tune pam-tmpdir file permissions

author: smitsohu <smitsohu@gmail.com> 2019-08-01 21:31:27 +0200
committer: smitsohu <smitsohu@gmail.com> 2019-08-01 21:31:27 +0200
commit: 66fa1d1fa671bf01249cf2dee911694e6976cdc9 (patch)
tree: 7a4cf1c950634d5de42031c2517e5e3c25f21041 /src
parent: some profile fixups (followup) (diff)
download: firejail-66fa1d1fa671bf01249cf2dee911694e6976cdc9.tar.gz
firejail-66fa1d1fa671bf01249cf2dee911694e6976cdc9.tar.zst
firejail-66fa1d1fa671bf01249cf2dee911694e6976cdc9.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 122c100f8..fa93751cc 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -743,9 +743,9 @@ void fs_whitelist(void) {
                                        errExit("asprintf");
                                if (strcmp(env, pamtmpdir) == 0) {
                                        // create empty user-owned /tmp/user/$uid directory
-                                        mkdir_attr("/tmp/user", 0755, 0, 0);
+                                        mkdir_attr("/tmp/user", 0711, 0, 0);
                                        fs_logger("mkdir /tmp/user");
-                                        mkdir_attr(pamtmpdir, 0700, getuid(), getgid());
+                                        mkdir_attr(pamtmpdir, 0700, getuid(), 0);
                                        fs_logger2("mkdir", pamtmpdir);
                                }
                                free(pamtmpdir);
author	smitsohu <smitsohu@gmail.com>	2019-08-01 21:31:27 +0200
committer	smitsohu <smitsohu@gmail.com>	2019-08-01 21:31:27 +0200
commit	66fa1d1fa671bf01249cf2dee911694e6976cdc9 (patch)
tree	7a4cf1c950634d5de42031c2517e5e3c25f21041 /src
parent	some profile fixups (followup) (diff)
download	firejail-66fa1d1fa671bf01249cf2dee911694e6976cdc9.tar.gz firejail-66fa1d1fa671bf01249cf2dee911694e6976cdc9.tar.zst firejail-66fa1d1fa671bf01249cf2dee911694e6976cdc9.zip

diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 122c100f8..fa93751cc 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c
@@ -743,9 +743,9 @@ void fs_whitelist(void) {
743	errExit("asprintf");	743	errExit("asprintf");
744	if (strcmp(env, pamtmpdir) == 0) {	744	if (strcmp(env, pamtmpdir) == 0) {
745	// create empty user-owned /tmp/user/$uid directory	745	// create empty user-owned /tmp/user/$uid directory
746	mkdir_attr("/tmp/user", 0755, 0, 0);	746	mkdir_attr("/tmp/user", 0711, 0, 0);
747	fs_logger("mkdir /tmp/user");	747	fs_logger("mkdir /tmp/user");
748	mkdir_attr(pamtmpdir, 0700, getuid(), getgid());	748	mkdir_attr(pamtmpdir, 0700, getuid(), 0);
749	fs_logger2("mkdir", pamtmpdir);	749	fs_logger2("mkdir", pamtmpdir);
750	}	750	}
751	free(pamtmpdir);	751	free(pamtmpdir);