diff options
Diffstat (limited to 'src/firejail/fs.c')
| -rw-r--r-- | src/firejail/fs.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index f4384faf7..1cfdbaea7 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
| @@ -153,15 +153,20 @@ static void disable_file(OPERATION op, const char *filename, const char *emptydi | |||
| 153 | 153 | ||
| 154 | // modify the file | 154 | // modify the file |
| 155 | if (op == BLACKLIST_FILE) { | 155 | if (op == BLACKLIST_FILE) { |
| 156 | if (arg_debug) | 156 | // some distros put all executables under /usr/bin and make /bin a symbolic link |
| 157 | printf("Disable %s\n", fname); | 157 | if (is_link(filename) && S_ISDIR(s.st_mode)) |
| 158 | if (S_ISDIR(s.st_mode)) { | 158 | fprintf(stderr, "Warning: %s directory link was not blacklisted\n", filename); |
| 159 | if (mount(emptydir, fname, "none", MS_BIND, "mode=400,gid=0") < 0) | ||
| 160 | errExit("disable file"); | ||
| 161 | } | ||
| 162 | else { | 159 | else { |
| 163 | if (mount(emptyfile, fname, "none", MS_BIND, "mode=400,gid=0") < 0) | 160 | if (arg_debug) |
| 164 | errExit("disable file"); | 161 | printf("Disable %s\n", fname); |
| 162 | if (S_ISDIR(s.st_mode)) { | ||
| 163 | if (mount(emptydir, fname, "none", MS_BIND, "mode=400,gid=0") < 0) | ||
| 164 | errExit("disable file"); | ||
| 165 | } | ||
| 166 | else { | ||
| 167 | if (mount(emptyfile, fname, "none", MS_BIND, "mode=400,gid=0") < 0) | ||
| 168 | errExit("disable file"); | ||
| 169 | } | ||
| 165 | } | 170 | } |
| 166 | } | 171 | } |
| 167 | else if (op == MOUNT_READONLY) { | 172 | else if (op == MOUNT_READONLY) { |