) { |