sandbox: Do not leave file mounts underneath private-etc - firejail - Mirror of https://github.com/netblue30/firejail

diff options

author	Simo Piiroinen <simo.piiroinen@jolla.com>	2020-12-16 11:18:03 +0200
committer	Tomi Leppänen <tomi.leppanen@jolla.com>	2021-02-22 10:01:43 +0200
commit	70cc108688f4e1f654534bf58cafe1caff3fc0e0 (patch)
tree	d4d9d581d7c287f3455ac42848843bfae9b293cc /README.md
parent	fcopy: Fix memory leaks (diff)
download	firejail-70cc108688f4e1f654534bf58cafe1caff3fc0e0.tar.gz firejail-70cc108688f4e1f654534bf58cafe1caff3fc0e0.tar.zst firejail-70cc108688f4e1f654534bf58cafe1caff3fc0e0.zip

sandbox: Do not leave file mounts underneath private-etc

Firejail uses file bind-mounts to filter /etc/passwd and /etc/group content. If private-etc is used, these mounts are left underneath the /etc directory mount and this seems to be causing problems in devices with older kernels: attempts to modify passwd or group data fails with EBUSY. Make it possible to perform fs_private_dir_list() actions in two separate phases. Undo the file mounts in /etc before mounting private-etc content. Signed-off-by: Simo Piiroinen <simo.piiroinen@jolla.com> Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>

Diffstat (limited to 'README.md')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: