diff options
-rw-r--r-- | src/firejail/appimage.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c index e8db91958..7adf31eb6 100644 --- a/src/firejail/appimage.c +++ b/src/firejail/appimage.c | |||
@@ -106,16 +106,19 @@ void appimage_set(const char *appimage) { | |||
106 | char *mode; | 106 | char *mode; |
107 | if (asprintf(&mode, "mode=700,uid=%d,gid=%d", getuid(), getgid()) == -1) | 107 | if (asprintf(&mode, "mode=700,uid=%d,gid=%d", getuid(), getgid()) == -1) |
108 | errExit("asprintf"); | 108 | errExit("asprintf"); |
109 | EUID_ROOT(); | 109 | unsigned long flags = MS_MGC_VAL|MS_RDONLY; |
110 | if (getuid()) | ||
111 | flags |= MS_NODEV|MS_NOSUID; | ||
110 | 112 | ||
113 | EUID_ROOT(); | ||
111 | if (size == 0) { | 114 | if (size == 0) { |
112 | fmessage("Mounting appimage type 1\n"); | 115 | fmessage("Mounting appimage type 1\n"); |
113 | if (mount(devloop, mntdir, "iso9660",MS_MGC_VAL|MS_RDONLY, mode) < 0) | 116 | if (mount(devloop, mntdir, "iso9660", flags, mode) < 0) |
114 | errExit("mounting appimage"); | 117 | errExit("mounting appimage"); |
115 | } | 118 | } |
116 | else { | 119 | else { |
117 | fmessage("Mounting appimage type 2\n"); | 120 | fmessage("Mounting appimage type 2\n"); |
118 | if (mount(devloop, mntdir, "squashfs",MS_MGC_VAL|MS_RDONLY, mode) < 0) | 121 | if (mount(devloop, mntdir, "squashfs", flags, mode) < 0) |
119 | errExit("mounting appimage"); | 122 | errExit("mounting appimage"); |
120 | } | 123 | } |
121 | 124 | ||