diff options
Diffstat (limited to 'src/firejail/fs.c')
| -rw-r--r-- | src/firejail/fs.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 88f92ad74..ea0631da5 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
| @@ -565,12 +565,12 @@ void fs_proc_sys_dev_boot(void) { | |||
| 565 | 565 | ||
| 566 | disable_file(BLACKLIST_FILE, "/sys/firmware"); | 566 | disable_file(BLACKLIST_FILE, "/sys/firmware"); |
| 567 | disable_file(BLACKLIST_FILE, "/sys/hypervisor"); | 567 | disable_file(BLACKLIST_FILE, "/sys/hypervisor"); |
| 568 | { // allow user access to /sys/fs if "--noblacklist=/sys/fs" is present on the command line | 568 | { // allow user access to some directories in /sys/ by specifying 'noblacklist' option |
| 569 | EUID_USER(); | 569 | EUID_USER(); |
| 570 | profile_add("blacklist /sys/fs"); | 570 | profile_add("blacklist /sys/fs"); |
| 571 | profile_add("blacklist /sys/module"); | ||
| 571 | EUID_ROOT(); | 572 | EUID_ROOT(); |
| 572 | } | 573 | } |
| 573 | disable_file(BLACKLIST_FILE, "/sys/module"); | ||
| 574 | disable_file(BLACKLIST_FILE, "/sys/power"); | 574 | disable_file(BLACKLIST_FILE, "/sys/power"); |
| 575 | disable_file(BLACKLIST_FILE, "/sys/kernel/debug"); | 575 | disable_file(BLACKLIST_FILE, "/sys/kernel/debug"); |
| 576 | disable_file(BLACKLIST_FILE, "/sys/kernel/vmcoreinfo"); | 576 | disable_file(BLACKLIST_FILE, "/sys/kernel/vmcoreinfo"); |