aboutsummaryrefslogtreecommitdiffstats
path: root/src/firejail/sandbox.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/firejail/sandbox.c')
-rw-r--r--src/firejail/sandbox.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 9abf94a7f..e20ec603c 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -19,6 +19,7 @@
19*/ 19*/
20 20
21#include "firejail.h" 21#include "firejail.h"
22#include "../include/seccomp.h"
22#include <sys/mount.h> 23#include <sys/mount.h>
23#include <sys/wait.h> 24#include <sys/wait.h>
24#include <sys/stat.h> 25#include <sys/stat.h>
@@ -1124,6 +1125,10 @@ int sandbox(void* sandbox_arg) {
1124 } 1125 }
1125 1126
1126 if (arg_memory_deny_write_execute) { 1127 if (arg_memory_deny_write_execute) {
1128 if (arg_seccomp_error_action != EPERM) {
1129 seccomp_filter_mdwx(true);
1130 seccomp_filter_mdwx(false);
1131 }
1127 if (arg_debug) 1132 if (arg_debug)
1128 printf("Install memory write&execute filter\n"); 1133 printf("Install memory write&execute filter\n");
1129 seccomp_load(RUN_SECCOMP_MDWX); // install filter 1134 seccomp_load(RUN_SECCOMP_MDWX); // install filter
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-17 19:40:11 +0000