diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-04-19 08:21:22 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-04-19 08:21:22 -0400 |
| commit | c14364ff5ffe9a9415f5879248804cfde57cb793 (patch) | |
| tree | 9d85d8ffa7fc206d4408650a1b70603b0f272f1d /src | |
| parent | close lock file (diff) | |
| parent | Merge pull request #457 from Fred-Barclay/proposed (diff) | |
| download | firejail-c14364ff5ffe9a9415f5879248804cfde57cb793.tar.gz firejail-c14364ff5ffe9a9415f5879248804cfde57cb793.tar.zst firejail-c14364ff5ffe9a9415f5879248804cfde57cb793.zip | |
Merge branch 'master' of https://github.com/netblue30/firejail
Diffstat (limited to 'src')
| -rw-r--r-- | src/firecfg/firecfg.config | 5 | ||||
| -rw-r--r-- | src/firejail/fs.c | 15 |
2 files changed, 15 insertions, 5 deletions
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 8bebf76af..3812ee7d8 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
| @@ -4,6 +4,10 @@ | |||
| 4 | 4 | ||
| 5 | # astronomy | 5 | # astronomy |
| 6 | gpredict | 6 | gpredict |
| 7 | stellarium | ||
| 8 | |||
| 9 | # weather/climate | ||
| 10 | aweather | ||
| 7 | 11 | ||
| 8 | # browsers/email | 12 | # browsers/email |
| 9 | firefox | 13 | firefox |
| @@ -78,6 +82,7 @@ quassel | |||
| 78 | xchat | 82 | xchat |
| 79 | 83 | ||
| 80 | # games | 84 | # games |
| 85 | 0ad | ||
| 81 | hedgewars | 86 | hedgewars |
| 82 | wesnot | 87 | wesnot |
| 83 | warzone2100 | 88 | warzone2100 |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index af1ddf93b..4c2510021 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
| @@ -726,7 +726,16 @@ static void disable_firejail_config(void) { | |||
| 726 | // build a basic read-only filesystem | 726 | // build a basic read-only filesystem |
| 727 | void fs_basic_fs(void) { | 727 | void fs_basic_fs(void) { |
| 728 | if (arg_debug) | 728 | if (arg_debug) |
| 729 | printf("Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr, /etc, /var\n"); | 729 | printf("Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr"); |
| 730 | if (!arg_writable_etc) { | ||
| 731 | fs_rdonly("/etc"); | ||
| 732 | if (arg_debug) printf(", /etc"); | ||
| 733 | } | ||
| 734 | if (!arg_writable_var) { | ||
| 735 | fs_rdonly("/var"); | ||
| 736 | if (arg_debug) printf(", /var"); | ||
| 737 | } | ||
| 738 | if (arg_debug) printf("\n"); | ||
| 730 | fs_rdonly("/bin"); | 739 | fs_rdonly("/bin"); |
| 731 | fs_rdonly("/sbin"); | 740 | fs_rdonly("/sbin"); |
| 732 | fs_rdonly("/lib"); | 741 | fs_rdonly("/lib"); |
| @@ -734,10 +743,6 @@ void fs_basic_fs(void) { | |||
| 734 | fs_rdonly("/lib32"); | 743 | fs_rdonly("/lib32"); |
| 735 | fs_rdonly("/libx32"); | 744 | fs_rdonly("/libx32"); |
| 736 | fs_rdonly("/usr"); | 745 | fs_rdonly("/usr"); |
| 737 | if (!arg_writable_etc) | ||
| 738 | fs_rdonly("/etc"); | ||
| 739 | if (!arg_writable_var) | ||
| 740 | fs_rdonly("/var"); | ||
| 741 | 746 | ||
| 742 | // update /var directory in order to support multiple sandboxes running on the same root directory | 747 | // update /var directory in order to support multiple sandboxes running on the same root directory |
| 743 | if (!arg_private_dev) | 748 | if (!arg_private_dev) |