diff options
Diffstat (limited to 'src/firejail/fs.c')
| -rw-r--r-- | src/firejail/fs.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index a5f12c7df..6c566bd90 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
| @@ -649,7 +649,11 @@ void fs_proc_sys_dev_boot(void) { | |||
| 649 | 649 | ||
| 650 | disable_file(BLACKLIST_FILE, "/sys/firmware"); | 650 | disable_file(BLACKLIST_FILE, "/sys/firmware"); |
| 651 | disable_file(BLACKLIST_FILE, "/sys/hypervisor"); | 651 | disable_file(BLACKLIST_FILE, "/sys/hypervisor"); |
| 652 | disable_file(BLACKLIST_FILE, "/sys/fs"); | 652 | { // allow user access to /sys/fs if "--noblacklist=/sys/fs" is present on the command line |
| 653 | EUID_USER(); | ||
| 654 | profile_add("blacklist /sys/fs"); | ||
| 655 | EUID_ROOT(); | ||
| 656 | } | ||
| 653 | disable_file(BLACKLIST_FILE, "/sys/module"); | 657 | disable_file(BLACKLIST_FILE, "/sys/module"); |
| 654 | disable_file(BLACKLIST_FILE, "/sys/power"); | 658 | disable_file(BLACKLIST_FILE, "/sys/power"); |
| 655 | disable_file(BLACKLIST_FILE, "/sys/kernel/debug"); | 659 | disable_file(BLACKLIST_FILE, "/sys/kernel/debug"); |