diff options
author | smitsohu <smitsohu@gmail.com> | 2019-11-14 16:19:00 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2019-11-14 16:19:00 +0100 |
commit | acbf707889ae241bfd476f5371df4599103b6606 (patch) | |
tree | 8c37c5547d55b00a56b3fafb256ebbd4acacae82 /src/firejail/fs.c | |
parent | simplify private option ownership checks and make them more consistent (diff) | |
download | firejail-acbf707889ae241bfd476f5371df4599103b6606.tar.gz firejail-acbf707889ae241bfd476f5371df4599103b6606.tar.zst firejail-acbf707889ae241bfd476f5371df4599103b6606.zip |
blacklist private-home runtime directory
as far as possible avoid creating locations in the file system
that are both writable and executable
Diffstat (limited to 'src/firejail/fs.c')
-rw-r--r-- | src/firejail/fs.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 3e802efb5..1f0ccac1a 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -447,7 +447,7 @@ void fs_tmpfs(const char *dir, unsigned check_owner) { | |||
447 | // get a file descriptor for dir, fails if there is any symlink | 447 | // get a file descriptor for dir, fails if there is any symlink |
448 | int fd = safe_fd(dir, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC); | 448 | int fd = safe_fd(dir, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC); |
449 | if (fd == -1) | 449 | if (fd == -1) |
450 | errExit("safe_fd"); | 450 | errExit("while opening directory"); |
451 | struct stat s; | 451 | struct stat s; |
452 | if (fstat(fd, &s) == -1) | 452 | if (fstat(fd, &s) == -1) |
453 | errExit("fstat"); | 453 | errExit("fstat"); |