diff options
author | netblue30 <netblue30@yahoo.com> | 2016-10-17 08:41:39 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-10-17 08:41:39 -0400 |
commit | bb6c744fd4f59d0f407c37955ba36f8d40cc60cf (patch) | |
tree | d87a3fa6e00e254466f5a487d1eda0f032a0669e /src | |
parent | merges (diff) | |
download | firejail-bb6c744fd4f59d0f407c37955ba36f8d40cc60cf.tar.gz firejail-bb6c744fd4f59d0f407c37955ba36f8d40cc60cf.tar.zst firejail-bb6c744fd4f59d0f407c37955ba36f8d40cc60cf.zip |
allow user access to /sys/fs (--noblacklist=/sys/fs)
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index a5f12c7df..6c566bd90 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -649,7 +649,11 @@ void fs_proc_sys_dev_boot(void) { | |||
649 | 649 | ||
650 | disable_file(BLACKLIST_FILE, "/sys/firmware"); | 650 | disable_file(BLACKLIST_FILE, "/sys/firmware"); |
651 | disable_file(BLACKLIST_FILE, "/sys/hypervisor"); | 651 | disable_file(BLACKLIST_FILE, "/sys/hypervisor"); |
652 | disable_file(BLACKLIST_FILE, "/sys/fs"); | 652 | { // allow user access to /sys/fs if "--noblacklist=/sys/fs" is present on the command line |
653 | EUID_USER(); | ||
654 | profile_add("blacklist /sys/fs"); | ||
655 | EUID_ROOT(); | ||
656 | } | ||
653 | disable_file(BLACKLIST_FILE, "/sys/module"); | 657 | disable_file(BLACKLIST_FILE, "/sys/module"); |
654 | disable_file(BLACKLIST_FILE, "/sys/power"); | 658 | disable_file(BLACKLIST_FILE, "/sys/power"); |
655 | disable_file(BLACKLIST_FILE, "/sys/kernel/debug"); | 659 | disable_file(BLACKLIST_FILE, "/sys/kernel/debug"); |