From a9f45ae11452e7f0170aca4d70f951c3f7c21d10 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Sun, 29 Jan 2017 15:21:24 -0500
Subject: merges

---
 README                 |  2 ++
 src/firejail/sandbox.c | 17 +++++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/README b/README
index 64c5b3968..687eab4e0 100644
--- a/README
+++ b/README
@@ -98,6 +98,8 @@ valoq (https://github.com/valoq)
 	- added skanlite, ssh-agent, transmission-cli, tracker, transmission-show, w3m, xfburn, xpra profiles
 	- added wget profile
 	- disable gnupg and systemd directories under /run/user
+Igor Bukanov (https://github.com/ibukanov)
+	- found/fiixed privilege escalation in --hosts-file option
 Cat (https://github.com/ecat3)
 	- prevent tmux connecting to an existing session
 Zack Weinberg (https://github.com/zackw)
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 812112b51..d6d7d3887 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -629,6 +629,23 @@ int sandbox(void* sandbox_arg) {
 #ifdef HAVE_OVERLAYFS
 	if (arg_overlay)	{
 		fs_overlayfs();
+
+//todo - bring it back for overlay-named
+#if 0		
+		fs_overlayfs();
+		// force caps and seccomp if not started as root
+		if (getuid() != 0) {
+			enforce_filters();
+#ifdef HAVE_SECCOMP
+			enforce_seccomp = 1;
+#endif
+		}
+		else
+			arg_seccomp = 1;
+#endif		
+		
+		
+		
 	}
 	else
 #endif
-- 
cgit v1.2.3-70-g09d2