diff options
Diffstat (limited to 'src/firejail/sandbox.c')
-rw-r--r-- | src/firejail/sandbox.c | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 0a6777fef..68b8f554d 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -671,13 +671,33 @@ int sandbox(void* sandbox_arg) { | |||
671 | else if (arg_overlay) | 671 | else if (arg_overlay) |
672 | fprintf(stderr, "Warning: private-etc feature is disabled in overlay\n"); | 672 | fprintf(stderr, "Warning: private-etc feature is disabled in overlay\n"); |
673 | else { | 673 | else { |
674 | fs_private_etc_list(); | 674 | fs_private_dir_list("/etc", RUN_ETC_DIR, cfg.etc_private_keep); |
675 | // create /etc/ld.so.preload file again | 675 | // create /etc/ld.so.preload file again |
676 | if (arg_trace || arg_tracelog || mask_x11_abstract_socket) | 676 | if (arg_trace || arg_tracelog || mask_x11_abstract_socket) |
677 | fs_trace_preload(); | 677 | fs_trace_preload(); |
678 | } | 678 | } |
679 | } | 679 | } |
680 | 680 | ||
681 | if (arg_private_opt) { | ||
682 | if (cfg.chrootdir) | ||
683 | fprintf(stderr, "Warning: private-opt feature is disabled in chroot\n"); | ||
684 | else if (arg_overlay) | ||
685 | fprintf(stderr, "Warning: private-opt feature is disabled in overlay\n"); | ||
686 | else { | ||
687 | fs_private_dir_list("/opt", RUN_OPT_DIR, cfg.opt_private_keep); | ||
688 | } | ||
689 | } | ||
690 | |||
691 | if (arg_private_srv) { | ||
692 | if (cfg.chrootdir) | ||
693 | fprintf(stderr, "Warning: private-srv feature is disabled in chroot\n"); | ||
694 | else if (arg_overlay) | ||
695 | fprintf(stderr, "Warning: private-srv feature is disabled in overlay\n"); | ||
696 | else { | ||
697 | fs_private_dir_list("/srv", RUN_SRV_DIR, cfg.srv_private_keep); | ||
698 | } | ||
699 | } | ||
700 | |||
681 | if (arg_private_bin) { | 701 | if (arg_private_bin) { |
682 | if (cfg.chrootdir) | 702 | if (cfg.chrootdir) |
683 | fprintf(stderr, "Warning: private-bin feature is disabled in chroot\n"); | 703 | fprintf(stderr, "Warning: private-bin feature is disabled in chroot\n"); |