diff options
-rw-r--r-- | etc/evince.profile | 5 | ||||
-rw-r--r-- | src/firejail/restrict_users.c | 2 |
2 files changed, 4 insertions, 3 deletions
diff --git a/etc/evince.profile b/etc/evince.profile index 530ce959a..374fa4aaa 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -5,14 +5,15 @@ include /etc/firejail/disable-devel.inc | |||
5 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | 6 | ||
7 | caps.drop all | 7 | caps.drop all |
8 | nonewprivs | ||
9 | nogroups | 8 | nogroups |
9 | nonewprivs | ||
10 | noroot | 10 | noroot |
11 | nosound | 11 | nosound |
12 | protocol unix | 12 | protocol unix |
13 | seccomp | 13 | seccomp |
14 | |||
15 | shell none | 14 | shell none |
15 | tracelog | ||
16 | |||
16 | private-bin evince,evince-previewer,evince-thumbnailer | 17 | private-bin evince,evince-previewer,evince-thumbnailer |
17 | whitelist /tmp/.X11-unix | 18 | whitelist /tmp/.X11-unix |
18 | private-dev | 19 | private-dev |
diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c index 9e0c789aa..5ef9524d7 100644 --- a/src/firejail/restrict_users.c +++ b/src/firejail/restrict_users.c | |||
@@ -345,7 +345,7 @@ void restrict_users(void) { | |||
345 | sanitize_home(); | 345 | sanitize_home(); |
346 | } | 346 | } |
347 | else { | 347 | else { |
348 | // user has the home diercotry outside /home | 348 | // user has the home directory outside /home |
349 | // mount tmpfs on top of /home in order to hide it | 349 | // mount tmpfs on top of /home in order to hide it |
350 | if (mount("tmpfs", "/home", "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) | 350 | if (mount("tmpfs", "/home", "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) |
351 | errExit("mount tmpfs"); | 351 | errExit("mount tmpfs"); |