diff options
author | netblue30 <netblue30@yahoo.com> | 2016-04-19 08:21:22 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-04-19 08:21:22 -0400 |
commit | c14364ff5ffe9a9415f5879248804cfde57cb793 (patch) | |
tree | 9d85d8ffa7fc206d4408650a1b70603b0f272f1d /src | |
parent | close lock file (diff) | |
parent | Merge pull request #457 from Fred-Barclay/proposed (diff) | |
download | firejail-c14364ff5ffe9a9415f5879248804cfde57cb793.tar.gz firejail-c14364ff5ffe9a9415f5879248804cfde57cb793.tar.zst firejail-c14364ff5ffe9a9415f5879248804cfde57cb793.zip |
Merge branch 'master' of https://github.com/netblue30/firejail
Diffstat (limited to 'src')
-rw-r--r-- | src/firecfg/firecfg.config | 5 | ||||
-rw-r--r-- | src/firejail/fs.c | 15 |
2 files changed, 15 insertions, 5 deletions
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 8bebf76af..3812ee7d8 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -4,6 +4,10 @@ | |||
4 | 4 | ||
5 | # astronomy | 5 | # astronomy |
6 | gpredict | 6 | gpredict |
7 | stellarium | ||
8 | |||
9 | # weather/climate | ||
10 | aweather | ||
7 | 11 | ||
8 | # browsers/email | 12 | # browsers/email |
9 | firefox | 13 | firefox |
@@ -78,6 +82,7 @@ quassel | |||
78 | xchat | 82 | xchat |
79 | 83 | ||
80 | # games | 84 | # games |
85 | 0ad | ||
81 | hedgewars | 86 | hedgewars |
82 | wesnot | 87 | wesnot |
83 | warzone2100 | 88 | warzone2100 |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index af1ddf93b..4c2510021 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -726,7 +726,16 @@ static void disable_firejail_config(void) { | |||
726 | // build a basic read-only filesystem | 726 | // build a basic read-only filesystem |
727 | void fs_basic_fs(void) { | 727 | void fs_basic_fs(void) { |
728 | if (arg_debug) | 728 | if (arg_debug) |
729 | printf("Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr, /etc, /var\n"); | 729 | printf("Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr"); |
730 | if (!arg_writable_etc) { | ||
731 | fs_rdonly("/etc"); | ||
732 | if (arg_debug) printf(", /etc"); | ||
733 | } | ||
734 | if (!arg_writable_var) { | ||
735 | fs_rdonly("/var"); | ||
736 | if (arg_debug) printf(", /var"); | ||
737 | } | ||
738 | if (arg_debug) printf("\n"); | ||
730 | fs_rdonly("/bin"); | 739 | fs_rdonly("/bin"); |
731 | fs_rdonly("/sbin"); | 740 | fs_rdonly("/sbin"); |
732 | fs_rdonly("/lib"); | 741 | fs_rdonly("/lib"); |
@@ -734,10 +743,6 @@ void fs_basic_fs(void) { | |||
734 | fs_rdonly("/lib32"); | 743 | fs_rdonly("/lib32"); |
735 | fs_rdonly("/libx32"); | 744 | fs_rdonly("/libx32"); |
736 | fs_rdonly("/usr"); | 745 | fs_rdonly("/usr"); |
737 | if (!arg_writable_etc) | ||
738 | fs_rdonly("/etc"); | ||
739 | if (!arg_writable_var) | ||
740 | fs_rdonly("/var"); | ||
741 | 746 | ||
742 | // update /var directory in order to support multiple sandboxes running on the same root directory | 747 | // update /var directory in order to support multiple sandboxes running on the same root directory |
743 | if (!arg_private_dev) | 748 | if (!arg_private_dev) |