diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-11-09 22:46:32 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-11-09 22:46:32 -0500 |
| commit | 0939f26a4f2f5d090baadb7f2a47269e9e456fb5 (patch) | |
| tree | 43918f354aebaffbe66cdab3afb9d89b4de6fc41 /src/firejail/sbox.c | |
| parent | testing (diff) | |
| download | firejail-0939f26a4f2f5d090baadb7f2a47269e9e456fb5.tar.gz firejail-0939f26a4f2f5d090baadb7f2a47269e9e456fb5.tar.zst firejail-0939f26a4f2f5d090baadb7f2a47269e9e456fb5.zip | |
fixed --top
Diffstat (limited to 'src/firejail/sbox.c')
| -rw-r--r-- | src/firejail/sbox.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c index 3d4eef3aa..bca72c14a 100644 --- a/src/firejail/sbox.c +++ b/src/firejail/sbox.c | |||
| @@ -141,14 +141,16 @@ int sbox_run(unsigned filter, int num, ...) { | |||
| 141 | int max = 20; // getdtablesize() is overkill for a firejail process | 141 | int max = 20; // getdtablesize() is overkill for a firejail process |
| 142 | for (i = 3; i < max; i++) | 142 | for (i = 3; i < max; i++) |
| 143 | close(i); // close open files | 143 | close(i); // close open files |
| 144 | if ((filter & SBOX_ALLOW_STDIN) == 0) { | ||
| 144 | int fd = open("/dev/null",O_RDWR, 0); | 145 | int fd = open("/dev/null",O_RDWR, 0); |
| 145 | if (fd != -1) { | 146 | if (fd != -1) { |
| 146 | dup2 (fd, STDIN_FILENO); | 147 | dup2 (fd, STDIN_FILENO); |
| 147 | if (fd > 2) | 148 | if (fd > 2) |
| 148 | close (fd); | 149 | close (fd); |
| 150 | } | ||
| 151 | else // the user could run the sandbox without /dev/null | ||
| 152 | close(STDIN_FILENO); | ||
| 149 | } | 153 | } |
| 150 | else // the user could run the sandbox without /dev/null | ||
| 151 | close(STDIN_FILENO); | ||
| 152 | umask(027); | 154 | umask(027); |
| 153 | 155 | ||
| 154 | // apply filters | 156 | // apply filters |