1 files changed, 9 insertions, 9 deletions
diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c
index 5b872ad75..75369b47c 100644
--- a/src/firejail/fs_var.c
+++ b/src/firejail/fs_var.c
@@ -118,7 +118,7 @@ void fs_var_log(void) {
                // mount a tmpfs on top of /var/log
                if (arg_debug)
                        printf("Mounting tmpfs on /var/log\n");
-                if (mount("tmpfs", "/var/log", "tmpfs", MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_STRICTATIME | MS_REC,  "mode=755,gid=0") < 0)
+                if (mount("tmpfs", "/var/log", "tmpfs", MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_STRICTATIME,  "mode=755,gid=0") < 0)
                        errExit("mounting /var/log");
                fs_logger("tmpfs /var/log");
@@ -153,7 +153,7 @@ void fs_var_lib(void) {
        if (stat("/var/lib/dhcp", &s) == 0) {
                if (arg_debug)
                        printf("Mounting tmpfs on /var/lib/dhcp\n");
-                if (mount("tmpfs", "/var/lib/dhcp", "tmpfs", MS_NOSUID |  MS_NOEXEC | MS_NODEV | MS_STRICTATIME | MS_REC,  "mode=755,gid=0") < 0)
+                if (mount("tmpfs", "/var/lib/dhcp", "tmpfs", MS_NOSUID |  MS_NOEXEC | MS_NODEV | MS_STRICTATIME,  "mode=755,gid=0") < 0)
                        errExit("mounting /var/lib/dhcp");
                fs_logger("tmpfs /var/lib/dhcp");
@@ -172,7 +172,7 @@ void fs_var_lib(void) {
        if (stat("/var/lib/nginx", &s) == 0) {
                if (arg_debug)
                        printf("Mounting tmpfs on /var/lib/nginx\n");
-                if (mount("tmpfs", "/var/lib/nginx", "tmpfs", MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_STRICTATIME | MS_REC,  "mode=755,gid=0") < 0)
+                if (mount("tmpfs", "/var/lib/nginx", "tmpfs", MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_STRICTATIME,  "mode=755,gid=0") < 0)
                        errExit("mounting /var/lib/nginx");
                fs_logger("tmpfs /var/lib/nginx");
        }
@@ -181,7 +181,7 @@ void fs_var_lib(void) {
        if (stat("/var/lib/snmp", &s) == 0) {
                if (arg_debug)
                        printf("Mounting tmpfs on /var/lib/snmp\n");
-                if (mount("tmpfs", "/var/lib/snmp", "tmpfs", MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_STRICTATIME | MS_REC,  "mode=755,gid=0") < 0)
+                if (mount("tmpfs", "/var/lib/snmp", "tmpfs", MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_STRICTATIME,  "mode=755,gid=0") < 0)
                        errExit("mounting /var/lib/snmp");
                fs_logger("tmpfs /var/lib/snmp");
        }
@@ -190,7 +190,7 @@ void fs_var_lib(void) {
        if (stat("/var/lib/sudo", &s) == 0) {
                if (arg_debug)
                        printf("Mounting tmpfs on /var/lib/sudo\n");
-                if (mount("tmpfs", "/var/lib/sudo", "tmpfs", MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_STRICTATIME | MS_REC,  "mode=755,gid=0") < 0)
+                if (mount("tmpfs", "/var/lib/sudo", "tmpfs", MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_STRICTATIME,  "mode=755,gid=0") < 0)
                        errExit("mounting /var/lib/sudo");
                fs_logger("tmpfs /var/lib/sudo");
        }
@@ -202,7 +202,7 @@ void fs_var_cache(void) {
        if (stat("/var/cache/apache2", &s) == 0) {
                if (arg_debug)
                        printf("Mounting tmpfs on /var/cache/apache2\n");
-                if (mount("tmpfs", "/var/cache/apache2", "tmpfs", MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_STRICTATIME | MS_REC,  "mode=755,gid=0") < 0)
+                if (mount("tmpfs", "/var/cache/apache2", "tmpfs", MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_STRICTATIME,  "mode=755,gid=0") < 0)
                        errExit("mounting /var/cache/apache2");
                fs_logger("tmpfs /var/cache/apache2");
        }
@@ -210,7 +210,7 @@ void fs_var_cache(void) {
        if (stat("/var/cache/lighttpd", &s) == 0) {
                if (arg_debug)
                        printf("Mounting tmpfs on /var/cache/lighttpd\n");
-                if (mount("tmpfs", "/var/cache/lighttpd", "tmpfs", MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_STRICTATIME | MS_REC,  "mode=755,gid=0") < 0)
+                if (mount("tmpfs", "/var/cache/lighttpd", "tmpfs", MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_STRICTATIME,  "mode=755,gid=0") < 0)
                        errExit("mounting /var/cache/lighttpd");
                fs_logger("tmpfs /var/cache/lighttpd");
@@ -250,7 +250,7 @@ void fs_var_lock(void) {
        if (is_dir("/var/lock")) {
                if (arg_debug)
                        printf("Mounting tmpfs on /var/lock\n");
-                if (mount("tmpfs", "/var/lock", "tmpfs", MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_STRICTATIME | MS_REC,  "mode=1777,gid=0") < 0)
+                if (mount("tmpfs", "/var/lock", "tmpfs", MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_STRICTATIME,  "mode=1777,gid=0") < 0)
                        errExit("mounting /lock");
                fs_logger("tmpfs /var/lock");
        }
@@ -266,7 +266,7 @@ void fs_var_tmp(void) {
                if (!is_link("/var/tmp")) {
                        if (arg_debug)
                                printf("Mounting tmpfs on /var/tmp\n");
-                        if (mount("tmpfs", "/var/tmp", "tmpfs", MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_STRICTATIME | MS_REC,  "mode=1777,gid=0") < 0)
+                        if (mount("tmpfs", "/var/tmp", "tmpfs", MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_STRICTATIME,  "mode=1777,gid=0") < 0)
                                errExit("mounting /var/tmp");
                        fs_logger("tmpfs /var/tmp");
                }

diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c index 5b872ad75..75369b47c 100644 --- a/src/firejail/fs_var.c +++ b/src/firejail/fs_var.c
@@ -118,7 +118,7 @@ void fs_var_log(void) {
118	// mount a tmpfs on top of /var/log	118	// mount a tmpfs on top of /var/log
119	if (arg_debug)	119	if (arg_debug)
120	printf("Mounting tmpfs on /var/log\n");	120	printf("Mounting tmpfs on /var/log\n");
121	if (mount("tmpfs", "/var/log", "tmpfs", MS_NOSUID \| MS_NOEXEC \| MS_NODEV \| MS_STRICTATIME \| MS_REC, "mode=755,gid=0") < 0)	121	if (mount("tmpfs", "/var/log", "tmpfs", MS_NOSUID \| MS_NOEXEC \| MS_NODEV \| MS_STRICTATIME, "mode=755,gid=0") < 0)
122	errExit("mounting /var/log");	122	errExit("mounting /var/log");
123	fs_logger("tmpfs /var/log");	123	fs_logger("tmpfs /var/log");
124		124
@@ -153,7 +153,7 @@ void fs_var_lib(void) {
153	if (stat("/var/lib/dhcp", &s) == 0) {	153	if (stat("/var/lib/dhcp", &s) == 0) {
154	if (arg_debug)	154	if (arg_debug)
155	printf("Mounting tmpfs on /var/lib/dhcp\n");	155	printf("Mounting tmpfs on /var/lib/dhcp\n");
156	if (mount("tmpfs", "/var/lib/dhcp", "tmpfs", MS_NOSUID \| MS_NOEXEC \| MS_NODEV \| MS_STRICTATIME \| MS_REC, "mode=755,gid=0") < 0)	156	if (mount("tmpfs", "/var/lib/dhcp", "tmpfs", MS_NOSUID \| MS_NOEXEC \| MS_NODEV \| MS_STRICTATIME, "mode=755,gid=0") < 0)
157	errExit("mounting /var/lib/dhcp");	157	errExit("mounting /var/lib/dhcp");
158	fs_logger("tmpfs /var/lib/dhcp");	158	fs_logger("tmpfs /var/lib/dhcp");
159		159
@@ -172,7 +172,7 @@ void fs_var_lib(void) {
172	if (stat("/var/lib/nginx", &s) == 0) {	172	if (stat("/var/lib/nginx", &s) == 0) {
173	if (arg_debug)	173	if (arg_debug)
174	printf("Mounting tmpfs on /var/lib/nginx\n");	174	printf("Mounting tmpfs on /var/lib/nginx\n");
175	if (mount("tmpfs", "/var/lib/nginx", "tmpfs", MS_NOSUID \| MS_NOEXEC \| MS_NODEV \| MS_STRICTATIME \| MS_REC, "mode=755,gid=0") < 0)	175	if (mount("tmpfs", "/var/lib/nginx", "tmpfs", MS_NOSUID \| MS_NOEXEC \| MS_NODEV \| MS_STRICTATIME, "mode=755,gid=0") < 0)
176	errExit("mounting /var/lib/nginx");	176	errExit("mounting /var/lib/nginx");
177	fs_logger("tmpfs /var/lib/nginx");	177	fs_logger("tmpfs /var/lib/nginx");
178	}	178	}
@@ -181,7 +181,7 @@ void fs_var_lib(void) {
181	if (stat("/var/lib/snmp", &s) == 0) {	181	if (stat("/var/lib/snmp", &s) == 0) {
182	if (arg_debug)	182	if (arg_debug)
183	printf("Mounting tmpfs on /var/lib/snmp\n");	183	printf("Mounting tmpfs on /var/lib/snmp\n");
184	if (mount("tmpfs", "/var/lib/snmp", "tmpfs", MS_NOSUID \| MS_NOEXEC \| MS_NODEV \| MS_STRICTATIME \| MS_REC, "mode=755,gid=0") < 0)	184	if (mount("tmpfs", "/var/lib/snmp", "tmpfs", MS_NOSUID \| MS_NOEXEC \| MS_NODEV \| MS_STRICTATIME, "mode=755,gid=0") < 0)
185	errExit("mounting /var/lib/snmp");	185	errExit("mounting /var/lib/snmp");
186	fs_logger("tmpfs /var/lib/snmp");	186	fs_logger("tmpfs /var/lib/snmp");
187	}	187	}
@@ -190,7 +190,7 @@ void fs_var_lib(void) {
190	if (stat("/var/lib/sudo", &s) == 0) {	190	if (stat("/var/lib/sudo", &s) == 0) {
191	if (arg_debug)	191	if (arg_debug)
192	printf("Mounting tmpfs on /var/lib/sudo\n");	192	printf("Mounting tmpfs on /var/lib/sudo\n");
193	if (mount("tmpfs", "/var/lib/sudo", "tmpfs", MS_NOSUID \| MS_NOEXEC \| MS_NODEV \| MS_STRICTATIME \| MS_REC, "mode=755,gid=0") < 0)	193	if (mount("tmpfs", "/var/lib/sudo", "tmpfs", MS_NOSUID \| MS_NOEXEC \| MS_NODEV \| MS_STRICTATIME, "mode=755,gid=0") < 0)
194	errExit("mounting /var/lib/sudo");	194	errExit("mounting /var/lib/sudo");
195	fs_logger("tmpfs /var/lib/sudo");	195	fs_logger("tmpfs /var/lib/sudo");
196	}	196	}
@@ -202,7 +202,7 @@ void fs_var_cache(void) {
202	if (stat("/var/cache/apache2", &s) == 0) {	202	if (stat("/var/cache/apache2", &s) == 0) {
203	if (arg_debug)	203	if (arg_debug)
204	printf("Mounting tmpfs on /var/cache/apache2\n");	204	printf("Mounting tmpfs on /var/cache/apache2\n");
205	if (mount("tmpfs", "/var/cache/apache2", "tmpfs", MS_NOSUID \| MS_NOEXEC \| MS_NODEV \| MS_STRICTATIME \| MS_REC, "mode=755,gid=0") < 0)	205	if (mount("tmpfs", "/var/cache/apache2", "tmpfs", MS_NOSUID \| MS_NOEXEC \| MS_NODEV \| MS_STRICTATIME, "mode=755,gid=0") < 0)
206	errExit("mounting /var/cache/apache2");	206	errExit("mounting /var/cache/apache2");
207	fs_logger("tmpfs /var/cache/apache2");	207	fs_logger("tmpfs /var/cache/apache2");
208	}	208	}
@@ -210,7 +210,7 @@ void fs_var_cache(void) {
210	if (stat("/var/cache/lighttpd", &s) == 0) {	210	if (stat("/var/cache/lighttpd", &s) == 0) {
211	if (arg_debug)	211	if (arg_debug)
212	printf("Mounting tmpfs on /var/cache/lighttpd\n");	212	printf("Mounting tmpfs on /var/cache/lighttpd\n");
213	if (mount("tmpfs", "/var/cache/lighttpd", "tmpfs", MS_NOSUID \| MS_NOEXEC \| MS_NODEV \| MS_STRICTATIME \| MS_REC, "mode=755,gid=0") < 0)	213	if (mount("tmpfs", "/var/cache/lighttpd", "tmpfs", MS_NOSUID \| MS_NOEXEC \| MS_NODEV \| MS_STRICTATIME, "mode=755,gid=0") < 0)
214	errExit("mounting /var/cache/lighttpd");	214	errExit("mounting /var/cache/lighttpd");
215	fs_logger("tmpfs /var/cache/lighttpd");	215	fs_logger("tmpfs /var/cache/lighttpd");
216		216
@@ -250,7 +250,7 @@ void fs_var_lock(void) {
250	if (is_dir("/var/lock")) {	250	if (is_dir("/var/lock")) {
251	if (arg_debug)	251	if (arg_debug)
252	printf("Mounting tmpfs on /var/lock\n");	252	printf("Mounting tmpfs on /var/lock\n");
253	if (mount("tmpfs", "/var/lock", "tmpfs", MS_NOSUID \| MS_NOEXEC \| MS_NODEV \| MS_STRICTATIME \| MS_REC, "mode=1777,gid=0") < 0)	253	if (mount("tmpfs", "/var/lock", "tmpfs", MS_NOSUID \| MS_NOEXEC \| MS_NODEV \| MS_STRICTATIME, "mode=1777,gid=0") < 0)
254	errExit("mounting /lock");	254	errExit("mounting /lock");
255	fs_logger("tmpfs /var/lock");	255	fs_logger("tmpfs /var/lock");
256	}	256	}
@@ -266,7 +266,7 @@ void fs_var_tmp(void) {
266	if (!is_link("/var/tmp")) {	266	if (!is_link("/var/tmp")) {
267	if (arg_debug)	267	if (arg_debug)
268	printf("Mounting tmpfs on /var/tmp\n");	268	printf("Mounting tmpfs on /var/tmp\n");
269	if (mount("tmpfs", "/var/tmp", "tmpfs", MS_NOSUID \| MS_NOEXEC \| MS_NODEV \| MS_STRICTATIME \| MS_REC, "mode=1777,gid=0") < 0)	269	if (mount("tmpfs", "/var/tmp", "tmpfs", MS_NOSUID \| MS_NOEXEC \| MS_NODEV \| MS_STRICTATIME, "mode=1777,gid=0") < 0)
270	errExit("mounting /var/tmp");	270	errExit("mounting /var/tmp");
271	fs_logger("tmpfs /var/tmp");	271	fs_logger("tmpfs /var/tmp");
272	}	272	}