diff options
-rw-r--r-- | src/firejail/sandbox.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 058cdafbc..a4c038897 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -575,12 +575,12 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) { | |||
575 | } | 575 | } |
576 | 576 | ||
577 | static void enforce_filters(void) { | 577 | static void enforce_filters(void) { |
578 | fmessage("\n** Warning: dropping all Linux capabilities and setting NO_NEW_PRIVS prctl **\n\n"); | ||
578 | // enforce NO_NEW_PRIVS | 579 | // enforce NO_NEW_PRIVS |
579 | arg_nonewprivs = 1; | 580 | arg_nonewprivs = 1; |
580 | force_nonewprivs = 1; | 581 | force_nonewprivs = 1; |
581 | 582 | ||
582 | // disable all capabilities | 583 | // disable all capabilities |
583 | fmessage("\n** Warning: dropping all Linux capabilities and setting NO_NEW_PRIVS prctl **\n\n"); | ||
584 | arg_caps_drop_all = 1; | 584 | arg_caps_drop_all = 1; |
585 | 585 | ||
586 | // drop all supplementary groups; /etc/group file inside chroot | 586 | // drop all supplementary groups; /etc/group file inside chroot |