diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs.c | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 905d2903d..84dc9046c 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -538,31 +538,32 @@ void fs_proc_sys_dev_boot(void) { | |||
538 | struct stat s; | 538 | struct stat s; |
539 | 539 | ||
540 | 540 | ||
541 | // breaks too many applications, option needed | ||
542 | /* // disable /run/user/{uid}/bus */ | ||
543 | /* char *fnamebus; */ | ||
544 | /* if (asprintf(&fnamebus, "/run/user/%d/bus", getuid()) == -1) */ | ||
545 | /* errExit("asprintf"); */ | ||
546 | /* if (stat(fnamebus, &s) == 0) */ | ||
547 | /* disable_file(BLACKLIST_FILE, fnamebus); */ | ||
548 | /* free(fnamebus); */ | ||
549 | |||
550 | // disable /run/user/{uid}/gnupg | 541 | // disable /run/user/{uid}/gnupg |
551 | char *fnamegpg; | 542 | char *fnamegpg; |
552 | if (asprintf(&fnamegpg, "/run/user/%d/gnupg", getuid()) == -1) | 543 | if (asprintf(&fnamegpg, "/run/user/%d/gnupg", getuid()) == -1) |
553 | errExit("asprintf"); | 544 | errExit("asprintf"); |
554 | if (stat(fnamegpg, &s) == 0) | 545 | if (stat(fnamegpg, &s) == 0) |
555 | disable_file(BLACKLIST_FILE, fnamegpg); | 546 | disable_file(BLACKLIST_FILE, fnamegpg); |
556 | free(fnamegpg); | 547 | free(fnamegpg); |
557 | 548 | ||
558 | // disable /run/user/{uid}/systemd | 549 | // disable /run/user/{uid}/systemd |
559 | char *fnamesysd; | 550 | char *fnamesysd; |
560 | if (asprintf(&fnamesysd, "/run/user/%d/systemd", getuid()) == -1) | 551 | if (asprintf(&fnamesysd, "/run/user/%d/systemd", getuid()) == -1) |
561 | errExit("asprintf"); | 552 | errExit("asprintf"); |
562 | if (stat(fnamesysd, &s) == 0) | 553 | if (stat(fnamesysd, &s) == 0) |
563 | disable_file(BLACKLIST_FILE, fnamesysd); | 554 | disable_file(BLACKLIST_FILE, fnamesysd); |
564 | free(fnamesysd); | 555 | free(fnamesysd); |
565 | 556 | ||
557 | // todo: investigate | ||
558 | #if 0 | ||
559 | // breaks too many applications, option needed | ||
560 | /* // disable /run/user/{uid}/bus */ | ||
561 | /* char *fnamebus; */ | ||
562 | /* if (asprintf(&fnamebus, "/run/user/%d/bus", getuid()) == -1) */ | ||
563 | /* errExit("asprintf"); */ | ||
564 | /* if (stat(fnamebus, &s) == 0) */ | ||
565 | /* disable_file(BLACKLIST_FILE, fnamebus); */ | ||
566 | /* free(fnamebus); */ | ||
566 | 567 | ||
567 | // WARNING: not working | 568 | // WARNING: not working |
568 | // disable /run/user/{uid}/kdeinit* | 569 | // disable /run/user/{uid}/kdeinit* |
@@ -593,7 +594,7 @@ void fs_proc_sys_dev_boot(void) { | |||
593 | 594 | ||
594 | //more files with sockets to be blacklisted | 595 | //more files with sockets to be blacklisted |
595 | // /run/dbus /run/systemd /run/udev /run/lvm | 596 | // /run/dbus /run/systemd /run/udev /run/lvm |
596 | 597 | #endif | |
597 | 598 | ||
598 | 599 | ||
599 | if (getuid() != 0) { | 600 | if (getuid() != 0) { |