diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/caps.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_home.c | 19 | ||||
-rw-r--r-- | src/firejail/main.c | 2 | ||||
-rw-r--r-- | src/firejail/netfilter.c | 2 |
4 files changed, 3 insertions, 22 deletions
diff --git a/src/firejail/caps.c b/src/firejail/caps.c index cd7dbee74..12d0eec57 100644 --- a/src/firejail/caps.c +++ b/src/firejail/caps.c | |||
@@ -309,7 +309,7 @@ int caps_default_filter(void) { | |||
309 | 309 | ||
310 | void caps_drop_all(void) { | 310 | void caps_drop_all(void) { |
311 | if (arg_debug) | 311 | if (arg_debug) |
312 | printf("Droping all capabilities\n"); | 312 | printf("Dropping all capabilities\n"); |
313 | 313 | ||
314 | unsigned long cap; | 314 | unsigned long cap; |
315 | for (cap=0; cap <= 63; cap++) { | 315 | for (cap=0; cap <= 63; cap++) { |
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index fca5f51c8..98d62b685 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -203,12 +203,6 @@ void fs_private_homedir(void) { | |||
203 | printf("Mounting a new /home directory\n"); | 203 | printf("Mounting a new /home directory\n"); |
204 | if (mount("tmpfs", "/home", "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) | 204 | if (mount("tmpfs", "/home", "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) |
205 | errExit("mounting home directory"); | 205 | errExit("mounting home directory"); |
206 | |||
207 | // mask /tmp only in root mode; KDE keeps all kind of sockets in /tmp! | ||
208 | if (arg_debug) | ||
209 | printf("Mounting a new /tmp directory\n"); | ||
210 | if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) | ||
211 | errExit("mounting tmp directory"); | ||
212 | } | 206 | } |
213 | 207 | ||
214 | 208 | ||
@@ -253,13 +247,6 @@ void fs_private(void) { | |||
253 | if (chown(homedir, u, g) < 0) | 247 | if (chown(homedir, u, g) < 0) |
254 | errExit("chown"); | 248 | errExit("chown"); |
255 | } | 249 | } |
256 | else { | ||
257 | // mask tmp only in root mode; KDE keeps all kind of sockets in /tmp! | ||
258 | if (arg_debug) | ||
259 | printf("Mounting a new /tmp directory\n"); | ||
260 | if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) | ||
261 | errExit("mounting tmp directory"); | ||
262 | } | ||
263 | 250 | ||
264 | skel(homedir, u, g); | 251 | skel(homedir, u, g); |
265 | if (xflag) | 252 | if (xflag) |
@@ -502,12 +489,6 @@ void fs_private_home_list(void) { | |||
502 | printf("Mounting a new /home directory\n"); | 489 | printf("Mounting a new /home directory\n"); |
503 | if (mount("tmpfs", "/home", "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) | 490 | if (mount("tmpfs", "/home", "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) |
504 | errExit("mounting home directory"); | 491 | errExit("mounting home directory"); |
505 | |||
506 | // mask /tmp only in root mode; KDE keeps all kind of sockets in /tmp! | ||
507 | if (arg_debug) | ||
508 | printf("Mounting a new /tmp directory\n"); | ||
509 | if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) | ||
510 | errExit("mounting tmp directory"); | ||
511 | } | 492 | } |
512 | 493 | ||
513 | skel(homedir, u, g); | 494 | skel(homedir, u, g); |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 3b2e7e4d9..43a468c46 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1084,7 +1084,7 @@ int main(int argc, char **argv) { | |||
1084 | } | 1084 | } |
1085 | 1085 | ||
1086 | if (custom_profile) | 1086 | if (custom_profile) |
1087 | printf("\n** Note: %s profile can be disabled by --noprofile option **\n\n", profile_name); | 1087 | printf("\n** Note: you can use --noprofile to disable %s.profile **\n\n", profile_name); |
1088 | } | 1088 | } |
1089 | } | 1089 | } |
1090 | 1090 | ||
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c index 5b5026a3d..8601a5696 100644 --- a/src/firejail/netfilter.c +++ b/src/firejail/netfilter.c | |||
@@ -87,7 +87,7 @@ void netfilter(const char *fname) { | |||
87 | allocated = 1; | 87 | allocated = 1; |
88 | } | 88 | } |
89 | 89 | ||
90 | // mount a tempfs on top of /tmp directory | 90 | // temporarily mount a tempfs on top of /tmp directory |
91 | if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) | 91 | if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) |
92 | errExit("mounting /tmp"); | 92 | errExit("mounting /tmp"); |
93 | 93 | ||