diff options
author | netblue30 <netblue30@yahoo.com> | 2016-11-24 08:36:30 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-11-24 08:36:30 -0500 |
commit | eb01b2602cc57f4bc4587ca1fc4fa69ebd8761bd (patch) | |
tree | df9ec16c1dc5b27ad8ae98b6a7572e17ad3167ed | |
parent | wget (diff) | |
download | firejail-eb01b2602cc57f4bc4587ca1fc4fa69ebd8761bd.tar.gz firejail-eb01b2602cc57f4bc4587ca1fc4fa69ebd8761bd.tar.zst firejail-eb01b2602cc57f4bc4587ca1fc4fa69ebd8761bd.zip |
ssh fix
-rw-r--r-- | etc/disable-common.inc | 3 | ||||
-rw-r--r-- | etc/ssh-agent.profile | 1 | ||||
-rw-r--r-- | etc/ssh.profile | 1 | ||||
-rw-r--r-- | src/firejail/fs.c | 9 |
4 files changed, 9 insertions, 5 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 0dad8b385..f18b0d396 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -165,9 +165,6 @@ blacklist ${PATH}/newgrp | |||
165 | blacklist ${PATH}/newuidmap | 165 | blacklist ${PATH}/newuidmap |
166 | blacklist ${PATH}/pkexec | 166 | blacklist ${PATH}/pkexec |
167 | blacklist ${PATH}/sg | 167 | blacklist ${PATH}/sg |
168 | blacklist ${PATH}/rsh | ||
169 | blacklist ${PATH}/rlogin | ||
170 | blacklist ${PATH}/rcp | ||
171 | blacklist ${PATH}/crontab | 168 | blacklist ${PATH}/crontab |
172 | blacklist ${PATH}/ksu | 169 | blacklist ${PATH}/ksu |
173 | blacklist ${PATH}/chsh | 170 | blacklist ${PATH}/chsh |
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile index 485bd8f3b..548ede37d 100644 --- a/etc/ssh-agent.profile +++ b/etc/ssh-agent.profile | |||
@@ -2,6 +2,7 @@ | |||
2 | quiet | 2 | quiet |
3 | noblacklist ~/.ssh | 3 | noblacklist ~/.ssh |
4 | noblacklist /tmp/ssh-* | 4 | noblacklist /tmp/ssh-* |
5 | noblacklist /etc/ssh | ||
5 | 6 | ||
6 | include /etc/firejail/disable-common.inc | 7 | include /etc/firejail/disable-common.inc |
7 | include /etc/firejail/disable-programs.inc | 8 | include /etc/firejail/disable-programs.inc |
diff --git a/etc/ssh.profile b/etc/ssh.profile index d3558ead3..b7a8ed2b9 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile | |||
@@ -2,6 +2,7 @@ | |||
2 | quiet | 2 | quiet |
3 | noblacklist ~/.ssh | 3 | noblacklist ~/.ssh |
4 | noblacklist /tmp/ssh-* | 4 | noblacklist /tmp/ssh-* |
5 | noblacklist /etc/ssh | ||
5 | 6 | ||
6 | include /etc/firejail/disable-common.inc | 7 | include /etc/firejail/disable-common.inc |
7 | include /etc/firejail/disable-programs.inc | 8 | include /etc/firejail/disable-programs.inc |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 8c776bad5..6f9b5a60c 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -111,8 +111,12 @@ static void disable_file(OPERATION op, const char *filename) { | |||
111 | fprintf(stderr, "Warning: %s directory link was not blacklisted\n", filename); | 111 | fprintf(stderr, "Warning: %s directory link was not blacklisted\n", filename); |
112 | } | 112 | } |
113 | else { | 113 | else { |
114 | if (arg_debug) | 114 | if (arg_debug) { |
115 | printf("Disable %s\n", fname); | 115 | if (strcmp(filename, fname)) |
116 | printf("Disable %s (requesterd %s)\n", fname, filename); | ||
117 | else | ||
118 | printf("Disable %s\n", fname); | ||
119 | } | ||
116 | else if (arg_debug_blacklists) { | 120 | else if (arg_debug_blacklists) { |
117 | printf("Disable %s", fname); | 121 | printf("Disable %s", fname); |
118 | if (op == BLACKLIST_FILE) | 122 | if (op == BLACKLIST_FILE) |
@@ -120,6 +124,7 @@ static void disable_file(OPERATION op, const char *filename) { | |||
120 | else | 124 | else |
121 | printf(" - no logging\n"); | 125 | printf(" - no logging\n"); |
122 | } | 126 | } |
127 | |||
123 | if (S_ISDIR(s.st_mode)) { | 128 | if (S_ISDIR(s.st_mode)) { |
124 | if (mount(RUN_RO_DIR, fname, "none", MS_BIND, "mode=400,gid=0") < 0) | 129 | if (mount(RUN_RO_DIR, fname, "none", MS_BIND, "mode=400,gid=0") < 0) |
125 | errExit("disable file"); | 130 | errExit("disable file"); |