diff options
author | 2020-10-27 09:35:41 -0400 | |
---|---|---|
committer | 2020-10-27 09:35:41 -0400 | |
commit | 64a8d6a7f771e6457f7998335a8b88d60fe2b6ab (patch) | |
tree | 709362b9b7465f371dc82c3c014ef1a3140c6309 /src/firejail/profile.c | |
parent | Remove redundant read-only item (#3703) (diff) | |
download | firejail-64a8d6a7f771e6457f7998335a8b88d60fe2b6ab.tar.gz firejail-64a8d6a7f771e6457f7998335a8b88d60fe2b6ab.tar.zst firejail-64a8d6a7f771e6457f7998335a8b88d60fe2b6ab.zip |
compile time option to disable --private-cache and --tmpfs for regular user
Diffstat (limited to 'src/firejail/profile.c')
-rw-r--r-- | src/firejail/profile.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 869183e2f..4942f99ff 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -383,10 +383,12 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
383 | return 0; | 383 | return 0; |
384 | } | 384 | } |
385 | else if (strcmp(ptr, "private-cache") == 0) { | 385 | else if (strcmp(ptr, "private-cache") == 0) { |
386 | #ifdef HAVE_USERTMPFS | ||
386 | if (checkcfg(CFG_PRIVATE_CACHE)) | 387 | if (checkcfg(CFG_PRIVATE_CACHE)) |
387 | arg_private_cache = 1; | 388 | arg_private_cache = 1; |
388 | else | 389 | else |
389 | warning_feature_disabled("private-cache"); | 390 | warning_feature_disabled("private-cache"); |
391 | #endif | ||
390 | return 0; | 392 | return 0; |
391 | } | 393 | } |
392 | else if (strcmp(ptr, "private-dev") == 0) { | 394 | else if (strcmp(ptr, "private-dev") == 0) { |
@@ -1570,6 +1572,12 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
1570 | else if (strncmp(ptr, "noexec ", 7) == 0) | 1572 | else if (strncmp(ptr, "noexec ", 7) == 0) |
1571 | ptr += 7; | 1573 | ptr += 7; |
1572 | else if (strncmp(ptr, "tmpfs ", 6) == 0) { | 1574 | else if (strncmp(ptr, "tmpfs ", 6) == 0) { |
1575 | #ifndef HAVE_USERTMPFS | ||
1576 | if (getuid() != 0) { | ||
1577 | fprintf(stderr, "Error: tmpfs available only when running the sandbox as root\n"); | ||
1578 | exit(1); | ||
1579 | } | ||
1580 | #endif | ||
1573 | ptr += 6; | 1581 | ptr += 6; |
1574 | } | 1582 | } |
1575 | else { | 1583 | else { |