aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--etc/disable-common.inc3
-rw-r--r--etc/ssh-agent.profile1
-rw-r--r--etc/ssh.profile1
-rw-r--r--src/firejail/fs.c9
4 files changed, 9 insertions, 5 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index 0dad8b385..f18b0d396 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -165,9 +165,6 @@ blacklist ${PATH}/newgrp
165blacklist ${PATH}/newuidmap 165blacklist ${PATH}/newuidmap
166blacklist ${PATH}/pkexec 166blacklist ${PATH}/pkexec
167blacklist ${PATH}/sg 167blacklist ${PATH}/sg
168blacklist ${PATH}/rsh
169blacklist ${PATH}/rlogin
170blacklist ${PATH}/rcp
171blacklist ${PATH}/crontab 168blacklist ${PATH}/crontab
172blacklist ${PATH}/ksu 169blacklist ${PATH}/ksu
173blacklist ${PATH}/chsh 170blacklist ${PATH}/chsh
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile
index 485bd8f3b..548ede37d 100644
--- a/etc/ssh-agent.profile
+++ b/etc/ssh-agent.profile
@@ -2,6 +2,7 @@
2quiet 2quiet
3noblacklist ~/.ssh 3noblacklist ~/.ssh
4noblacklist /tmp/ssh-* 4noblacklist /tmp/ssh-*
5noblacklist /etc/ssh
5 6
6include /etc/firejail/disable-common.inc 7include /etc/firejail/disable-common.inc
7include /etc/firejail/disable-programs.inc 8include /etc/firejail/disable-programs.inc
diff --git a/etc/ssh.profile b/etc/ssh.profile
index d3558ead3..b7a8ed2b9 100644
--- a/etc/ssh.profile
+++ b/etc/ssh.profile
@@ -2,6 +2,7 @@
2quiet 2quiet
3noblacklist ~/.ssh 3noblacklist ~/.ssh
4noblacklist /tmp/ssh-* 4noblacklist /tmp/ssh-*
5noblacklist /etc/ssh
5 6
6include /etc/firejail/disable-common.inc 7include /etc/firejail/disable-common.inc
7include /etc/firejail/disable-programs.inc 8include /etc/firejail/disable-programs.inc
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 8c776bad5..6f9b5a60c 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -111,8 +111,12 @@ static void disable_file(OPERATION op, const char *filename) {
111 fprintf(stderr, "Warning: %s directory link was not blacklisted\n", filename); 111 fprintf(stderr, "Warning: %s directory link was not blacklisted\n", filename);
112 } 112 }
113 else { 113 else {
114 if (arg_debug) 114 if (arg_debug) {
115 printf("Disable %s\n", fname); 115 if (strcmp(filename, fname))
116 printf("Disable %s (requesterd %s)\n", fname, filename);
117 else
118 printf("Disable %s\n", fname);
119 }
116 else if (arg_debug_blacklists) { 120 else if (arg_debug_blacklists) {
117 printf("Disable %s", fname); 121 printf("Disable %s", fname);
118 if (op == BLACKLIST_FILE) 122 if (op == BLACKLIST_FILE)
@@ -120,6 +124,7 @@ static void disable_file(OPERATION op, const char *filename) {
120 else 124 else
121 printf(" - no logging\n"); 125 printf(" - no logging\n");
122 } 126 }
127
123 if (S_ISDIR(s.st_mode)) { 128 if (S_ISDIR(s.st_mode)) {
124 if (mount(RUN_RO_DIR, fname, "none", MS_BIND, "mode=400,gid=0") < 0) 129 if (mount(RUN_RO_DIR, fname, "none", MS_BIND, "mode=400,gid=0") < 0)
125 errExit("disable file"); 130 errExit("disable file");
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-01 16:52:13 +0000