diff options
author | netblue30 <netblue30@yahoo.com> | 2015-10-12 20:02:46 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-10-12 20:02:46 -0400 |
commit | 6813df8142b1b03865a0a59e2eac7b60ef73bbf8 (patch) | |
tree | 3c898667f5ed20ae2faf23c7d003e33a639fa60a /src | |
parent | --nosound option testing (diff) | |
download | firejail-6813df8142b1b03865a0a59e2eac7b60ef73bbf8.tar.gz firejail-6813df8142b1b03865a0a59e2eac7b60ef73bbf8.tar.zst firejail-6813df8142b1b03865a0a59e2eac7b60ef73bbf8.zip |
added dri to --private-dev
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/fs_dev.c | 35 |
2 files changed, 32 insertions, 4 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index ed3e2679f..4b2ecf0d9 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -29,6 +29,7 @@ | |||
29 | #define HOME_DIR "/tmp/firejail/mnt/home" | 29 | #define HOME_DIR "/tmp/firejail/mnt/home" |
30 | #define ETC_DIR "/tmp/firejail/mnt/etc" | 30 | #define ETC_DIR "/tmp/firejail/mnt/etc" |
31 | #define BIN_DIR "/tmp/firejail/mnt/bin" | 31 | #define BIN_DIR "/tmp/firejail/mnt/bin" |
32 | #define DRI_DIR "/tmp/firejail/mnt/dri" | ||
32 | #define WHITELIST_HOME_DIR "/tmp/firejail/mnt/whome" | 33 | #define WHITELIST_HOME_DIR "/tmp/firejail/mnt/whome" |
33 | #define DEFAULT_USER_PROFILE "generic" | 34 | #define DEFAULT_USER_PROFILE "generic" |
34 | #define DEFAULT_ROOT_PROFILE "server" | 35 | #define DEFAULT_ROOT_PROFILE "server" |
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c index fd8f0c642..7560d5fef 100644 --- a/src/firejail/fs_dev.c +++ b/src/firejail/fs_dev.c | |||
@@ -65,18 +65,45 @@ void fs_private_dev(void){ | |||
65 | // install a new /dev directory | 65 | // install a new /dev directory |
66 | if (arg_debug) | 66 | if (arg_debug) |
67 | printf("Mounting tmpfs on /dev\n"); | 67 | printf("Mounting tmpfs on /dev\n"); |
68 | |||
69 | // create DRI_DIR | ||
70 | fs_build_mnt_dir(); | ||
71 | int rv = mkdir(DRI_DIR, 0755); | ||
72 | if (rv == -1) | ||
73 | errExit("mkdir"); | ||
74 | if (chown(DRI_DIR, 0, 0) < 0) | ||
75 | errExit("chown"); | ||
76 | if (chmod(DRI_DIR, 0755) < 0) | ||
77 | errExit("chmod"); | ||
78 | |||
79 | // keep a copy of /dev/dri under DRI_DIR | ||
80 | if (mount("/dev/dri", DRI_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) | ||
81 | errExit("mounting /dev"); | ||
82 | |||
83 | // mount tmpfs on top of /dev | ||
68 | if (mount("tmpfs", "/dev", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) | 84 | if (mount("tmpfs", "/dev", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) |
69 | errExit("mounting /dev"); | 85 | errExit("mounting /dev"); |
86 | |||
87 | // bring back the /dev/dri directory | ||
88 | rv = mkdir("/dev/dri", 0755); | ||
89 | if (rv == -1) | ||
90 | errExit("mkdir"); | ||
91 | if (chown("/dev/dri", 0, 0) < 0) | ||
92 | errExit("chown"); | ||
93 | if (chmod("/dev/dri",0755) < 0) | ||
94 | errExit("chmod"); | ||
95 | if (mount(DRI_DIR, "/dev/dri", NULL, MS_BIND|MS_REC, NULL) < 0) | ||
96 | errExit("mounting /dev"); | ||
70 | 97 | ||
71 | // create /dev/shm | 98 | // create /dev/shm |
72 | if (arg_debug) | 99 | if (arg_debug) |
73 | printf("Create /dev/shm directory\n"); | 100 | printf("Create /dev/shm directory\n"); |
74 | int rv = mkdir("/dev/shm", S_IRWXU | S_IRWXG | S_IRWXO); | 101 | rv = mkdir("/dev/shm", 0777); |
75 | if (rv == -1) | 102 | if (rv == -1) |
76 | errExit("mkdir"); | 103 | errExit("mkdir"); |
77 | if (chown("/dev/shm", 0, 0) < 0) | 104 | if (chown("/dev/shm", 0, 0) < 0) |
78 | errExit("chown"); | 105 | errExit("chown"); |
79 | if (chmod("/dev/shm", S_IRWXU | S_IRWXG | S_IRWXO) < 0) | 106 | if (chmod("/dev/shm", 0777) < 0) |
80 | errExit("chmod"); | 107 | errExit("chmod"); |
81 | 108 | ||
82 | // create devices | 109 | // create devices |
@@ -131,11 +158,11 @@ void fs_dev_shm(void) { | |||
131 | if (lnk) { | 158 | if (lnk) { |
132 | if (!is_dir(lnk)) { | 159 | if (!is_dir(lnk)) { |
133 | // create directory | 160 | // create directory |
134 | if (mkdir(lnk, S_IRWXU|S_IRWXG|S_IRWXO)) | 161 | if (mkdir(lnk, 0777)) |
135 | errExit("mkdir"); | 162 | errExit("mkdir"); |
136 | if (chown(lnk, 0, 0)) | 163 | if (chown(lnk, 0, 0)) |
137 | errExit("chown"); | 164 | errExit("chown"); |
138 | if (chmod(lnk, S_IRWXU|S_IRWXG|S_IRWXO)) | 165 | if (chmod(lnk, 0777)) |
139 | errExit("chmod"); | 166 | errExit("chmod"); |
140 | } | 167 | } |
141 | if (arg_debug) | 168 | if (arg_debug) |