mount appimages nodev,nosuid

1 files changed, 6 insertions, 3 deletions

diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c
index e8db91958..7adf31eb6 100644
--- a/src/firejail/appimage.c
+++ b/src/firejail/appimage.c
@@ -106,16 +106,19 @@ void appimage_set(const char *appimage) {
         char *mode;
         if (asprintf(&mode, "mode=700,uid=%d,gid=%d", getuid(), getgid()) == -1)
                 errExit("asprintf");
-        EUID_ROOT();
+        unsigned long flags = MS_MGC_VAL|MS_RDONLY;
+        if (getuid())
+                flags |= MS_NODEV|MS_NOSUID;
 
+        EUID_ROOT();
         if (size == 0) {
                 fmessage("Mounting appimage type 1\n");
-                if (mount(devloop, mntdir, "iso9660",MS_MGC_VAL|MS_RDONLY,  mode) < 0)
+                if (mount(devloop, mntdir, "iso9660", flags,  mode) < 0)
                         errExit("mounting appimage");
         }
         else {
                 fmessage("Mounting appimage type 2\n");
-                if (mount(devloop, mntdir, "squashfs",MS_MGC_VAL|MS_RDONLY,  mode) < 0)
+                if (mount(devloop, mntdir, "squashfs", flags,  mode) < 0)
                         errExit("mounting appimage");
         }