diff options
| -rw-r--r-- | src/firejail/fs_lib.c | 38 | ||||
| -rw-r--r-- | src/lib/ldd_utils.c | 1 |
2 files changed, 13 insertions, 26 deletions
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c index 7c5a22699..99d57fbbb 100644 --- a/src/firejail/fs_lib.c +++ b/src/firejail/fs_lib.c | |||
| @@ -361,34 +361,20 @@ void fslib_install_list(const char *lib_list) { | |||
| 361 | fs_logger_print(); | 361 | fs_logger_print(); |
| 362 | } | 362 | } |
| 363 | 363 | ||
| 364 | |||
| 365 | |||
| 366 | static void mount_directories(void) { | 364 | static void mount_directories(void) { |
| 367 | if (arg_debug || arg_debug_private_lib) | 365 | fs_remount(RUN_LIB_DIR, MOUNT_READONLY, 1); // should be redundant except for RUN_LIB_DIR itself |
| 368 | printf("Mount-bind %s on top of /lib /lib64 /usr/lib\n", RUN_LIB_DIR); | ||
| 369 | |||
| 370 | if (is_dir("/lib")) { | ||
| 371 | if (mount(RUN_LIB_DIR, "/lib", NULL, MS_BIND|MS_REC, NULL) < 0 || | ||
| 372 | mount(NULL, "/lib", NULL, MS_BIND|MS_REMOUNT|MS_NOSUID|MS_NODEV|MS_REC, NULL) < 0) | ||
| 373 | errExit("mount bind"); | ||
| 374 | fs_logger2("tmpfs", "/lib"); | ||
| 375 | fs_logger("mount /lib"); | ||
| 376 | } | ||
| 377 | |||
| 378 | if (is_dir("/lib64")) { | ||
| 379 | if (mount(RUN_LIB_DIR, "/lib64", NULL, MS_BIND|MS_REC, NULL) < 0 || | ||
| 380 | mount(NULL, "/lib64", NULL, MS_BIND|MS_REMOUNT|MS_NOSUID|MS_NODEV|MS_REC, NULL) < 0) | ||
| 381 | errExit("mount bind"); | ||
| 382 | fs_logger2("tmpfs", "/lib64"); | ||
| 383 | fs_logger("mount /lib64"); | ||
| 384 | } | ||
| 385 | 366 | ||
| 386 | if (is_dir("/usr/lib")) { | 367 | int i = 0; |
| 387 | if (mount(RUN_LIB_DIR, "/usr/lib", NULL, MS_BIND|MS_REC, NULL) < 0 || | 368 | while (lib_dirs[i]) { |
| 388 | mount(NULL, "/usr/lib", NULL, MS_BIND|MS_REMOUNT|MS_NOSUID|MS_NODEV|MS_REC, NULL) < 0) | 369 | if (is_dir(lib_dirs[i])) { |
| 389 | errExit("mount bind"); | 370 | if (arg_debug || arg_debug_private_lib) |
| 390 | fs_logger2("tmpfs", "/usr/lib"); | 371 | printf("Mount-bind %s on top of %s\n", RUN_LIB_DIR, lib_dirs[i]); |
| 391 | fs_logger("mount /usr/lib"); | 372 | if (mount(RUN_LIB_DIR, lib_dirs[i], NULL, MS_BIND|MS_REC, NULL) < 0) |
| 373 | errExit("mount bind"); | ||
| 374 | fs_logger2("tmpfs", lib_dirs[i]); | ||
| 375 | fs_logger2("mount", lib_dirs[i]); | ||
| 376 | } | ||
| 377 | i++; | ||
| 392 | } | 378 | } |
| 393 | 379 | ||
| 394 | // for amd64 only - we'll deal with i386 later | 380 | // for amd64 only - we'll deal with i386 later |
diff --git a/src/lib/ldd_utils.c b/src/lib/ldd_utils.c index adde4a9b9..43fee4f21 100644 --- a/src/lib/ldd_utils.c +++ b/src/lib/ldd_utils.c | |||
| @@ -30,6 +30,7 @@ const char * const default_lib_paths[] = { | |||
| 30 | "/lib", | 30 | "/lib", |
| 31 | "/lib64", | 31 | "/lib64", |
| 32 | LIBDIR, | 32 | LIBDIR, |
| 33 | "/usr/local/lib64", | ||
| 33 | "/usr/local/lib", | 34 | "/usr/local/lib", |
| 34 | "/usr/lib/x86_64-linux-gnu/mesa", // libGL.so is sometimes a symlink into this directory | 35 | "/usr/lib/x86_64-linux-gnu/mesa", // libGL.so is sometimes a symlink into this directory |
| 35 | "/usr/lib/x86_64-linux-gnu/mesa-egl", // libGL.so is sometimes a symlink into this directory | 36 | "/usr/lib/x86_64-linux-gnu/mesa-egl", // libGL.so is sometimes a symlink into this directory |