diff options
author | smitsohu <smitsohu@gmail.com> | 2020-08-28 16:02:24 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-08-28 16:02:24 +0200 |
commit | 5014a434e5b0a735a7fcd4a1170408337fe4fc09 (patch) | |
tree | a678fdf3a6d3197d6ad5743c1e3e2f0177dad11b /src | |
parent | expose pulseaudio in chroot if FIREJAIL_CHROOT_PULSE is set (diff) | |
download | firejail-5014a434e5b0a735a7fcd4a1170408337fe4fc09.tar.gz firejail-5014a434e5b0a735a7fcd4a1170408337fe4fc09.tar.zst firejail-5014a434e5b0a735a7fcd4a1170408337fe4fc09.zip |
private-dev: blacklist stashed syslog socket when it is not needed anymore
closes #3584
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs_dev.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c index 00edc5f88..3950ea2fd 100644 --- a/src/firejail/fs_dev.c +++ b/src/firejail/fs_dev.c | |||
@@ -244,6 +244,8 @@ void fs_private_dev(void){ | |||
244 | errExit("mounting /dev/log"); | 244 | errExit("mounting /dev/log"); |
245 | fs_logger("clone /dev/log"); | 245 | fs_logger("clone /dev/log"); |
246 | } | 246 | } |
247 | if (mount(RUN_RO_FILE, RUN_DEVLOG_FILE, "none", MS_BIND, "mode=400,gid=0") < 0) | ||
248 | errExit("blacklisting " RUN_DEVLOG_FILE); | ||
247 | } | 249 | } |
248 | 250 | ||
249 | // bring forward the current /dev/shm directory if necessary | 251 | // bring forward the current /dev/shm directory if necessary |