diff options
author | The Fox in the Shell <KellerFuchs@hashbang.sh> | 2016-04-07 18:22:24 +0200 |
---|---|---|
committer | The Fox in the Shell <KellerFuchs@hashbang.sh> | 2016-05-25 15:01:13 +0200 |
commit | 178f649ac21f1511db89c1bfcb617678b7bf2e2a (patch) | |
tree | 5051b29933a48e0285957afa0cbc0b959abb2b79 /src | |
parent | 0.9.40 testing (diff) | |
download | firejail-178f649ac21f1511db89c1bfcb617678b7bf2e2a.tar.gz firejail-178f649ac21f1511db89c1bfcb617678b7bf2e2a.tar.zst firejail-178f649ac21f1511db89c1bfcb617678b7bf2e2a.zip |
sandbox: Add NO_NEW_PRIVS inconditionally
This is just a first try
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/sandbox.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 5cfee44d8..109395b60 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -748,6 +748,16 @@ int sandbox(void* sandbox_arg) { | |||
748 | } | 748 | } |
749 | 749 | ||
750 | //**************************************** | 750 | //**************************************** |
751 | // Set NO_NEW_PRIVS if desired | ||
752 | //**************************************** | ||
753 | int no_new_privs = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); | ||
754 | if(no_new_privs != 0) { | ||
755 | errExit("NO_NEW_PRIVS"); | ||
756 | } else | ||
757 | printf("No new privileges from this point on\n"); | ||
758 | |||
759 | |||
760 | //**************************************** | ||
751 | // fork the application and monitor it | 761 | // fork the application and monitor it |
752 | //**************************************** | 762 | //**************************************** |
753 | pid_t app_pid = fork(); | 763 | pid_t app_pid = fork(); |