diff options
author | 2016-11-09 22:46:32 -0500 | |
---|---|---|
committer | 2016-11-09 22:46:32 -0500 | |
commit | 0939f26a4f2f5d090baadb7f2a47269e9e456fb5 (patch) | |
tree | 43918f354aebaffbe66cdab3afb9d89b4de6fc41 /src/firejail/sbox.c | |
parent | testing (diff) | |
download | firejail-0939f26a4f2f5d090baadb7f2a47269e9e456fb5.tar.gz firejail-0939f26a4f2f5d090baadb7f2a47269e9e456fb5.tar.zst firejail-0939f26a4f2f5d090baadb7f2a47269e9e456fb5.zip |
fixed --top
Diffstat (limited to 'src/firejail/sbox.c')
-rw-r--r-- | src/firejail/sbox.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c index 3d4eef3aa..bca72c14a 100644 --- a/src/firejail/sbox.c +++ b/src/firejail/sbox.c | |||
@@ -141,14 +141,16 @@ int sbox_run(unsigned filter, int num, ...) { | |||
141 | int max = 20; // getdtablesize() is overkill for a firejail process | 141 | int max = 20; // getdtablesize() is overkill for a firejail process |
142 | for (i = 3; i < max; i++) | 142 | for (i = 3; i < max; i++) |
143 | close(i); // close open files | 143 | close(i); // close open files |
144 | if ((filter & SBOX_ALLOW_STDIN) == 0) { | ||
144 | int fd = open("/dev/null",O_RDWR, 0); | 145 | int fd = open("/dev/null",O_RDWR, 0); |
145 | if (fd != -1) { | 146 | if (fd != -1) { |
146 | dup2 (fd, STDIN_FILENO); | 147 | dup2 (fd, STDIN_FILENO); |
147 | if (fd > 2) | 148 | if (fd > 2) |
148 | close (fd); | 149 | close (fd); |
150 | } | ||
151 | else // the user could run the sandbox without /dev/null | ||
152 | close(STDIN_FILENO); | ||
149 | } | 153 | } |
150 | else // the user could run the sandbox without /dev/null | ||
151 | close(STDIN_FILENO); | ||
152 | umask(027); | 154 | umask(027); |
153 | 155 | ||
154 | // apply filters | 156 | // apply filters |