summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2016-07-27 17:53:09 -0400
committerLibravatar netblue30 <netblue30@yahoo.com>2016-07-27 17:53:09 -0400
commit82c353409ab09554c2a4f3517f8e654725d8da46 (patch)
tree6cd8d462973901bb6aa1c3034b1d667d60dcc149 /src
parentsymlink whitelist fix (diff)
downloadfirejail-82c353409ab09554c2a4f3517f8e654725d8da46.tar.gz
firejail-82c353409ab09554c2a4f3517f8e654725d8da46.tar.zst
firejail-82c353409ab09554c2a4f3517f8e654725d8da46.zip
symlink whitelist fix
Diffstat (limited to 'src')
-rw-r--r--src/firejail/fs_whitelist.c3
-rw-r--r--src/man/firejail.txt4
2 files changed, 7 insertions, 0 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index f94040d0f..e3668140d 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -401,6 +401,9 @@ void fs_whitelist(void) {
401 struct stat s; 401 struct stat s;
402 if (stat(fname, &s) == 0 && s.st_uid != getuid()) 402 if (stat(fname, &s) == 0 && s.st_uid != getuid())
403 goto errexit; 403 goto errexit;
404
405 // set nonewprivs
406 arg_nonewprivs = 1;
404 } 407 }
405 } 408 }
406 else if (strncmp(new_name, "/tmp/", 5) == 0) { 409 else if (strncmp(new_name, "/tmp/", 5) == 0) {
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index d8bd34f10..65744235e 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -949,6 +949,10 @@ cannot acquire new privileges using execve(2); in particular,
949this means that calling a suid binary (or one with file capabilities) 949this means that calling a suid binary (or one with file capabilities)
950does not result in an increase of privilege. 950does not result in an increase of privilege.
951 951
952--nonewprivs is enabled by default if seccomp filter is activated, or if a
953symbolic link in user home directory pointing outside user home
954is whitelisted.
955
952.TP 956.TP
953\fB\-\-nosound 957\fB\-\-nosound
954Disable sound system. 958Disable sound system.
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-03 08:22:32 +0000