diff options
author | netblue30 <netblue30@yahoo.com> | 2016-07-10 08:44:00 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-07-10 08:44:00 -0400 |
commit | d1afb133e35ba444b214d2d4b63f460925e90ece (patch) | |
tree | 726acc61f6193f53a1b27327b637219365b8c3d4 /src | |
parent | --noexec (diff) | |
download | firejail-d1afb133e35ba444b214d2d4b63f460925e90ece.tar.gz firejail-d1afb133e35ba444b214d2d4b63f460925e90ece.tar.zst firejail-d1afb133e35ba444b214d2d4b63f460925e90ece.zip |
/var and /etc are noexec by default
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index de59b6676..4b2b91b17 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -722,10 +722,12 @@ void fs_basic_fs(void) { | |||
722 | printf("Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr"); | 722 | printf("Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr"); |
723 | if (!arg_writable_etc) { | 723 | if (!arg_writable_etc) { |
724 | fs_rdonly("/etc"); | 724 | fs_rdonly("/etc"); |
725 | fs_noexec("/etc"); | ||
725 | if (arg_debug) printf(", /etc"); | 726 | if (arg_debug) printf(", /etc"); |
726 | } | 727 | } |
727 | if (!arg_writable_var) { | 728 | if (!arg_writable_var) { |
728 | fs_rdonly("/var"); | 729 | fs_rdonly("/var"); |
730 | fs_noexec("/var"); | ||
729 | if (arg_debug) printf(", /var"); | 731 | if (arg_debug) printf(", /var"); |
730 | } | 732 | } |
731 | if (arg_debug) printf("\n"); | 733 | if (arg_debug) printf("\n"); |