diff options
author | netblue30 <netblue30@yahoo.com> | 2016-01-23 10:18:41 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-01-23 10:18:41 -0500 |
commit | 9a6afbab3d072c37dbfdd5366a4f78795d286414 (patch) | |
tree | 80f58e0ee3c8dabee1aeee87dc2c01dcca0d6198 | |
parent | added --user command (diff) | |
download | firejail-9a6afbab3d072c37dbfdd5366a4f78795d286414.tar.gz firejail-9a6afbab3d072c37dbfdd5366a4f78795d286414.tar.zst firejail-9a6afbab3d072c37dbfdd5366a4f78795d286414.zip |
disable /dev/kmsg and /proc/kmsg
-rw-r--r-- | etc/disable-common.inc | 4 | ||||
-rw-r--r-- | src/firejail/fs.c | 12 |
2 files changed, 12 insertions, 4 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index f04702618..e7974f02d 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -119,7 +119,3 @@ read-only ${HOME}/.xmonad | |||
119 | # The user ~/bin directory can override commands such as ls | 119 | # The user ~/bin directory can override commands such as ls |
120 | read-only ${HOME}/bin | 120 | read-only ${HOME}/bin |
121 | 121 | ||
122 | # syslog | ||
123 | blacklist /dev/kmsg | ||
124 | blacklist /proc/kmsg | ||
125 | |||
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 50e55f868..f4c448024 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -604,6 +604,18 @@ void fs_proc_sys_dev_boot(void) { | |||
604 | if (stat("/dev/port", &s) == 0) { | 604 | if (stat("/dev/port", &s) == 0) { |
605 | disable_file(BLACKLIST_FILE, "/dev/port"); | 605 | disable_file(BLACKLIST_FILE, "/dev/port"); |
606 | } | 606 | } |
607 | |||
608 | if (getuid() != 0) { | ||
609 | // disable /dev/kmsg | ||
610 | if (stat("/dev/kmsg", &s) == 0) { | ||
611 | disable_file(BLACKLIST_FILE, "/dev/kmsg"); | ||
612 | } | ||
613 | |||
614 | // disable /proc/kmsg | ||
615 | if (stat("/proc/kmsg", &s) == 0) { | ||
616 | disable_file(BLACKLIST_FILE, "/proc/kmsg"); | ||
617 | } | ||
618 | } | ||
607 | } | 619 | } |
608 | 620 | ||
609 | // disable firejail configuration in /etc/firejail and in ~/.config/firejail | 621 | // disable firejail configuration in /etc/firejail and in ~/.config/firejail |