diff options
author | smitsohu <smitsohu@gmail.com> | 2019-03-23 22:32:30 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-03-23 22:32:30 +0000 |
commit | eecf35c2f8249489a1d3e512bb07f0d427183134 (patch) | |
tree | daa2959c75d282672d9a4bb7469a21b99f9ed809 /src/firejail/fs_lib.c | |
parent | Add kid3, kid3-cli, kid3-qt (#2614) (diff) | |
download | firejail-eecf35c2f8249489a1d3e512bb07f0d427183134.tar.gz firejail-eecf35c2f8249489a1d3e512bb07f0d427183134.tar.zst firejail-eecf35c2f8249489a1d3e512bb07f0d427183134.zip |
mount runtime seccomp files read-only (#2602)
avoid creating locations in the file system that are both writable and
executable (in this case for processes with euid of the user).
for the same reason also remove user owned libfiles
when it is not needed any more
Diffstat (limited to 'src/firejail/fs_lib.c')
-rw-r--r-- | src/firejail/fs_lib.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c index 808ead240..70c6ac88a 100644 --- a/src/firejail/fs_lib.c +++ b/src/firejail/fs_lib.c | |||
@@ -133,6 +133,7 @@ void fslib_copy_libs(const char *full_path) { | |||
133 | fslib_duplicate(buf); | 133 | fslib_duplicate(buf); |
134 | } | 134 | } |
135 | fclose(fp); | 135 | fclose(fp); |
136 | unlink(RUN_LIB_FILE); | ||
136 | } | 137 | } |
137 | 138 | ||
138 | 139 | ||