diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs.c | 48 |
1 files changed, 27 insertions, 21 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index adddf626b..890f281aa 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -532,29 +532,35 @@ void fs_proc_sys_dev_boot(void) { | |||
532 | disable_file(BLACKLIST_FILE, "/dev/port"); | 532 | disable_file(BLACKLIST_FILE, "/dev/port"); |
533 | 533 | ||
534 | 534 | ||
535 | // disable various ipc sockets | ||
536 | struct stat s; | ||
537 | 535 | ||
538 | // disable /run/user/{uid}/gnupg | 536 | // disable various ipc sockets in /run/user |
539 | char *fnamegpg; | 537 | struct stat s; |
540 | if (asprintf(&fnamegpg, "/run/user/%d/gnupg", getuid()) == -1) | 538 | |
541 | errExit("asprintf"); | 539 | char *fname; |
542 | if (stat(fnamegpg, &s) == -1) | 540 | if (asprintf(&fname, "/run/usr/%d", getuid()) == -1) |
543 | mkdir_attr(fnamegpg, 0700, getuid(), getgid()); | ||
544 | if (stat(fnamegpg, &s) == 0) | ||
545 | disable_file(BLACKLIST_FILE, fnamegpg); | ||
546 | free(fnamegpg); | ||
547 | |||
548 | // disable /run/user/{uid}/systemd | ||
549 | char *fnamesysd; | ||
550 | if (asprintf(&fnamesysd, "/run/user/%d/systemd", getuid()) == -1) | ||
551 | errExit("asprintf"); | 541 | errExit("asprintf"); |
552 | if (stat(fnamesysd, &s) == -1) | 542 | if (is_dir(fname)) { // older distros don't have this directory |
553 | mkdir_attr(fnamesysd, 0755, getuid(), getgid()); | 543 | // disable /run/user/{uid}/gnupg |
554 | if (stat(fnamesysd, &s) == 0) | 544 | char *fnamegpg; |
555 | disable_file(BLACKLIST_FILE, fnamesysd); | 545 | if (asprintf(&fnamegpg, "/run/user/%d/gnupg", getuid()) == -1) |
556 | free(fnamesysd); | 546 | errExit("asprintf"); |
557 | 547 | if (stat(fnamegpg, &s) == -1) | |
548 | mkdir_attr(fnamegpg, 0700, getuid(), getgid()); | ||
549 | if (stat(fnamegpg, &s) == 0) | ||
550 | disable_file(BLACKLIST_FILE, fnamegpg); | ||
551 | free(fnamegpg); | ||
552 | |||
553 | // disable /run/user/{uid}/systemd | ||
554 | char *fnamesysd; | ||
555 | if (asprintf(&fnamesysd, "/run/user/%d/systemd", getuid()) == -1) | ||
556 | errExit("asprintf"); | ||
557 | if (stat(fnamesysd, &s) == -1) | ||
558 | mkdir_attr(fnamesysd, 0755, getuid(), getgid()); | ||
559 | if (stat(fnamesysd, &s) == 0) | ||
560 | disable_file(BLACKLIST_FILE, fnamesysd); | ||
561 | free(fnamesysd); | ||
562 | } | ||
563 | free(fname); | ||
558 | 564 | ||
559 | // todo: investigate | 565 | // todo: investigate |
560 | #if 0 | 566 | #if 0 |