From e6e70962f87a47ea7528b48f5064b5bfcb5a555d Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Tue, 5 Sep 2017 19:02:37 +0200
Subject: remount config/pulse with noexec

---
 src/firejail/pulseaudio.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/firejail/pulseaudio.c')

diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c
index 246ba8fd8..2f8cd5f7d 100644
--- a/src/firejail/pulseaudio.c
+++ b/src/firejail/pulseaudio.c
@@ -195,7 +195,8 @@ void pulseaudio_init(void) {
 	if (asprintf(&homeusercfg, "%s/.config/pulse", cfg.homedir) == -1)
 		errExit("asprintf");
 	if (stat(homeusercfg, &s) == 0) {
-		if (mount(RUN_PULSE_DIR, homeusercfg, "none", MS_BIND, NULL) < 0)
+		if (mount(RUN_PULSE_DIR, homeusercfg, "none", MS_BIND, NULL) < 0 ||
+		    mount(NULL, homeusercfg, NULL, MS_NOEXEC|MS_NODEV|MS_NOSUID|MS_BIND|MS_REMOUNT, NULL) < 0)
 			errExit("mount pulseaudio");
 		fs_logger2("tmpfs", homeusercfg);
 	}
-- 
cgit v1.2.3-54-g00ecf