diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-10-17 08:41:39 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-10-17 08:41:39 -0400 |
| commit | bb6c744fd4f59d0f407c37955ba36f8d40cc60cf (patch) | |
| tree | d87a3fa6e00e254466f5a487d1eda0f032a0669e /src | |
| parent | merges (diff) | |
| download | firejail-bb6c744fd4f59d0f407c37955ba36f8d40cc60cf.tar.gz firejail-bb6c744fd4f59d0f407c37955ba36f8d40cc60cf.tar.zst firejail-bb6c744fd4f59d0f407c37955ba36f8d40cc60cf.zip | |
allow user access to /sys/fs (--noblacklist=/sys/fs)
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/fs.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index a5f12c7df..6c566bd90 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
| @@ -649,7 +649,11 @@ void fs_proc_sys_dev_boot(void) { | |||
| 649 | 649 | ||
| 650 | disable_file(BLACKLIST_FILE, "/sys/firmware"); | 650 | disable_file(BLACKLIST_FILE, "/sys/firmware"); |
| 651 | disable_file(BLACKLIST_FILE, "/sys/hypervisor"); | 651 | disable_file(BLACKLIST_FILE, "/sys/hypervisor"); |
| 652 | disable_file(BLACKLIST_FILE, "/sys/fs"); | 652 | { // allow user access to /sys/fs if "--noblacklist=/sys/fs" is present on the command line |
| 653 | EUID_USER(); | ||
| 654 | profile_add("blacklist /sys/fs"); | ||
| 655 | EUID_ROOT(); | ||
| 656 | } | ||
| 653 | disable_file(BLACKLIST_FILE, "/sys/module"); | 657 | disable_file(BLACKLIST_FILE, "/sys/module"); |
| 654 | disable_file(BLACKLIST_FILE, "/sys/power"); | 658 | disable_file(BLACKLIST_FILE, "/sys/power"); |
| 655 | disable_file(BLACKLIST_FILE, "/sys/kernel/debug"); | 659 | disable_file(BLACKLIST_FILE, "/sys/kernel/debug"); |