diff options
| author |  smitsohu <smitsohu@gmail.com> | 2019-11-28 11:36:40 +0100 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2019-11-28 11:36:40 +0100 |
| commit | f439d08ca2d8abe5be7277ffa3496a032dd53558 (patch) | |
| tree | 832f9fa369bbca9c8ea59ce82333081da0d7ca9e /src | |
| parent | fix interaction between private options and allusers option (diff) | |
| download | firejail-f439d08ca2d8abe5be7277ffa3496a032dd53558.tar.gz firejail-f439d08ca2d8abe5be7277ffa3496a032dd53558.tar.zst firejail-f439d08ca2d8abe5be7277ffa3496a032dd53558.zip | |
mask more private options runtime directories, just to be sure
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/fs_etc.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index eb03eb35f..082f8b4a0 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c | |||
| @@ -189,5 +189,10 @@ void fs_private_dir_list(const char *private_dir, const char *private_run_dir, c | |||
| 189 | errExit("mount bind"); | 189 | errExit("mount bind"); |
| 190 | fs_logger2("mount", private_dir); | 190 | fs_logger2("mount", private_dir); |
| 191 | 191 | ||
| 192 | // mask private_run_dir (who knows if there are writable paths, and it is mounted exec) | ||
| 193 | if (mount("tmpfs", private_run_dir, "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME, "mode=755,gid=0") < 0) | ||
| 194 | errExit("mounting tmpfs"); | ||
| 195 | fs_logger2("tmpfs", private_run_dir); | ||
| 196 | |||
| 192 | fmessage("Private %s installed in %0.2f ms\n", private_dir, timetrace_end()); | 197 | fmessage("Private %s installed in %0.2f ms\n", private_dir, timetrace_end()); |
| 193 | } | 198 | } |