diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-07-10 08:44:00 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-07-10 08:44:00 -0400 |
| commit | d1afb133e35ba444b214d2d4b63f460925e90ece (patch) | |
| tree | 726acc61f6193f53a1b27327b637219365b8c3d4 | |
| parent | --noexec (diff) | |
| download | firejail-d1afb133e35ba444b214d2d4b63f460925e90ece.tar.gz firejail-d1afb133e35ba444b214d2d4b63f460925e90ece.tar.zst firejail-d1afb133e35ba444b214d2d4b63f460925e90ece.zip | |
/var and /etc are noexec by default
| -rw-r--r-- | src/firejail/fs.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index de59b6676..4b2b91b17 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
| @@ -722,10 +722,12 @@ void fs_basic_fs(void) { | |||
| 722 | printf("Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr"); | 722 | printf("Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr"); |
| 723 | if (!arg_writable_etc) { | 723 | if (!arg_writable_etc) { |
| 724 | fs_rdonly("/etc"); | 724 | fs_rdonly("/etc"); |
| 725 | fs_noexec("/etc"); | ||
| 725 | if (arg_debug) printf(", /etc"); | 726 | if (arg_debug) printf(", /etc"); |
| 726 | } | 727 | } |
| 727 | if (!arg_writable_var) { | 728 | if (!arg_writable_var) { |
| 728 | fs_rdonly("/var"); | 729 | fs_rdonly("/var"); |
| 730 | fs_noexec("/var"); | ||
| 729 | if (arg_debug) printf(", /var"); | 731 | if (arg_debug) printf(", /var"); |
| 730 | } | 732 | } |
| 731 | if (arg_debug) printf("\n"); | 733 | if (arg_debug) printf("\n"); |