diff options
author | netblue30 <netblue30@yahoo.com> | 2015-11-22 13:37:36 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-11-22 13:37:36 -0500 |
commit | 0f1a12da2881727a2e1c214e0d48aa10b546f5fc (patch) | |
tree | 418bb92e04af2099f7164be370715ce16587d0da /src | |
parent | feature test (diff) | |
download | firejail-0f1a12da2881727a2e1c214e0d48aa10b546f5fc.tar.gz firejail-0f1a12da2881727a2e1c214e0d48aa10b546f5fc.tar.zst firejail-0f1a12da2881727a2e1c214e0d48aa10b546f5fc.zip |
disable firejail configuration by default
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index c6dfdec30..a0a7d9342 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -552,6 +552,19 @@ void fs_proc_sys_dev_boot(void) { | |||
552 | } | 552 | } |
553 | } | 553 | } |
554 | 554 | ||
555 | // disable firejail configuration in /etc/firejail and in ~/.config/firejail | ||
556 | static void disable_firejail_config(void) { | ||
557 | struct stat s; | ||
558 | if (stat("/etc/firejail", &s) == 0) | ||
559 | disable_file(BLACKLIST_FILE, "/etc/firejail"); | ||
560 | |||
561 | char *fname; | ||
562 | if (asprintf(&fname, "%s/.config/firejail", cfg.homedir) == -1) | ||
563 | errExit("asprintf"); | ||
564 | disable_file(BLACKLIST_FILE, fname); | ||
565 | free(fname); | ||
566 | } | ||
567 | |||
555 | 568 | ||
556 | // build a basic read-only filesystem | 569 | // build a basic read-only filesystem |
557 | void fs_basic_fs(void) { | 570 | void fs_basic_fs(void) { |
@@ -577,6 +590,8 @@ void fs_basic_fs(void) { | |||
577 | 590 | ||
578 | // don't leak user information | 591 | // don't leak user information |
579 | restrict_users(); | 592 | restrict_users(); |
593 | |||
594 | disable_firejail_config(); | ||
580 | } | 595 | } |
581 | 596 | ||
582 | 597 | ||
@@ -723,6 +738,8 @@ void fs_overlayfs(void) { | |||
723 | // don't leak user information | 738 | // don't leak user information |
724 | restrict_users(); | 739 | restrict_users(); |
725 | 740 | ||
741 | disable_firejail_config(); | ||
742 | |||
726 | // cleanup and exit | 743 | // cleanup and exit |
727 | free(option); | 744 | free(option); |
728 | free(oroot); | 745 | free(oroot); |
@@ -846,6 +863,8 @@ void fs_chroot(const char *rootdir) { | |||
846 | 863 | ||
847 | // don't leak user information | 864 | // don't leak user information |
848 | restrict_users(); | 865 | restrict_users(); |
866 | |||
867 | disable_firejail_config(); | ||
849 | } | 868 | } |
850 | #endif | 869 | #endif |
851 | 870 | ||