diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-09-27 15:52:21 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-09-27 15:52:21 -0400 |
| commit | 19a67bebb4e11dd1727f8085dfa03c45d3128d49 (patch) | |
| tree | 527147048cfbd3fbacc802f2b903ef3c9db10c2a /src | |
| parent | CVE-2016-7545 (diff) | |
| download | firejail-19a67bebb4e11dd1727f8085dfa03c45d3128d49.tar.gz firejail-19a67bebb4e11dd1727f8085dfa03c45d3128d49.tar.zst firejail-19a67bebb4e11dd1727f8085dfa03c45d3128d49.zip | |
debug
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/fs_dev.c | 6 | ||||
| -rw-r--r-- | src/firejail/pulseaudio.c | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c index 4744b3096..c21aed6c4 100644 --- a/src/firejail/fs_dev.c +++ b/src/firejail/fs_dev.c | |||
| @@ -59,13 +59,15 @@ static void deventry_mount(void) { | |||
| 59 | while (dev[i].dev_fname != NULL) { | 59 | while (dev[i].dev_fname != NULL) { |
| 60 | struct stat s; | 60 | struct stat s; |
| 61 | if (stat(dev[i].run_fname, &s) == 0) { | 61 | if (stat(dev[i].run_fname, &s) == 0) { |
| 62 | if (arg_debug) | ||
| 63 | printf("mounting %s\n", dev[i].run_fname); | ||
| 62 | if (mkdir(dev[i].dev_fname, 0755) == -1) | 64 | if (mkdir(dev[i].dev_fname, 0755) == -1) |
| 63 | errExit("mkdir"); | 65 | errExit("mkdir"); |
| 64 | if (chmod(dev[i].dev_fname, 0755) == -1) | 66 | if (chmod(dev[i].dev_fname, 0755) == -1) |
| 65 | errExit("chmod"); | 67 | errExit("chmod"); |
| 66 | ASSERT_PERMS(dev[i].dev_fname, 0, 0, 0755); | 68 | ASSERT_PERMS(dev[i].dev_fname, 0, 0, 0755); |
| 67 | if (mount(dev[i].run_fname, dev[i].dev_fname, NULL, MS_BIND|MS_REC, NULL) < 0) | 69 | if (mount(dev[i].run_fname, dev[i].dev_fname, NULL, MS_BIND|MS_REC, NULL) < 0) |
| 68 | errExit("mounting /dev/snd"); | 70 | errExit("mounting dev file"); |
| 69 | fs_logger2("whitelist", dev[i].dev_fname); | 71 | fs_logger2("whitelist", dev[i].dev_fname); |
| 70 | } | 72 | } |
| 71 | 73 | ||
| @@ -261,6 +263,8 @@ void fs_dev_shm(void) { | |||
| 261 | } | 263 | } |
| 262 | 264 | ||
| 263 | void fs_dev_disable_sound() { | 265 | void fs_dev_disable_sound() { |
| 266 | if (arg_debug) | ||
| 267 | printf("disable /dev/snd\n"); | ||
| 264 | if (mount(RUN_RO_DIR, "/dev/snd", "none", MS_BIND, "mode=400,gid=0") < 0) | 268 | if (mount(RUN_RO_DIR, "/dev/snd", "none", MS_BIND, "mode=400,gid=0") < 0) |
| 265 | errExit("disable /dev/snd"); | 269 | errExit("disable /dev/snd"); |
| 266 | fs_logger("blacklist /dev/snd"); | 270 | fs_logger("blacklist /dev/snd"); |
diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c index 7db8d2c18..90997f934 100644 --- a/src/firejail/pulseaudio.c +++ b/src/firejail/pulseaudio.c | |||
| @@ -53,6 +53,8 @@ doexit: | |||
| 53 | 53 | ||
| 54 | // disable pulseaudio socket | 54 | // disable pulseaudio socket |
| 55 | void pulseaudio_disable(void) { | 55 | void pulseaudio_disable(void) { |
| 56 | if (arg_debug) | ||
| 57 | printf("disable pulseaudio\n"); | ||
| 56 | // blacklist user config directory | 58 | // blacklist user config directory |
| 57 | disable_file(cfg.homedir, ".config/pulse"); | 59 | disable_file(cfg.homedir, ".config/pulse"); |
| 58 | 60 | ||