1 files changed, 21 insertions, 1 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 0a6777fef..68b8f554d 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -671,13 +671,33 @@ int sandbox(void* sandbox_arg) {
                else if (arg_overlay)
                        fprintf(stderr, "Warning: private-etc feature is disabled in overlay\n");
                else {
-                        fs_private_etc_list();
+                        fs_private_dir_list("/etc", RUN_ETC_DIR, cfg.etc_private_keep);
                        // create /etc/ld.so.preload file again
                        if (arg_trace || arg_tracelog || mask_x11_abstract_socket)
                                fs_trace_preload();
                }
        }
        
+        if (arg_private_opt) {
+                if (cfg.chrootdir)
+                        fprintf(stderr, "Warning: private-opt feature is disabled in chroot\n");
+                else if (arg_overlay)
+                        fprintf(stderr, "Warning: private-opt feature is disabled in overlay\n");
+                else {
+                        fs_private_dir_list("/opt", RUN_OPT_DIR, cfg.opt_private_keep);
+                }
+        }
+        
+        if (arg_private_srv) {
+                if (cfg.chrootdir)
+                        fprintf(stderr, "Warning: private-srv feature is disabled in chroot\n");
+                else if (arg_overlay)
+                        fprintf(stderr, "Warning: private-srv feature is disabled in overlay\n");
+                else {
+                        fs_private_dir_list("/srv", RUN_SRV_DIR, cfg.srv_private_keep);
+                }
+        }
+        
        if (arg_private_bin) {
                if (cfg.chrootdir)
                        fprintf(stderr, "Warning: private-bin feature is disabled in chroot\n");

diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 0a6777fef..68b8f554d 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c
@@ -671,13 +671,33 @@ int sandbox(void* sandbox_arg) {
671	else if (arg_overlay)	671	else if (arg_overlay)
672	fprintf(stderr, "Warning: private-etc feature is disabled in overlay\n");	672	fprintf(stderr, "Warning: private-etc feature is disabled in overlay\n");
673	else {	673	else {
674	fs_private_etc_list();	674	fs_private_dir_list("/etc", RUN_ETC_DIR, cfg.etc_private_keep);
675	// create /etc/ld.so.preload file again	675	// create /etc/ld.so.preload file again
676	if (arg_trace \|\| arg_tracelog \|\| mask_x11_abstract_socket)	676	if (arg_trace \|\| arg_tracelog \|\| mask_x11_abstract_socket)
677	fs_trace_preload();	677	fs_trace_preload();
678	}	678	}
679	}	679	}
680		680
		681	if (arg_private_opt) {
		682	if (cfg.chrootdir)
		683	fprintf(stderr, "Warning: private-opt feature is disabled in chroot\n");
		684	else if (arg_overlay)
		685	fprintf(stderr, "Warning: private-opt feature is disabled in overlay\n");
		686	else {
		687	fs_private_dir_list("/opt", RUN_OPT_DIR, cfg.opt_private_keep);
		688	}
		689	}
		690
		691	if (arg_private_srv) {
		692	if (cfg.chrootdir)
		693	fprintf(stderr, "Warning: private-srv feature is disabled in chroot\n");
		694	else if (arg_overlay)
		695	fprintf(stderr, "Warning: private-srv feature is disabled in overlay\n");
		696	else {
		697	fs_private_dir_list("/srv", RUN_SRV_DIR, cfg.srv_private_keep);
		698	}
		699	}
		700
681	if (arg_private_bin) {	701	if (arg_private_bin) {
682	if (cfg.chrootdir)	702	if (cfg.chrootdir)
683	fprintf(stderr, "Warning: private-bin feature is disabled in chroot\n");	703	fprintf(stderr, "Warning: private-bin feature is disabled in chroot\n");