diff options
Diffstat (limited to 'src/firejail/preproc.c')
-rw-r--r-- | src/firejail/preproc.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c index b25b79a9e..44f82681a 100644 --- a/src/firejail/preproc.c +++ b/src/firejail/preproc.c | |||
@@ -91,10 +91,18 @@ void preproc_mount_mnt_dir(void) { | |||
91 | copy_file(PATH_SECCOMP_MDWX, RUN_SECCOMP_MDWX, getuid(), getgid(), 0644); // root needed | 91 | copy_file(PATH_SECCOMP_MDWX, RUN_SECCOMP_MDWX, getuid(), getgid(), 0644); // root needed |
92 | copy_file(PATH_SECCOMP_MDWX_32, RUN_SECCOMP_MDWX_32, getuid(), getgid(), 0644); // root needed | 92 | copy_file(PATH_SECCOMP_MDWX_32, RUN_SECCOMP_MDWX_32, getuid(), getgid(), 0644); // root needed |
93 | } | 93 | } |
94 | // as root, create empty RUN_SECCOMP_PROTOCOL and RUN_SECCOMP_POSTEXEC files | 94 | // as root, create empty RUN_SECCOMP_PROTOCOL, RUN_SECCOMP_NS and RUN_SECCOMP_POSTEXEC files |
95 | create_empty_file_as_root(RUN_SECCOMP_PROTOCOL, 0644); | 95 | create_empty_file_as_root(RUN_SECCOMP_PROTOCOL, 0644); |
96 | if (set_perms(RUN_SECCOMP_PROTOCOL, getuid(), getgid(), 0644)) | 96 | if (set_perms(RUN_SECCOMP_PROTOCOL, getuid(), getgid(), 0644)) |
97 | errExit("set_perms"); | 97 | errExit("set_perms"); |
98 | if (cfg.restrict_namespaces) { | ||
99 | create_empty_file_as_root(RUN_SECCOMP_NS, 0644); | ||
100 | if (set_perms(RUN_SECCOMP_NS, getuid(), getgid(), 0644)) | ||
101 | errExit("set_perms"); | ||
102 | create_empty_file_as_root(RUN_SECCOMP_NS_32, 0644); | ||
103 | if (set_perms(RUN_SECCOMP_NS_32, getuid(), getgid(), 0644)) | ||
104 | errExit("set_perms"); | ||
105 | } | ||
98 | create_empty_file_as_root(RUN_SECCOMP_POSTEXEC, 0644); | 106 | create_empty_file_as_root(RUN_SECCOMP_POSTEXEC, 0644); |
99 | if (set_perms(RUN_SECCOMP_POSTEXEC, getuid(), getgid(), 0644)) | 107 | if (set_perms(RUN_SECCOMP_POSTEXEC, getuid(), getgid(), 0644)) |
100 | errExit("set_perms"); | 108 | errExit("set_perms"); |