diff options
| author |  netblue30 <netblue30@yahoo.com> | 2017-02-04 15:55:05 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2017-02-04 15:55:05 -0500 |
| commit | e138ebaa33b1c2c28734f32d542d674bff129c7c (patch) | |
| tree | f403e8bcc51a61588a0384b136a7f31270e633fb | |
| parent | git-install (diff) | |
| download | firejail-e138ebaa33b1c2c28734f32d542d674bff129c7c.tar.gz firejail-e138ebaa33b1c2c28734f32d542d674bff129c7c.tar.zst firejail-e138ebaa33b1c2c28734f32d542d674bff129c7c.zip | |
--git-install
| -rw-r--r-- | src/firejail/git.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/firejail/git.c b/src/firejail/git.c index bacceba59..aaae44de7 100644 --- a/src/firejail/git.c +++ b/src/firejail/git.c | |||
| @@ -22,14 +22,21 @@ | |||
| 22 | #include <sched.h> | 22 | #include <sched.h> |
| 23 | #include <sys/mount.h> | 23 | #include <sys/mount.h> |
| 24 | 24 | ||
| 25 | // install a simple mount/pid namespace sandbox with a tmpfs on top of /tmp | 25 | // install a very simple mount namespace sandbox with a tmpfs on top of /tmp |
| 26 | static void sbox_ns(void) { | 26 | static void sbox_ns(void) { |
| 27 | if (unshare(CLONE_NEWNS | CLONE_NEWIPC) < 0) | 27 | if (unshare(CLONE_NEWNS) < 0) |
| 28 | errExit("unshare"); | 28 | errExit("unshare"); |
| 29 | 29 | ||
| 30 | // mount events are not forwarded between the host the sandbox | ||
| 31 | if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0) { | ||
| 32 | errExit("mount"); | ||
| 33 | } | ||
| 34 | |||
| 35 | // moount a tmpfs on top of /tmp | ||
| 30 | if (mount(NULL, "/tmp", "tmpfs", 0, NULL) < 0) | 36 | if (mount(NULL, "/tmp", "tmpfs", 0, NULL) < 0) |
| 31 | errExit("mount"); | 37 | errExit("mount"); |
| 32 | } | 38 | } |
| 39 | |||
| 33 | 40 | ||
| 34 | void git_install() { | 41 | void git_install() { |
| 35 | // redirect to "/usr/bin/firejail --noprofile --private-tmp /usr/lib/firejail/fgit-install.sh" | 42 | // redirect to "/usr/bin/firejail --noprofile --private-tmp /usr/lib/firejail/fgit-install.sh" |