diff options
author | smitsohu <smitsohu@gmail.com> | 2020-04-22 14:31:22 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2020-04-22 14:31:22 +0200 |
commit | 1c2c772f0ee05fdd42e462eacc92e79c201df110 (patch) | |
tree | d1fa74a33b4aee743ebb4838854ec98ef779e35d /src/firejail/fs_home.c | |
parent | small fixes (diff) | |
download | firejail-1c2c772f0ee05fdd42e462eacc92e79c201df110.tar.gz firejail-1c2c772f0ee05fdd42e462eacc92e79c201df110.tar.zst firejail-1c2c772f0ee05fdd42e462eacc92e79c201df110.zip |
selinux relabeling, little things
Diffstat (limited to 'src/firejail/fs_home.c')
-rw-r--r-- | src/firejail/fs_home.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index ff6d78bf2..af891d61f 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -357,11 +357,14 @@ void fs_private(void) { | |||
357 | printf("Mounting a new /root directory\n"); | 357 | printf("Mounting a new /root directory\n"); |
358 | if (mount("tmpfs", "/root", "tmpfs", MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_STRICTATIME, "mode=700,gid=0") < 0) | 358 | if (mount("tmpfs", "/root", "tmpfs", MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_STRICTATIME, "mode=700,gid=0") < 0) |
359 | errExit("mounting /root directory"); | 359 | errExit("mounting /root directory"); |
360 | selinux_relabel_path("/root", "/root"); | ||
360 | fs_logger("tmpfs /root"); | 361 | fs_logger("tmpfs /root"); |
361 | 362 | ||
362 | if (arg_allusers) { | 363 | if (arg_allusers) { |
363 | if (u != 0) | 364 | if (u != 0) |
364 | fs_tmpfs(homedir, 1); // check if directory is owned by the current user | 365 | // mask user home directory |
366 | // the directory should be owned by the current user | ||
367 | fs_tmpfs(homedir, 1); | ||
365 | } | 368 | } |
366 | else { // mask /home | 369 | else { // mask /home |
367 | if (arg_debug) | 370 | if (arg_debug) |
@@ -390,7 +393,9 @@ void fs_private(void) { | |||
390 | fs_logger2("tmpfs", homedir); | 393 | fs_logger2("tmpfs", homedir); |
391 | } | 394 | } |
392 | else | 395 | else |
393 | fs_tmpfs(homedir, 1); // check if directory is owned by the current user | 396 | // mask user home directory |
397 | // the directory should be owned by the current user | ||
398 | fs_tmpfs(homedir, 1); | ||
394 | } | 399 | } |
395 | } | 400 | } |
396 | 401 | ||