1 files changed, 7 insertions, 5 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index e38f128ea..3dbfe3909 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -674,11 +674,13 @@ void fs_proc_sys_dev_boot(void) {
        disable_file(BLACKLIST_FILE, "/proc/kmem");
        
        // remove kernel symbol information
-        disable_file(BLACKLIST_FILE, "/usr/src/linux");
+        if (!arg_allow_debuggers) {
-        disable_file(BLACKLIST_FILE, "/lib/modules");
+                disable_file(BLACKLIST_FILE, "/usr/src/linux");
-        disable_file(BLACKLIST_FILE, "/usr/lib/debug");
+                disable_file(BLACKLIST_FILE, "/lib/modules");
-        disable_file(BLACKLIST_FILE, "/boot");
+                disable_file(BLACKLIST_FILE, "/usr/lib/debug");
-        
+                disable_file(BLACKLIST_FILE, "/boot");
+        }
+                
        // disable /selinux
        disable_file(BLACKLIST_FILE, "/selinux");

diff --git a/src/firejail/fs.c b/src/firejail/fs.c index e38f128ea..3dbfe3909 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c
@@ -674,11 +674,13 @@ void fs_proc_sys_dev_boot(void) {
674	disable_file(BLACKLIST_FILE, "/proc/kmem");	674	disable_file(BLACKLIST_FILE, "/proc/kmem");
675		675
676	// remove kernel symbol information	676	// remove kernel symbol information
677	disable_file(BLACKLIST_FILE, "/usr/src/linux");	677	if (!arg_allow_debuggers) {
678	disable_file(BLACKLIST_FILE, "/lib/modules");	678	disable_file(BLACKLIST_FILE, "/usr/src/linux");
679	disable_file(BLACKLIST_FILE, "/usr/lib/debug");	679	disable_file(BLACKLIST_FILE, "/lib/modules");
680	disable_file(BLACKLIST_FILE, "/boot");	680	disable_file(BLACKLIST_FILE, "/usr/lib/debug");
681		681	disable_file(BLACKLIST_FILE, "/boot");
		682	}
		683
682	// disable /selinux	684	// disable /selinux
683	disable_file(BLACKLIST_FILE, "/selinux");	685	disable_file(BLACKLIST_FILE, "/selinux");
684		686