diff options
-rw-r--r-- | src/firejail/fs_home.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 1ff8c2722..d09f92697 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -593,9 +593,9 @@ void fs_private_home_list(void) { | |||
593 | errLogExit("invalid private-home mount"); | 593 | errLogExit("invalid private-home mount"); |
594 | fs_logger2("tmpfs", homedir); | 594 | fs_logger2("tmpfs", homedir); |
595 | 595 | ||
596 | // blacklist RUN_HOME_DIR, it is writable and not noexec | 596 | // mask RUN_HOME_DIR, it is writable and not noexec |
597 | if (mount(RUN_RO_DIR, RUN_HOME_DIR, NULL, MS_BIND, NULL) < 0) | 597 | if (mount("tmpfs", RUN_HOME_DIR, "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME, "mode=755,gid=0") < 0) |
598 | errExit("blacklisting " RUN_HOME_DIR); | 598 | errExit("mounting tmpfs"); |
599 | fs_logger2("tmpfs", RUN_HOME_DIR); | 599 | fs_logger2("tmpfs", RUN_HOME_DIR); |
600 | 600 | ||
601 | if (uid != 0) { | 601 | if (uid != 0) { |