aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2015-10-12 20:02:46 -0400
committerLibravatar netblue30 <netblue30@yahoo.com>2015-10-12 20:02:46 -0400
commit6813df8142b1b03865a0a59e2eac7b60ef73bbf8 (patch)
tree3c898667f5ed20ae2faf23c7d003e33a639fa60a /src
parent--nosound option testing (diff)
downloadfirejail-6813df8142b1b03865a0a59e2eac7b60ef73bbf8.tar.gz
firejail-6813df8142b1b03865a0a59e2eac7b60ef73bbf8.tar.zst
firejail-6813df8142b1b03865a0a59e2eac7b60ef73bbf8.zip
added dri to --private-dev
Diffstat (limited to 'src')
-rw-r--r--src/firejail/firejail.h1
-rw-r--r--src/firejail/fs_dev.c35
2 files changed, 32 insertions, 4 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index ed3e2679f..4b2ecf0d9 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -29,6 +29,7 @@
29#define HOME_DIR "/tmp/firejail/mnt/home" 29#define HOME_DIR "/tmp/firejail/mnt/home"
30#define ETC_DIR "/tmp/firejail/mnt/etc" 30#define ETC_DIR "/tmp/firejail/mnt/etc"
31#define BIN_DIR "/tmp/firejail/mnt/bin" 31#define BIN_DIR "/tmp/firejail/mnt/bin"
32#define DRI_DIR "/tmp/firejail/mnt/dri"
32#define WHITELIST_HOME_DIR "/tmp/firejail/mnt/whome" 33#define WHITELIST_HOME_DIR "/tmp/firejail/mnt/whome"
33#define DEFAULT_USER_PROFILE "generic" 34#define DEFAULT_USER_PROFILE "generic"
34#define DEFAULT_ROOT_PROFILE "server" 35#define DEFAULT_ROOT_PROFILE "server"
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c
index fd8f0c642..7560d5fef 100644
--- a/src/firejail/fs_dev.c
+++ b/src/firejail/fs_dev.c
@@ -65,18 +65,45 @@ void fs_private_dev(void){
65 // install a new /dev directory 65 // install a new /dev directory
66 if (arg_debug) 66 if (arg_debug)
67 printf("Mounting tmpfs on /dev\n"); 67 printf("Mounting tmpfs on /dev\n");
68
69 // create DRI_DIR
70 fs_build_mnt_dir();
71 int rv = mkdir(DRI_DIR, 0755);
72 if (rv == -1)
73 errExit("mkdir");
74 if (chown(DRI_DIR, 0, 0) < 0)
75 errExit("chown");
76 if (chmod(DRI_DIR, 0755) < 0)
77 errExit("chmod");
78
79 // keep a copy of /dev/dri under DRI_DIR
80 if (mount("/dev/dri", DRI_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
81 errExit("mounting /dev");
82
83 // mount tmpfs on top of /dev
68 if (mount("tmpfs", "/dev", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) 84 if (mount("tmpfs", "/dev", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0)
69 errExit("mounting /dev"); 85 errExit("mounting /dev");
86
87 // bring back the /dev/dri directory
88 rv = mkdir("/dev/dri", 0755);
89 if (rv == -1)
90 errExit("mkdir");
91 if (chown("/dev/dri", 0, 0) < 0)
92 errExit("chown");
93 if (chmod("/dev/dri",0755) < 0)
94 errExit("chmod");
95 if (mount(DRI_DIR, "/dev/dri", NULL, MS_BIND|MS_REC, NULL) < 0)
96 errExit("mounting /dev");
70 97
71 // create /dev/shm 98 // create /dev/shm
72 if (arg_debug) 99 if (arg_debug)
73 printf("Create /dev/shm directory\n"); 100 printf("Create /dev/shm directory\n");
74 int rv = mkdir("/dev/shm", S_IRWXU | S_IRWXG | S_IRWXO); 101 rv = mkdir("/dev/shm", 0777);
75 if (rv == -1) 102 if (rv == -1)
76 errExit("mkdir"); 103 errExit("mkdir");
77 if (chown("/dev/shm", 0, 0) < 0) 104 if (chown("/dev/shm", 0, 0) < 0)
78 errExit("chown"); 105 errExit("chown");
79 if (chmod("/dev/shm", S_IRWXU | S_IRWXG | S_IRWXO) < 0) 106 if (chmod("/dev/shm", 0777) < 0)
80 errExit("chmod"); 107 errExit("chmod");
81 108
82 // create devices 109 // create devices
@@ -131,11 +158,11 @@ void fs_dev_shm(void) {
131 if (lnk) { 158 if (lnk) {
132 if (!is_dir(lnk)) { 159 if (!is_dir(lnk)) {
133 // create directory 160 // create directory
134 if (mkdir(lnk, S_IRWXU|S_IRWXG|S_IRWXO)) 161 if (mkdir(lnk, 0777))
135 errExit("mkdir"); 162 errExit("mkdir");
136 if (chown(lnk, 0, 0)) 163 if (chown(lnk, 0, 0))
137 errExit("chown"); 164 errExit("chown");
138 if (chmod(lnk, S_IRWXU|S_IRWXG|S_IRWXO)) 165 if (chmod(lnk, 0777))
139 errExit("chmod"); 166 errExit("chmod");
140 } 167 }
141 if (arg_debug) 168 if (arg_debug)
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-10 13:28:26 +0000