From d1afb133e35ba444b214d2d4b63f460925e90ece Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Sun, 10 Jul 2016 08:44:00 -0400
Subject: /var and /etc are noexec by default

---
 src/firejail/fs.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index de59b6676..4b2b91b17 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -722,10 +722,12 @@ void fs_basic_fs(void) {
 		printf("Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr");
 	if (!arg_writable_etc) {
 		fs_rdonly("/etc");
+		fs_noexec("/etc");
 		if (arg_debug) printf(", /etc");
 	}
 	if (!arg_writable_var) {
 		fs_rdonly("/var");
+		fs_noexec("/var");
 		if (arg_debug) printf(", /var");
 	}
 	if (arg_debug) printf("\n");
-- 
cgit v1.2.3-54-g00ecf