allow-debuggers fix

author: netblue30 <netblue30@yahoo.com> 2016-09-27 13:29:39 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-09-27 13:29:39 -0400
commit: 78e772fe13a2ecd79be8cf196afd819a7a517a10 (patch)
tree: 719b8ce9d218733c82d09087575439f69cd683d9
parent: qt additions to whitelist-common.inc (diff)
download: firejail-78e772fe13a2ecd79be8cf196afd819a7a517a10.tar.gz
firejail-78e772fe13a2ecd79be8cf196afd819a7a517a10.tar.zst
firejail-78e772fe13a2ecd79be8cf196afd819a7a517a10.zip
1 files changed, 7 insertions, 5 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index e38f128ea..3dbfe3909 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -674,11 +674,13 @@ void fs_proc_sys_dev_boot(void) {
        disable_file(BLACKLIST_FILE, "/proc/kmem");
        
        // remove kernel symbol information
-        disable_file(BLACKLIST_FILE, "/usr/src/linux");
+        if (!arg_allow_debuggers) {
-        disable_file(BLACKLIST_FILE, "/lib/modules");
+                disable_file(BLACKLIST_FILE, "/usr/src/linux");
-        disable_file(BLACKLIST_FILE, "/usr/lib/debug");
+                disable_file(BLACKLIST_FILE, "/lib/modules");
-        disable_file(BLACKLIST_FILE, "/boot");
+                disable_file(BLACKLIST_FILE, "/usr/lib/debug");
-        
+                disable_file(BLACKLIST_FILE, "/boot");
+        }
+                
        // disable /selinux
        disable_file(BLACKLIST_FILE, "/selinux");
author	netblue30 <netblue30@yahoo.com>	2016-09-27 13:29:39 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-09-27 13:29:39 -0400
commit	78e772fe13a2ecd79be8cf196afd819a7a517a10 (patch)
tree	719b8ce9d218733c82d09087575439f69cd683d9
parent	qt additions to whitelist-common.inc (diff)
download	firejail-78e772fe13a2ecd79be8cf196afd819a7a517a10.tar.gz firejail-78e772fe13a2ecd79be8cf196afd819a7a517a10.tar.zst firejail-78e772fe13a2ecd79be8cf196afd819a7a517a10.zip

diff --git a/src/firejail/fs.c b/src/firejail/fs.c index e38f128ea..3dbfe3909 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c
@@ -674,11 +674,13 @@ void fs_proc_sys_dev_boot(void) {
674	disable_file(BLACKLIST_FILE, "/proc/kmem");	674	disable_file(BLACKLIST_FILE, "/proc/kmem");
675		675
676	// remove kernel symbol information	676	// remove kernel symbol information
677	disable_file(BLACKLIST_FILE, "/usr/src/linux");	677	if (!arg_allow_debuggers) {
678	disable_file(BLACKLIST_FILE, "/lib/modules");	678	disable_file(BLACKLIST_FILE, "/usr/src/linux");
679	disable_file(BLACKLIST_FILE, "/usr/lib/debug");	679	disable_file(BLACKLIST_FILE, "/lib/modules");
680	disable_file(BLACKLIST_FILE, "/boot");	680	disable_file(BLACKLIST_FILE, "/usr/lib/debug");
681		681	disable_file(BLACKLIST_FILE, "/boot");
		682	}
		683
682	// disable /selinux	684	// disable /selinux
683	disable_file(BLACKLIST_FILE, "/selinux");	685	disable_file(BLACKLIST_FILE, "/selinux");
684		686