diff options
author | smitsohu <smitsohu@gmail.com> | 2020-08-17 16:40:52 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2020-08-17 16:40:52 +0200 |
commit | 7d0800682ab3a74e3d463836cd2ca5cd697d542c (patch) | |
tree | c1099688e259a1d03ffc633778de2ce836f03db4 /src/firejail/sbox.c | |
parent | hardening: run plugins with dumpable flag cleared (diff) | |
download | firejail-7d0800682ab3a74e3d463836cd2ca5cd697d542c.tar.gz firejail-7d0800682ab3a74e3d463836cd2ca5cd697d542c.tar.zst firejail-7d0800682ab3a74e3d463836cd2ca5cd697d542c.zip |
various x11 xorg enhancements
1) copy xauth binary into the sandbox and set mode to 0711, so it runs
with cleared dumpable flag for unprivileged users
2) run xauth in an sbox sandbox
3) generate Xauthority file in runtime directory instead of /tmp;
this way xauth is able to connect to the X11 socket even if the
abstract socket doesn't exist, for example because a new network
namespace was instantiated
Diffstat (limited to 'src/firejail/sbox.c')
0 files changed, 0 insertions, 0 deletions