diff options
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 11 |
2 files changed, 2 insertions, 10 deletions
@@ -16,6 +16,7 @@ firejail (0.9.45) baseline; urgency=low | |||
16 | * feature: config support for firejail prompt in terminals | 16 | * feature: config support for firejail prompt in terminals |
17 | * feature: pass command line arguments to appimages | 17 | * feature: pass command line arguments to appimages |
18 | * feature: --allow-private-blacklist option | 18 | * feature: --allow-private-blacklist option |
19 | * feature: allow non-seccomp setup for OverlayFS sandboxes | ||
19 | * new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire, | 20 | * new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire, |
20 | * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma, | 21 | * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma, |
21 | * new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator, | 22 | * new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator, |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 50fcd6ed0..493877db3 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -616,19 +616,10 @@ int sandbox(void* sandbox_arg) { | |||
616 | fs_trace_preload(); | 616 | fs_trace_preload(); |
617 | } | 617 | } |
618 | else | 618 | else |
619 | #endif | 619 | #endif |
620 | #ifdef HAVE_OVERLAYFS | 620 | #ifdef HAVE_OVERLAYFS |
621 | if (arg_overlay) { | 621 | if (arg_overlay) { |
622 | fs_overlayfs(); | 622 | fs_overlayfs(); |
623 | // force caps and seccomp if not started as root | ||
624 | if (getuid() != 0) { | ||
625 | enforce_filters(); | ||
626 | #ifdef HAVE_SECCOMP | ||
627 | enforce_seccomp = 1; | ||
628 | #endif | ||
629 | } | ||
630 | else | ||
631 | arg_seccomp = 1; | ||
632 | } | 623 | } |
633 | else | 624 | else |
634 | #endif | 625 | #endif |