diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs.c | 12 | ||||
-rw-r--r-- | src/firejail/main.c | 2 | ||||
-rw-r--r-- | src/firejail/profile.c | 4 |
3 files changed, 12 insertions, 6 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 92cf4c1bc..df5e8410b 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -580,12 +580,14 @@ void fs_proc_sys_dev_boot(void) { | |||
580 | /* Mount a version of /sys that describes the network namespace */ | 580 | /* Mount a version of /sys that describes the network namespace */ |
581 | if (arg_debug) | 581 | if (arg_debug) |
582 | printf("Remounting /sys directory\n"); | 582 | printf("Remounting /sys directory\n"); |
583 | if (umount2("/sys", MNT_DETACH) < 0) | 583 | if (umount2("/sys", MNT_DETACH) < 0) |
584 | fprintf(stderr, "Warning: failed to unmount /sys\n"); | 584 | fprintf(stderr, "Warning: failed to unmount /sys\n"); |
585 | if (mount("sysfs", "/sys", "sysfs", MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REC, NULL) < 0) | 585 | else { |
586 | fprintf(stderr, "Warning: failed to mount /sys\n"); | 586 | if (mount("sysfs", "/sys", "sysfs", MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REC, NULL) < 0) |
587 | else | 587 | fprintf(stderr, "Warning: failed to mount /sys\n"); |
588 | fs_logger("remount /sys"); | 588 | else |
589 | fs_logger("remount /sys"); | ||
590 | } | ||
589 | 591 | ||
590 | if (stat("/sys/firmware", &s) == 0) { | 592 | if (stat("/sys/firmware", &s) == 0) { |
591 | disable_file(BLACKLIST_FILE, "/sys/firmware"); | 593 | disable_file(BLACKLIST_FILE, "/sys/firmware"); |
diff --git a/src/firejail/main.c b/src/firejail/main.c index fe4027a55..f02da66aa 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -142,7 +142,7 @@ static inline Bridge *last_bridge_configured(void) { | |||
142 | } | 142 | } |
143 | 143 | ||
144 | // return 1 if error, 0 if a valid pid was found | 144 | // return 1 if error, 0 if a valid pid was found |
145 | static int read_pid(char *str, pid_t *pid) { | 145 | static inline int read_pid(char *str, pid_t *pid) { |
146 | char *endptr; | 146 | char *endptr; |
147 | errno = 0; | 147 | errno = 0; |
148 | long int pidtmp = strtol(str, &endptr, 10); | 148 | long int pidtmp = strtol(str, &endptr, 10); |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 112454396..ba287027c 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -363,6 +363,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
363 | fprintf(stderr, "Error: invalid file name.\n"); | 363 | fprintf(stderr, "Error: invalid file name.\n"); |
364 | exit(1); | 364 | exit(1); |
365 | } | 365 | } |
366 | if (is_link(dname1) || is_link(dname2)) { | ||
367 | fprintf(stderr, "Symbolic links are not allowed for bind command\n"); | ||
368 | exit(1); | ||
369 | } | ||
366 | 370 | ||
367 | // insert comma back | 371 | // insert comma back |
368 | *(dname2 - 1) = ','; | 372 | *(dname2 - 1) = ','; |