join: misc improvements

* don't mess with umask of root, it could be more strict than user umask and relaxing it may catch root by surprise * join needs execveat syscall, need to drop it post-exec * make things more explicit
author: smitsohu <smitsohu@gmail.com> 2021-01-06 16:53:55 +0100
committer: smitsohu <smitsohu@gmail.com> 2021-01-06 16:53:55 +0100
commit: 4dd09c88bc8078b39a8348cd5b5b224ae0587e72 (patch)
tree: 6075e77fc1f91bca2cded5a1917cf6080c35c292 /src/lib/syscall.c
parent: fix preview in apostrophe (diff)
download: firejail-4dd09c88bc8078b39a8348cd5b5b224ae0587e72.tar.gz
firejail-4dd09c88bc8078b39a8348cd5b5b224ae0587e72.tar.zst
firejail-4dd09c88bc8078b39a8348cd5b5b224ae0587e72.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/src/lib/syscall.c b/src/lib/syscall.c
index 4903971ad..6823d0ae6 100644
--- a/src/lib/syscall.c
+++ b/src/lib/syscall.c
@@ -336,6 +336,7 @@ static const SyscallGroupList sysgroups[] = {
 #endif
        },
        { .name = "@default-keep", .list =
+          "execveat," // commonly used by fexecve
          "execve,"
          "prctl"
        },
author	smitsohu <smitsohu@gmail.com>	2021-01-06 16:53:55 +0100
committer	smitsohu <smitsohu@gmail.com>	2021-01-06 16:53:55 +0100
commit	4dd09c88bc8078b39a8348cd5b5b224ae0587e72 (patch)
tree	6075e77fc1f91bca2cded5a1917cf6080c35c292 /src/lib/syscall.c
parent	fix preview in apostrophe (diff)
download	firejail-4dd09c88bc8078b39a8348cd5b5b224ae0587e72.tar.gz firejail-4dd09c88bc8078b39a8348cd5b5b224ae0587e72.tar.zst firejail-4dd09c88bc8078b39a8348cd5b5b224ae0587e72.zip

diff --git a/src/lib/syscall.c b/src/lib/syscall.c index 4903971ad..6823d0ae6 100644 --- a/src/lib/syscall.c +++ b/src/lib/syscall.c
@@ -336,6 +336,7 @@ static const SyscallGroupList sysgroups[] = {
336	#endif	336	#endif
337	},	337	},
338	{ .name = "@default-keep", .list =	338	{ .name = "@default-keep", .list =
		339	"execveat," // commonly used by fexecve
339	"execve,"	340	"execve,"
340	"prctl"	341	"prctl"
341	},	342	},