fixing the fix

get previous commit acbf707889ae241bfd476f5371df4599103b6606 in line with treatment of other directories in /run/firejail/mnt
author: smitsohu <smitsohu@gmail.com> 2019-11-14 16:46:53 +0100
committer: smitsohu <smitsohu@gmail.com> 2019-11-14 16:46:53 +0100
commit: cc17fbf8701da0a211685c76f8303d67cc97d81f (patch)
tree: b5777a778dd7cc4d45f05ad811dcf507a7336665 /src/firejail/fs_home.c
parent: blacklist private-home runtime directory (diff)
download: firejail-cc17fbf8701da0a211685c76f8303d67cc97d81f.tar.gz
firejail-cc17fbf8701da0a211685c76f8303d67cc97d81f.tar.zst
firejail-cc17fbf8701da0a211685c76f8303d67cc97d81f.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index 1ff8c2722..d09f92697 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -593,9 +593,9 @@ void fs_private_home_list(void) {
                errLogExit("invalid private-home mount");
        fs_logger2("tmpfs", homedir);
-        // blacklist RUN_HOME_DIR, it is writable and not noexec
+        // mask RUN_HOME_DIR, it is writable and not noexec
-        if (mount(RUN_RO_DIR, RUN_HOME_DIR, NULL, MS_BIND, NULL) < 0)
+        if (mount("tmpfs", RUN_HOME_DIR, "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME,  "mode=755,gid=0") < 0)
-                errExit("blacklisting " RUN_HOME_DIR);
+                errExit("mounting tmpfs");
        fs_logger2("tmpfs", RUN_HOME_DIR);
        if (uid != 0) {
author	smitsohu <smitsohu@gmail.com>	2019-11-14 16:46:53 +0100
committer	smitsohu <smitsohu@gmail.com>	2019-11-14 16:46:53 +0100
commit	cc17fbf8701da0a211685c76f8303d67cc97d81f (patch)
tree	b5777a778dd7cc4d45f05ad811dcf507a7336665 /src/firejail/fs_home.c
parent	blacklist private-home runtime directory (diff)
download	firejail-cc17fbf8701da0a211685c76f8303d67cc97d81f.tar.gz firejail-cc17fbf8701da0a211685c76f8303d67cc97d81f.tar.zst firejail-cc17fbf8701da0a211685c76f8303d67cc97d81f.zip

diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 1ff8c2722..d09f92697 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c
@@ -593,9 +593,9 @@ void fs_private_home_list(void) {
593	errLogExit("invalid private-home mount");	593	errLogExit("invalid private-home mount");
594	fs_logger2("tmpfs", homedir);	594	fs_logger2("tmpfs", homedir);
595		595
596	// blacklist RUN_HOME_DIR, it is writable and not noexec	596	// mask RUN_HOME_DIR, it is writable and not noexec
597	if (mount(RUN_RO_DIR, RUN_HOME_DIR, NULL, MS_BIND, NULL) < 0)	597	if (mount("tmpfs", RUN_HOME_DIR, "tmpfs", MS_NOSUID \| MS_NODEV \| MS_STRICTATIME, "mode=755,gid=0") < 0)
598	errExit("blacklisting " RUN_HOME_DIR);	598	errExit("mounting tmpfs");
599	fs_logger2("tmpfs", RUN_HOME_DIR);	599	fs_logger2("tmpfs", RUN_HOME_DIR);
600		600
601	if (uid != 0) {	601	if (uid != 0) {