diff options
author | smitsohu <smitsohu@gmail.com> | 2018-11-04 18:11:07 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2018-11-04 18:11:07 +0100 |
commit | c1b2509c7272fbef5ddc9fae289783b1985ad37f (patch) | |
tree | f2ef8ce07efb90e0e02cd1e2e59e6d4e6a814b05 /src | |
parent | fs_whitelist: minor mountinfo check improvement, cleanup (diff) | |
download | firejail-c1b2509c7272fbef5ddc9fae289783b1985ad37f.tar.gz firejail-c1b2509c7272fbef5ddc9fae289783b1985ad37f.tar.zst firejail-c1b2509c7272fbef5ddc9fae289783b1985ad37f.zip |
mount appimages nodev,nosuid
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/appimage.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c index e8db91958..7adf31eb6 100644 --- a/src/firejail/appimage.c +++ b/src/firejail/appimage.c | |||
@@ -106,16 +106,19 @@ void appimage_set(const char *appimage) { | |||
106 | char *mode; | 106 | char *mode; |
107 | if (asprintf(&mode, "mode=700,uid=%d,gid=%d", getuid(), getgid()) == -1) | 107 | if (asprintf(&mode, "mode=700,uid=%d,gid=%d", getuid(), getgid()) == -1) |
108 | errExit("asprintf"); | 108 | errExit("asprintf"); |
109 | EUID_ROOT(); | 109 | unsigned long flags = MS_MGC_VAL|MS_RDONLY; |
110 | if (getuid()) | ||
111 | flags |= MS_NODEV|MS_NOSUID; | ||
110 | 112 | ||
113 | EUID_ROOT(); | ||
111 | if (size == 0) { | 114 | if (size == 0) { |
112 | fmessage("Mounting appimage type 1\n"); | 115 | fmessage("Mounting appimage type 1\n"); |
113 | if (mount(devloop, mntdir, "iso9660",MS_MGC_VAL|MS_RDONLY, mode) < 0) | 116 | if (mount(devloop, mntdir, "iso9660", flags, mode) < 0) |
114 | errExit("mounting appimage"); | 117 | errExit("mounting appimage"); |
115 | } | 118 | } |
116 | else { | 119 | else { |
117 | fmessage("Mounting appimage type 2\n"); | 120 | fmessage("Mounting appimage type 2\n"); |
118 | if (mount(devloop, mntdir, "squashfs",MS_MGC_VAL|MS_RDONLY, mode) < 0) | 121 | if (mount(devloop, mntdir, "squashfs", flags, mode) < 0) |
119 | errExit("mounting appimage"); | 122 | errExit("mounting appimage"); |
120 | } | 123 | } |
121 | 124 | ||