diff options
Diffstat (limited to 'src/firejail/fs.c')
-rw-r--r-- | src/firejail/fs.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 88f92ad74..ea0631da5 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -565,12 +565,12 @@ void fs_proc_sys_dev_boot(void) { | |||
565 | 565 | ||
566 | disable_file(BLACKLIST_FILE, "/sys/firmware"); | 566 | disable_file(BLACKLIST_FILE, "/sys/firmware"); |
567 | disable_file(BLACKLIST_FILE, "/sys/hypervisor"); | 567 | disable_file(BLACKLIST_FILE, "/sys/hypervisor"); |
568 | { // allow user access to /sys/fs if "--noblacklist=/sys/fs" is present on the command line | 568 | { // allow user access to some directories in /sys/ by specifying 'noblacklist' option |
569 | EUID_USER(); | 569 | EUID_USER(); |
570 | profile_add("blacklist /sys/fs"); | 570 | profile_add("blacklist /sys/fs"); |
571 | profile_add("blacklist /sys/module"); | ||
571 | EUID_ROOT(); | 572 | EUID_ROOT(); |
572 | } | 573 | } |
573 | disable_file(BLACKLIST_FILE, "/sys/module"); | ||
574 | disable_file(BLACKLIST_FILE, "/sys/power"); | 574 | disable_file(BLACKLIST_FILE, "/sys/power"); |
575 | disable_file(BLACKLIST_FILE, "/sys/kernel/debug"); | 575 | disable_file(BLACKLIST_FILE, "/sys/kernel/debug"); |
576 | disable_file(BLACKLIST_FILE, "/sys/kernel/vmcoreinfo"); | 576 | disable_file(BLACKLIST_FILE, "/sys/kernel/vmcoreinfo"); |