diff options
author | netblue30 <netblue30@yahoo.com> | 2017-02-04 15:55:05 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-02-04 15:55:05 -0500 |
commit | e138ebaa33b1c2c28734f32d542d674bff129c7c (patch) | |
tree | f403e8bcc51a61588a0384b136a7f31270e633fb /src | |
parent | git-install (diff) | |
download | firejail-e138ebaa33b1c2c28734f32d542d674bff129c7c.tar.gz firejail-e138ebaa33b1c2c28734f32d542d674bff129c7c.tar.zst firejail-e138ebaa33b1c2c28734f32d542d674bff129c7c.zip |
--git-install
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/git.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/firejail/git.c b/src/firejail/git.c index bacceba59..aaae44de7 100644 --- a/src/firejail/git.c +++ b/src/firejail/git.c | |||
@@ -22,14 +22,21 @@ | |||
22 | #include <sched.h> | 22 | #include <sched.h> |
23 | #include <sys/mount.h> | 23 | #include <sys/mount.h> |
24 | 24 | ||
25 | // install a simple mount/pid namespace sandbox with a tmpfs on top of /tmp | 25 | // install a very simple mount namespace sandbox with a tmpfs on top of /tmp |
26 | static void sbox_ns(void) { | 26 | static void sbox_ns(void) { |
27 | if (unshare(CLONE_NEWNS | CLONE_NEWIPC) < 0) | 27 | if (unshare(CLONE_NEWNS) < 0) |
28 | errExit("unshare"); | 28 | errExit("unshare"); |
29 | 29 | ||
30 | // mount events are not forwarded between the host the sandbox | ||
31 | if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0) { | ||
32 | errExit("mount"); | ||
33 | } | ||
34 | |||
35 | // moount a tmpfs on top of /tmp | ||
30 | if (mount(NULL, "/tmp", "tmpfs", 0, NULL) < 0) | 36 | if (mount(NULL, "/tmp", "tmpfs", 0, NULL) < 0) |
31 | errExit("mount"); | 37 | errExit("mount"); |
32 | } | 38 | } |
39 | |||
33 | 40 | ||
34 | void git_install() { | 41 | void git_install() { |
35 | // redirect to "/usr/bin/firejail --noprofile --private-tmp /usr/lib/firejail/fgit-install.sh" | 42 | // redirect to "/usr/bin/firejail --noprofile --private-tmp /usr/lib/firejail/fgit-install.sh" |