1 files changed, 10 insertions, 10 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 85a51c0c8..22b5fb0a7 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -464,7 +464,7 @@ void fs_whitelist(void) {
        // /home/user
        if (home_dir) {
                // keep a copy of real home dir in RUN_WHITELIST_HOME_USER_DIR
-                int rv = mkdir(RUN_WHITELIST_HOME_USER_DIR, S_IRWXU | S_IRWXG | S_IRWXO);
+                int rv = mkdir(RUN_WHITELIST_HOME_USER_DIR, 0755);
                if (rv == -1)
                        errExit("mkdir");
                if (chown(RUN_WHITELIST_HOME_USER_DIR, getuid(), getgid()) < 0)
@@ -482,12 +482,12 @@ void fs_whitelist(void) {
        // /tmp mountpoint
        if (tmp_dir) {
                // keep a copy of real /tmp directory in WHITELIST_TMP_DIR
-                int rv = mkdir(RUN_WHITELIST_TMP_DIR, S_IRWXU | S_IRWXG | S_IRWXO);
+                int rv = mkdir(RUN_WHITELIST_TMP_DIR, 1777);
                if (rv == -1)
                        errExit("mkdir");
                if (chown(RUN_WHITELIST_TMP_DIR, 0, 0) < 0)
                        errExit("chown");
-                if (chmod(RUN_WHITELIST_TMP_DIR, 0777) < 0)
+                if (chmod(RUN_WHITELIST_TMP_DIR, 1777) < 0)
                        errExit("chmod");
        
                if (mount("/tmp", RUN_WHITELIST_TMP_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
@@ -496,7 +496,7 @@ void fs_whitelist(void) {
                // mount tmpfs on /tmp
                if (arg_debug || arg_debug_whitelists)
                        printf("Mounting tmpfs on /tmp directory\n");
-                if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=777,gid=0") < 0)
+                if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=1777,gid=0") < 0)
                        errExit("mounting tmpfs on /tmp");
                fs_logger("mount tmpfs on /tmp");
        }
@@ -504,7 +504,7 @@ void fs_whitelist(void) {
        // /media mountpoint
        if (media_dir) {
                // keep a copy of real /media directory in RUN_WHITELIST_MEDIA_DIR
-                int rv = mkdir(RUN_WHITELIST_MEDIA_DIR, S_IRWXU | S_IRWXG | S_IRWXO);
+                int rv = mkdir(RUN_WHITELIST_MEDIA_DIR, 0755);
                if (rv == -1)
                        errExit("mkdir");
                if (chown(RUN_WHITELIST_MEDIA_DIR, 0, 0) < 0)
@@ -526,7 +526,7 @@ void fs_whitelist(void) {
        // /var mountpoint
        if (var_dir) {
                // keep a copy of real /var directory in RUN_WHITELIST_VAR_DIR
-                int rv = mkdir(RUN_WHITELIST_VAR_DIR, S_IRWXU | S_IRWXG | S_IRWXO);
+                int rv = mkdir(RUN_WHITELIST_VAR_DIR, 0755);
                if (rv == -1)
                        errExit("mkdir");
                if (chown(RUN_WHITELIST_VAR_DIR, 0, 0) < 0)
@@ -548,7 +548,7 @@ void fs_whitelist(void) {
        // /dev mountpoint
        if (dev_dir) {
                // keep a copy of real /dev directory in RUN_WHITELIST_DEV_DIR
-                int rv = mkdir(RUN_WHITELIST_DEV_DIR, S_IRWXU | S_IRWXG | S_IRWXO);
+                int rv = mkdir(RUN_WHITELIST_DEV_DIR, 0755);
                if (rv == -1)
                        errExit("mkdir");
                if (chown(RUN_WHITELIST_DEV_DIR, 0, 0) < 0)
@@ -556,7 +556,7 @@ void fs_whitelist(void) {
                if (chmod(RUN_WHITELIST_DEV_DIR, 0755) < 0)
                        errExit("chmod");
        
-                if (mount("/dev", RUN_WHITELIST_DEV_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
+                if (mount("/dev", RUN_WHITELIST_DEV_DIR, NULL, MS_BIND|MS_REC,  "mode=755,gid=0") < 0)
                        errExit("mount bind");
        
                // mount tmpfs on /dev
@@ -569,8 +569,8 @@ void fs_whitelist(void) {
        // /opt mountpoint
        if (opt_dir) {
-                // keep a copy of real /opt directory in RUN_WHITELIST_DEV_DIR
+                // keep a copy of real /opt directory in RUN_WHITELIST_OPT_DIR
-                int rv = mkdir(RUN_WHITELIST_OPT_DIR, S_IRWXU | S_IRWXG | S_IRWXO);
+                int rv = mkdir(RUN_WHITELIST_OPT_DIR, 0755);
                if (rv == -1)
                        errExit("mkdir");
                if (chown(RUN_WHITELIST_OPT_DIR, 0, 0) < 0)

diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 85a51c0c8..22b5fb0a7 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c
@@ -464,7 +464,7 @@ void fs_whitelist(void) {
464	// /home/user	464	// /home/user
465	if (home_dir) {	465	if (home_dir) {
466	// keep a copy of real home dir in RUN_WHITELIST_HOME_USER_DIR	466	// keep a copy of real home dir in RUN_WHITELIST_HOME_USER_DIR
467	int rv = mkdir(RUN_WHITELIST_HOME_USER_DIR, S_IRWXU \| S_IRWXG \| S_IRWXO);	467	int rv = mkdir(RUN_WHITELIST_HOME_USER_DIR, 0755);
468	if (rv == -1)	468	if (rv == -1)
469	errExit("mkdir");	469	errExit("mkdir");
470	if (chown(RUN_WHITELIST_HOME_USER_DIR, getuid(), getgid()) < 0)	470	if (chown(RUN_WHITELIST_HOME_USER_DIR, getuid(), getgid()) < 0)
@@ -482,12 +482,12 @@ void fs_whitelist(void) {
482	// /tmp mountpoint	482	// /tmp mountpoint
483	if (tmp_dir) {	483	if (tmp_dir) {
484	// keep a copy of real /tmp directory in WHITELIST_TMP_DIR	484	// keep a copy of real /tmp directory in WHITELIST_TMP_DIR
485	int rv = mkdir(RUN_WHITELIST_TMP_DIR, S_IRWXU \| S_IRWXG \| S_IRWXO);	485	int rv = mkdir(RUN_WHITELIST_TMP_DIR, 1777);
486	if (rv == -1)	486	if (rv == -1)
487	errExit("mkdir");	487	errExit("mkdir");
488	if (chown(RUN_WHITELIST_TMP_DIR, 0, 0) < 0)	488	if (chown(RUN_WHITELIST_TMP_DIR, 0, 0) < 0)
489	errExit("chown");	489	errExit("chown");
490	if (chmod(RUN_WHITELIST_TMP_DIR, 0777) < 0)	490	if (chmod(RUN_WHITELIST_TMP_DIR, 1777) < 0)
491	errExit("chmod");	491	errExit("chmod");
492		492
493	if (mount("/tmp", RUN_WHITELIST_TMP_DIR, NULL, MS_BIND\|MS_REC, NULL) < 0)	493	if (mount("/tmp", RUN_WHITELIST_TMP_DIR, NULL, MS_BIND\|MS_REC, NULL) < 0)
@@ -496,7 +496,7 @@ void fs_whitelist(void) {
496	// mount tmpfs on /tmp	496	// mount tmpfs on /tmp
497	if (arg_debug \|\| arg_debug_whitelists)	497	if (arg_debug \|\| arg_debug_whitelists)
498	printf("Mounting tmpfs on /tmp directory\n");	498	printf("Mounting tmpfs on /tmp directory\n");
499	if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID \| MS_STRICTATIME \| MS_REC, "mode=777,gid=0") < 0)	499	if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID \| MS_STRICTATIME \| MS_REC, "mode=1777,gid=0") < 0)
500	errExit("mounting tmpfs on /tmp");	500	errExit("mounting tmpfs on /tmp");
501	fs_logger("mount tmpfs on /tmp");	501	fs_logger("mount tmpfs on /tmp");
502	}	502	}
@@ -504,7 +504,7 @@ void fs_whitelist(void) {
504	// /media mountpoint	504	// /media mountpoint
505	if (media_dir) {	505	if (media_dir) {
506	// keep a copy of real /media directory in RUN_WHITELIST_MEDIA_DIR	506	// keep a copy of real /media directory in RUN_WHITELIST_MEDIA_DIR
507	int rv = mkdir(RUN_WHITELIST_MEDIA_DIR, S_IRWXU \| S_IRWXG \| S_IRWXO);	507	int rv = mkdir(RUN_WHITELIST_MEDIA_DIR, 0755);
508	if (rv == -1)	508	if (rv == -1)
509	errExit("mkdir");	509	errExit("mkdir");
510	if (chown(RUN_WHITELIST_MEDIA_DIR, 0, 0) < 0)	510	if (chown(RUN_WHITELIST_MEDIA_DIR, 0, 0) < 0)
@@ -526,7 +526,7 @@ void fs_whitelist(void) {
526	// /var mountpoint	526	// /var mountpoint
527	if (var_dir) {	527	if (var_dir) {
528	// keep a copy of real /var directory in RUN_WHITELIST_VAR_DIR	528	// keep a copy of real /var directory in RUN_WHITELIST_VAR_DIR
529	int rv = mkdir(RUN_WHITELIST_VAR_DIR, S_IRWXU \| S_IRWXG \| S_IRWXO);	529	int rv = mkdir(RUN_WHITELIST_VAR_DIR, 0755);
530	if (rv == -1)	530	if (rv == -1)
531	errExit("mkdir");	531	errExit("mkdir");
532	if (chown(RUN_WHITELIST_VAR_DIR, 0, 0) < 0)	532	if (chown(RUN_WHITELIST_VAR_DIR, 0, 0) < 0)
@@ -548,7 +548,7 @@ void fs_whitelist(void) {
548	// /dev mountpoint	548	// /dev mountpoint
549	if (dev_dir) {	549	if (dev_dir) {
550	// keep a copy of real /dev directory in RUN_WHITELIST_DEV_DIR	550	// keep a copy of real /dev directory in RUN_WHITELIST_DEV_DIR
551	int rv = mkdir(RUN_WHITELIST_DEV_DIR, S_IRWXU \| S_IRWXG \| S_IRWXO);	551	int rv = mkdir(RUN_WHITELIST_DEV_DIR, 0755);
552	if (rv == -1)	552	if (rv == -1)
553	errExit("mkdir");	553	errExit("mkdir");
554	if (chown(RUN_WHITELIST_DEV_DIR, 0, 0) < 0)	554	if (chown(RUN_WHITELIST_DEV_DIR, 0, 0) < 0)
@@ -556,7 +556,7 @@ void fs_whitelist(void) {
556	if (chmod(RUN_WHITELIST_DEV_DIR, 0755) < 0)	556	if (chmod(RUN_WHITELIST_DEV_DIR, 0755) < 0)
557	errExit("chmod");	557	errExit("chmod");
558		558
559	if (mount("/dev", RUN_WHITELIST_DEV_DIR, NULL, MS_BIND\|MS_REC, NULL) < 0)	559	if (mount("/dev", RUN_WHITELIST_DEV_DIR, NULL, MS_BIND\|MS_REC, "mode=755,gid=0") < 0)
560	errExit("mount bind");	560	errExit("mount bind");
561		561
562	// mount tmpfs on /dev	562	// mount tmpfs on /dev
@@ -569,8 +569,8 @@ void fs_whitelist(void) {
569		569
570	// /opt mountpoint	570	// /opt mountpoint
571	if (opt_dir) {	571	if (opt_dir) {
572	// keep a copy of real /opt directory in RUN_WHITELIST_DEV_DIR	572	// keep a copy of real /opt directory in RUN_WHITELIST_OPT_DIR
573	int rv = mkdir(RUN_WHITELIST_OPT_DIR, S_IRWXU \| S_IRWXG \| S_IRWXO);	573	int rv = mkdir(RUN_WHITELIST_OPT_DIR, 0755);
574	if (rv == -1)	574	if (rv == -1)
575	errExit("mkdir");	575	errExit("mkdir");
576	if (chown(RUN_WHITELIST_OPT_DIR, 0, 0) < 0)	576	if (chown(RUN_WHITELIST_OPT_DIR, 0, 0) < 0)