diff options
author | startx2017 <vradu.startx@yandex.com> | 2020-03-13 17:18:58 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-03-13 17:18:58 -0500 |
commit | 4b1d2b9502254600e1d8e99ab4413e7530404c2a (patch) | |
tree | c2f85d953a16a967a500c9fbce3c32e55da31c80 /src/firejail/firejail.h | |
parent | Fix "Extraction not performed" on Debian 10 (diff) | |
parent | fail if opening the resolved path fails (diff) | |
download | firejail-4b1d2b9502254600e1d8e99ab4413e7530404c2a.tar.gz firejail-4b1d2b9502254600e1d8e99ab4413e7530404c2a.tar.zst firejail-4b1d2b9502254600e1d8e99ab4413e7530404c2a.zip |
Merge pull request #3268 from smitsohu/remount
remount hardening: move to file descriptor based mounts
Diffstat (limited to 'src/firejail/firejail.h')
-rw-r--r-- | src/firejail/firejail.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 0e4fcea6a..7391a8994 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -395,6 +395,7 @@ typedef enum { | |||
395 | MOUNT_TMPFS, | 395 | MOUNT_TMPFS, |
396 | MOUNT_NOEXEC, | 396 | MOUNT_NOEXEC, |
397 | MOUNT_RDWR, | 397 | MOUNT_RDWR, |
398 | MOUNT_RDWR_NOCHECK, // no check of ownership | ||
398 | OPERATION_MAX | 399 | OPERATION_MAX |
399 | } OPERATION; | 400 | } OPERATION; |
400 | 401 | ||
@@ -403,8 +404,7 @@ void fs_blacklist(void); | |||
403 | // mount a writable tmpfs | 404 | // mount a writable tmpfs |
404 | void fs_tmpfs(const char *dir, unsigned check_owner); | 405 | void fs_tmpfs(const char *dir, unsigned check_owner); |
405 | // remount noexec/nodev/nosuid or read-only or read-write | 406 | // remount noexec/nodev/nosuid or read-only or read-write |
406 | void fs_remount(const char *dir, OPERATION op, unsigned check_mnt); | 407 | void fs_remount(const char *dir, OPERATION op, int rec); |
407 | void fs_remount_rec(const char *dir, OPERATION op, unsigned check_mnt); | ||
408 | // mount /proc and /sys directories | 408 | // mount /proc and /sys directories |
409 | void fs_proc_sys_dev_boot(void); | 409 | void fs_proc_sys_dev_boot(void); |
410 | // blacklist firejail configuration and runtime directories | 410 | // blacklist firejail configuration and runtime directories |