diff options
Diffstat (limited to 'src/firejail/preproc.c')
| -rw-r--r-- | src/firejail/preproc.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c index b25b79a9e..44f82681a 100644 --- a/src/firejail/preproc.c +++ b/src/firejail/preproc.c | |||
| @@ -91,10 +91,18 @@ void preproc_mount_mnt_dir(void) { | |||
| 91 | copy_file(PATH_SECCOMP_MDWX, RUN_SECCOMP_MDWX, getuid(), getgid(), 0644); // root needed | 91 | copy_file(PATH_SECCOMP_MDWX, RUN_SECCOMP_MDWX, getuid(), getgid(), 0644); // root needed |
| 92 | copy_file(PATH_SECCOMP_MDWX_32, RUN_SECCOMP_MDWX_32, getuid(), getgid(), 0644); // root needed | 92 | copy_file(PATH_SECCOMP_MDWX_32, RUN_SECCOMP_MDWX_32, getuid(), getgid(), 0644); // root needed |
| 93 | } | 93 | } |
| 94 | // as root, create empty RUN_SECCOMP_PROTOCOL and RUN_SECCOMP_POSTEXEC files | 94 | // as root, create empty RUN_SECCOMP_PROTOCOL, RUN_SECCOMP_NS and RUN_SECCOMP_POSTEXEC files |
| 95 | create_empty_file_as_root(RUN_SECCOMP_PROTOCOL, 0644); | 95 | create_empty_file_as_root(RUN_SECCOMP_PROTOCOL, 0644); |
| 96 | if (set_perms(RUN_SECCOMP_PROTOCOL, getuid(), getgid(), 0644)) | 96 | if (set_perms(RUN_SECCOMP_PROTOCOL, getuid(), getgid(), 0644)) |
| 97 | errExit("set_perms"); | 97 | errExit("set_perms"); |
| 98 | if (cfg.restrict_namespaces) { | ||
| 99 | create_empty_file_as_root(RUN_SECCOMP_NS, 0644); | ||
| 100 | if (set_perms(RUN_SECCOMP_NS, getuid(), getgid(), 0644)) | ||
| 101 | errExit("set_perms"); | ||
| 102 | create_empty_file_as_root(RUN_SECCOMP_NS_32, 0644); | ||
| 103 | if (set_perms(RUN_SECCOMP_NS_32, getuid(), getgid(), 0644)) | ||
| 104 | errExit("set_perms"); | ||
| 105 | } | ||
| 98 | create_empty_file_as_root(RUN_SECCOMP_POSTEXEC, 0644); | 106 | create_empty_file_as_root(RUN_SECCOMP_POSTEXEC, 0644); |
| 99 | if (set_perms(RUN_SECCOMP_POSTEXEC, getuid(), getgid(), 0644)) | 107 | if (set_perms(RUN_SECCOMP_POSTEXEC, getuid(), getgid(), 0644)) |
| 100 | errExit("set_perms"); | 108 | errExit("set_perms"); |