diff options
author | smitsohu <smitsohu@gmail.com> | 2021-01-06 19:58:39 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2021-01-06 20:00:27 +0100 |
commit | 6c7138edf75e3366cf0eed8001f59b40975231c8 (patch) | |
tree | 7198e7f2b0fd182d940a9f8e906fe87e7e55798c /src | |
parent | join: misc improvements (diff) | |
download | firejail-6c7138edf75e3366cf0eed8001f59b40975231c8.tar.gz firejail-6c7138edf75e3366cf0eed8001f59b40975231c8.tar.zst firejail-6c7138edf75e3366cf0eed8001f59b40975231c8.zip |
mount private-lib directories read-only
avoids creating holes in the basic read-only filesystem
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs_lib.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c index 5cfd33b42..d5b392d71 100644 --- a/src/firejail/fs_lib.c +++ b/src/firejail/fs_lib.c | |||
@@ -165,7 +165,7 @@ void fslib_copy_dir(const char *full_path) { | |||
165 | mkdir_attr(dest, 0755, 0, 0); | 165 | mkdir_attr(dest, 0755, 0, 0); |
166 | 166 | ||
167 | if (mount(full_path, dest, NULL, MS_BIND|MS_REC, NULL) < 0 || | 167 | if (mount(full_path, dest, NULL, MS_BIND|MS_REC, NULL) < 0 || |
168 | mount(NULL, dest, NULL, MS_BIND|MS_REMOUNT|MS_NOSUID|MS_NODEV|MS_REC, NULL) < 0) | 168 | mount(NULL, dest, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY|MS_NOSUID|MS_NODEV|MS_REC, NULL) < 0) |
169 | errExit("mount bind"); | 169 | errExit("mount bind"); |
170 | fs_logger2("clone", full_path); | 170 | fs_logger2("clone", full_path); |
171 | fs_logger2("mount", full_path); | 171 | fs_logger2("mount", full_path); |