diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-02-21 09:43:33 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-02-21 09:43:33 -0500 |
| commit | c89ebb846a9df5288b482941fe8d205f675be39b (patch) | |
| tree | 14bf7bb798142c869b4a1edf1d0ddf818a37581d /src | |
| parent | testing (diff) | |
| download | firejail-c89ebb846a9df5288b482941fe8d205f675be39b.tar.gz firejail-c89ebb846a9df5288b482941fe8d205f675be39b.tar.zst firejail-c89ebb846a9df5288b482941fe8d205f675be39b.zip | |
small fixes
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/fs.c | 12 | ||||
| -rw-r--r-- | src/firejail/main.c | 2 | ||||
| -rw-r--r-- | src/firejail/profile.c | 4 |
3 files changed, 12 insertions, 6 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 92cf4c1bc..df5e8410b 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
| @@ -580,12 +580,14 @@ void fs_proc_sys_dev_boot(void) { | |||
| 580 | /* Mount a version of /sys that describes the network namespace */ | 580 | /* Mount a version of /sys that describes the network namespace */ |
| 581 | if (arg_debug) | 581 | if (arg_debug) |
| 582 | printf("Remounting /sys directory\n"); | 582 | printf("Remounting /sys directory\n"); |
| 583 | if (umount2("/sys", MNT_DETACH) < 0) | 583 | if (umount2("/sys", MNT_DETACH) < 0) |
| 584 | fprintf(stderr, "Warning: failed to unmount /sys\n"); | 584 | fprintf(stderr, "Warning: failed to unmount /sys\n"); |
| 585 | if (mount("sysfs", "/sys", "sysfs", MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REC, NULL) < 0) | 585 | else { |
| 586 | fprintf(stderr, "Warning: failed to mount /sys\n"); | 586 | if (mount("sysfs", "/sys", "sysfs", MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REC, NULL) < 0) |
| 587 | else | 587 | fprintf(stderr, "Warning: failed to mount /sys\n"); |
| 588 | fs_logger("remount /sys"); | 588 | else |
| 589 | fs_logger("remount /sys"); | ||
| 590 | } | ||
| 589 | 591 | ||
| 590 | if (stat("/sys/firmware", &s) == 0) { | 592 | if (stat("/sys/firmware", &s) == 0) { |
| 591 | disable_file(BLACKLIST_FILE, "/sys/firmware"); | 593 | disable_file(BLACKLIST_FILE, "/sys/firmware"); |
diff --git a/src/firejail/main.c b/src/firejail/main.c index fe4027a55..f02da66aa 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -142,7 +142,7 @@ static inline Bridge *last_bridge_configured(void) { | |||
| 142 | } | 142 | } |
| 143 | 143 | ||
| 144 | // return 1 if error, 0 if a valid pid was found | 144 | // return 1 if error, 0 if a valid pid was found |
| 145 | static int read_pid(char *str, pid_t *pid) { | 145 | static inline int read_pid(char *str, pid_t *pid) { |
| 146 | char *endptr; | 146 | char *endptr; |
| 147 | errno = 0; | 147 | errno = 0; |
| 148 | long int pidtmp = strtol(str, &endptr, 10); | 148 | long int pidtmp = strtol(str, &endptr, 10); |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 112454396..ba287027c 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -363,6 +363,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
| 363 | fprintf(stderr, "Error: invalid file name.\n"); | 363 | fprintf(stderr, "Error: invalid file name.\n"); |
| 364 | exit(1); | 364 | exit(1); |
| 365 | } | 365 | } |
| 366 | if (is_link(dname1) || is_link(dname2)) { | ||
| 367 | fprintf(stderr, "Symbolic links are not allowed for bind command\n"); | ||
| 368 | exit(1); | ||
| 369 | } | ||
| 366 | 370 | ||
| 367 | // insert comma back | 371 | // insert comma back |
| 368 | *(dname2 - 1) = ','; | 372 | *(dname2 - 1) = ','; |