aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2017-07-25 09:33:38 -0400
committerLibravatar GitHub <noreply@github.com>2017-07-25 09:33:38 -0400
commit2b030c3a5953d4cacd0cb048f58e00ca80ea1e8e (patch)
treed3372441d3ce3d4108a290e3410316d8bca1bb44 /src
parentMerge pull request #1403 from topimiettinen/seccomp-add-syscalls (diff)
parent/proc/sys can be nosuid,noexec,nodev (diff)
downloadfirejail-2b030c3a5953d4cacd0cb048f58e00ca80ea1e8e.tar.gz
firejail-2b030c3a5953d4cacd0cb048f58e00ca80ea1e8e.tar.zst
firejail-2b030c3a5953d4cacd0cb048f58e00ca80ea1e8e.zip
Merge pull request #1402 from topimiettinen/nosuid-noexec-nodev-proc-sys
/proc/sys can be nosuid,noexec,nodev
Diffstat (limited to 'src')
-rw-r--r--src/firejail/fs.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index c1de53ee5..6695fc6b4 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -515,7 +515,7 @@ void fs_proc_sys_dev_boot(void) {
515 515
516 // remount /proc/sys readonly 516 // remount /proc/sys readonly
517 if (mount("/proc/sys", "/proc/sys", NULL, MS_BIND | MS_REC, NULL) < 0 || 517 if (mount("/proc/sys", "/proc/sys", NULL, MS_BIND | MS_REC, NULL) < 0 ||
518 mount(NULL, "/proc/sys", NULL, MS_BIND | MS_REMOUNT | MS_RDONLY | MS_REC, NULL) < 0) 518 mount(NULL, "/proc/sys", NULL, MS_BIND | MS_REMOUNT | MS_RDONLY | MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_REC, NULL) < 0)
519 errExit("mounting /proc/sys"); 519 errExit("mounting /proc/sys");
520 fs_logger("read-only /proc/sys"); 520 fs_logger("read-only /proc/sys");
521 521
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-26 15:00:16 +0000