diff options
| author |  The Fox in the Shell <KellerFuchs@hashbang.sh> | 2016-04-07 18:22:24 +0200 |
|---|---|---|
| committer | The Fox in the Shell <KellerFuchs@hashbang.sh> | 2016-05-25 15:01:13 +0200 |
| commit | 178f649ac21f1511db89c1bfcb617678b7bf2e2a (patch) | |
| tree | 5051b29933a48e0285957afa0cbc0b959abb2b79 /src | |
| parent | 0.9.40 testing (diff) | |
| download | firejail-178f649ac21f1511db89c1bfcb617678b7bf2e2a.tar.gz firejail-178f649ac21f1511db89c1bfcb617678b7bf2e2a.tar.zst firejail-178f649ac21f1511db89c1bfcb617678b7bf2e2a.zip | |
sandbox: Add NO_NEW_PRIVS inconditionally
This is just a first try
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/sandbox.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 5cfee44d8..109395b60 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
| @@ -748,6 +748,16 @@ int sandbox(void* sandbox_arg) { | |||
| 748 | } | 748 | } |
| 749 | 749 | ||
| 750 | //**************************************** | 750 | //**************************************** |
| 751 | // Set NO_NEW_PRIVS if desired | ||
| 752 | //**************************************** | ||
| 753 | int no_new_privs = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); | ||
| 754 | if(no_new_privs != 0) { | ||
| 755 | errExit("NO_NEW_PRIVS"); | ||
| 756 | } else | ||
| 757 | printf("No new privileges from this point on\n"); | ||
| 758 | |||
| 759 | |||
| 760 | //**************************************** | ||
| 751 | // fork the application and monitor it | 761 | // fork the application and monitor it |
| 752 | //**************************************** | 762 | //**************************************** |
| 753 | pid_t app_pid = fork(); | 763 | pid_t app_pid = fork(); |