disable /dev/kmsg and /proc/kmsg

author: netblue30 <netblue30@yahoo.com> 2016-01-23 10:18:41 -0500
committer: netblue30 <netblue30@yahoo.com> 2016-01-23 10:18:41 -0500
commit: 9a6afbab3d072c37dbfdd5366a4f78795d286414 (patch)
tree: 80f58e0ee3c8dabee1aeee87dc2c01dcca0d6198 /src
parent: added --user command (diff)
download: firejail-9a6afbab3d072c37dbfdd5366a4f78795d286414.tar.gz
firejail-9a6afbab3d072c37dbfdd5366a4f78795d286414.tar.zst
firejail-9a6afbab3d072c37dbfdd5366a4f78795d286414.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 50e55f868..f4c448024 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -604,6 +604,18 @@ void fs_proc_sys_dev_boot(void) {
        if (stat("/dev/port", &s) == 0) {
                disable_file(BLACKLIST_FILE, "/dev/port");
        }
+        
+        if (getuid() != 0) {
+                // disable /dev/kmsg
+                if (stat("/dev/kmsg", &s) == 0) {
+                        disable_file(BLACKLIST_FILE, "/dev/kmsg");
+                }
+                
+                // disable /proc/kmsg
+                if (stat("/proc/kmsg", &s) == 0) {
+                        disable_file(BLACKLIST_FILE, "/proc/kmsg");
+                }
+        }
 }
 // disable firejail configuration in /etc/firejail and in ~/.config/firejail
author	netblue30 <netblue30@yahoo.com>	2016-01-23 10:18:41 -0500
committer	netblue30 <netblue30@yahoo.com>	2016-01-23 10:18:41 -0500
commit	9a6afbab3d072c37dbfdd5366a4f78795d286414 (patch)
tree	80f58e0ee3c8dabee1aeee87dc2c01dcca0d6198 /src
parent	added --user command (diff)
download	firejail-9a6afbab3d072c37dbfdd5366a4f78795d286414.tar.gz firejail-9a6afbab3d072c37dbfdd5366a4f78795d286414.tar.zst firejail-9a6afbab3d072c37dbfdd5366a4f78795d286414.zip

diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 50e55f868..f4c448024 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c
@@ -604,6 +604,18 @@ void fs_proc_sys_dev_boot(void) {
604	if (stat("/dev/port", &s) == 0) {	604	if (stat("/dev/port", &s) == 0) {
605	disable_file(BLACKLIST_FILE, "/dev/port");	605	disable_file(BLACKLIST_FILE, "/dev/port");
606	}	606	}
		607
		608	if (getuid() != 0) {
		609	// disable /dev/kmsg
		610	if (stat("/dev/kmsg", &s) == 0) {
		611	disable_file(BLACKLIST_FILE, "/dev/kmsg");
		612	}
		613
		614	// disable /proc/kmsg
		615	if (stat("/proc/kmsg", &s) == 0) {
		616	disable_file(BLACKLIST_FILE, "/proc/kmsg");
		617	}
		618	}
607	}	619	}
608		620
609	// disable firejail configuration in /etc/firejail and in ~/.config/firejail	621	// disable firejail configuration in /etc/firejail and in ~/.config/firejail