diff options
author | netblue30 <netblue30@yahoo.com> | 2016-09-27 15:52:21 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-09-27 15:52:21 -0400 |
commit | 19a67bebb4e11dd1727f8085dfa03c45d3128d49 (patch) | |
tree | 527147048cfbd3fbacc802f2b903ef3c9db10c2a /src/firejail/fs_dev.c | |
parent | CVE-2016-7545 (diff) | |
download | firejail-19a67bebb4e11dd1727f8085dfa03c45d3128d49.tar.gz firejail-19a67bebb4e11dd1727f8085dfa03c45d3128d49.tar.zst firejail-19a67bebb4e11dd1727f8085dfa03c45d3128d49.zip |
debug
Diffstat (limited to 'src/firejail/fs_dev.c')
-rw-r--r-- | src/firejail/fs_dev.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c index 4744b3096..c21aed6c4 100644 --- a/src/firejail/fs_dev.c +++ b/src/firejail/fs_dev.c | |||
@@ -59,13 +59,15 @@ static void deventry_mount(void) { | |||
59 | while (dev[i].dev_fname != NULL) { | 59 | while (dev[i].dev_fname != NULL) { |
60 | struct stat s; | 60 | struct stat s; |
61 | if (stat(dev[i].run_fname, &s) == 0) { | 61 | if (stat(dev[i].run_fname, &s) == 0) { |
62 | if (arg_debug) | ||
63 | printf("mounting %s\n", dev[i].run_fname); | ||
62 | if (mkdir(dev[i].dev_fname, 0755) == -1) | 64 | if (mkdir(dev[i].dev_fname, 0755) == -1) |
63 | errExit("mkdir"); | 65 | errExit("mkdir"); |
64 | if (chmod(dev[i].dev_fname, 0755) == -1) | 66 | if (chmod(dev[i].dev_fname, 0755) == -1) |
65 | errExit("chmod"); | 67 | errExit("chmod"); |
66 | ASSERT_PERMS(dev[i].dev_fname, 0, 0, 0755); | 68 | ASSERT_PERMS(dev[i].dev_fname, 0, 0, 0755); |
67 | if (mount(dev[i].run_fname, dev[i].dev_fname, NULL, MS_BIND|MS_REC, NULL) < 0) | 69 | if (mount(dev[i].run_fname, dev[i].dev_fname, NULL, MS_BIND|MS_REC, NULL) < 0) |
68 | errExit("mounting /dev/snd"); | 70 | errExit("mounting dev file"); |
69 | fs_logger2("whitelist", dev[i].dev_fname); | 71 | fs_logger2("whitelist", dev[i].dev_fname); |
70 | } | 72 | } |
71 | 73 | ||
@@ -261,6 +263,8 @@ void fs_dev_shm(void) { | |||
261 | } | 263 | } |
262 | 264 | ||
263 | void fs_dev_disable_sound() { | 265 | void fs_dev_disable_sound() { |
266 | if (arg_debug) | ||
267 | printf("disable /dev/snd\n"); | ||
264 | if (mount(RUN_RO_DIR, "/dev/snd", "none", MS_BIND, "mode=400,gid=0") < 0) | 268 | if (mount(RUN_RO_DIR, "/dev/snd", "none", MS_BIND, "mode=400,gid=0") < 0) |
265 | errExit("disable /dev/snd"); | 269 | errExit("disable /dev/snd"); |
266 | fs_logger("blacklist /dev/snd"); | 270 | fs_logger("blacklist /dev/snd"); |