1 files changed, 2 insertions, 1 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 2314d5744..e42d35be5 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -666,7 +666,8 @@ int sandbox(void* sandbox_arg) {
        // ... and mount a tmpfs on top of /run/firejail/mnt directory
        preproc_mount_mnt_dir();
        // bind-mount firejail binaries and helper programs
-        if (mount(LIBDIR "/firejail", RUN_FIREJAIL_LIB_DIR, "none", MS_BIND, NULL) < 0)
+        if (mount(LIBDIR "/firejail", RUN_FIREJAIL_LIB_DIR, NULL, MS_BIND, NULL) < 0 ||
+            mount(NULL, RUN_FIREJAIL_LIB_DIR, NULL, MS_RDONLY|MS_NOSUID|MS_NODEV|MS_BIND|MS_REMOUNT, NULL) < 0)
                errExit("mounting " RUN_FIREJAIL_LIB_DIR);
        //****************************

diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 2314d5744..e42d35be5 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c
@@ -666,7 +666,8 @@ int sandbox(void* sandbox_arg) {
666	// ... and mount a tmpfs on top of /run/firejail/mnt directory	666	// ... and mount a tmpfs on top of /run/firejail/mnt directory
667	preproc_mount_mnt_dir();	667	preproc_mount_mnt_dir();
668	// bind-mount firejail binaries and helper programs	668	// bind-mount firejail binaries and helper programs
669	if (mount(LIBDIR "/firejail", RUN_FIREJAIL_LIB_DIR, "none", MS_BIND, NULL) < 0)	669	if (mount(LIBDIR "/firejail", RUN_FIREJAIL_LIB_DIR, NULL, MS_BIND, NULL) < 0 \|\|
		670	mount(NULL, RUN_FIREJAIL_LIB_DIR, NULL, MS_RDONLY\|MS_NOSUID\|MS_NODEV\|MS_BIND\|MS_REMOUNT, NULL) < 0)
670	errExit("mounting " RUN_FIREJAIL_LIB_DIR);	671	errExit("mounting " RUN_FIREJAIL_LIB_DIR);
671		672
672	//****************************	673	//****************************