diff options
author | smitsohu <smitsohu@gmail.com> | 2020-08-08 23:42:03 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-08-08 23:42:03 +0200 |
commit | d3b58663e48210c258380f7480c6f9a22e96a5e0 (patch) | |
tree | ed1e1d8c4c8fffe57c05c512852d29b714a597f1 /src | |
parent | fix for older compilers (gcc 4.9.2, Debian 8) (diff) | |
download | firejail-d3b58663e48210c258380f7480c6f9a22e96a5e0.tar.gz firejail-d3b58663e48210c258380f7480c6f9a22e96a5e0.tar.zst firejail-d3b58663e48210c258380f7480c6f9a22e96a5e0.zip |
mount sandbox lib directory ro,nosuid,nodev
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/sandbox.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 2314d5744..e42d35be5 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -666,7 +666,8 @@ int sandbox(void* sandbox_arg) { | |||
666 | // ... and mount a tmpfs on top of /run/firejail/mnt directory | 666 | // ... and mount a tmpfs on top of /run/firejail/mnt directory |
667 | preproc_mount_mnt_dir(); | 667 | preproc_mount_mnt_dir(); |
668 | // bind-mount firejail binaries and helper programs | 668 | // bind-mount firejail binaries and helper programs |
669 | if (mount(LIBDIR "/firejail", RUN_FIREJAIL_LIB_DIR, "none", MS_BIND, NULL) < 0) | 669 | if (mount(LIBDIR "/firejail", RUN_FIREJAIL_LIB_DIR, NULL, MS_BIND, NULL) < 0 || |
670 | mount(NULL, RUN_FIREJAIL_LIB_DIR, NULL, MS_RDONLY|MS_NOSUID|MS_NODEV|MS_BIND|MS_REMOUNT, NULL) < 0) | ||
670 | errExit("mounting " RUN_FIREJAIL_LIB_DIR); | 671 | errExit("mounting " RUN_FIREJAIL_LIB_DIR); |
671 | 672 | ||
672 | //**************************** | 673 | //**************************** |