diff options
| author |  rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-03-01 12:40:35 +0100 |
|---|---|---|
| committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-03-01 12:40:35 +0100 |
| commit | ff0cb00535159bd9b4bb78d618df2f74b0663636 (patch) | |
| tree | bf6bc7f313eda017e77930a555bdb1c9fdfa691e /src/firejail/sandbox.c | |
| parent | Add ./configure --enable-force-nonewprivs (diff) | |
| download | firejail-ff0cb00535159bd9b4bb78d618df2f74b0663636.tar.gz firejail-ff0cb00535159bd9b4bb78d618df2f74b0663636.tar.zst firejail-ff0cb00535159bd9b4bb78d618df2f74b0663636.zip | |
Clarify enforce_filters message
The current message misses the info that nnp and nogroups is applied
too. The new mentions nnp too, but is very long. If anyone has a better
wording, say it.
Diffstat (limited to 'src/firejail/sandbox.c')
| -rw-r--r-- | src/firejail/sandbox.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index e320e77f9..f1ab895db 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
| @@ -594,7 +594,7 @@ static void enforce_filters(void) { | |||
| 594 | force_nonewprivs = 1; | 594 | force_nonewprivs = 1; |
| 595 | 595 | ||
| 596 | // disable all capabilities | 596 | // disable all capabilities |
| 597 | fmessage("\n** Warning: dropping all Linux capabilities **\n\n"); | 597 | fmessage("\n** Warning: dropping all Linux capabilities and setting NO_NEW_PRIVS prctl **\n\n"); |
| 598 | arg_caps_drop_all = 1; | 598 | arg_caps_drop_all = 1; |
| 599 | 599 | ||
| 600 | // drop all supplementary groups; /etc/group file inside chroot | 600 | // drop all supplementary groups; /etc/group file inside chroot |