From 0c5aa59b932c22798980899e1cd4df72badc8bbd Mon Sep 17 00:00:00 2001 From: netblue30 Date: Fri, 9 Dec 2016 09:21:30 -0500 Subject: disable gnupg and systemd directories under /run/user --- src/firejail/fs.c | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) (limited to 'src') diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 905d2903d..84dc9046c 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c @@ -538,31 +538,32 @@ void fs_proc_sys_dev_boot(void) { struct stat s; - // breaks too many applications, option needed - /* // disable /run/user/{uid}/bus */ - /* char *fnamebus; */ - /* if (asprintf(&fnamebus, "/run/user/%d/bus", getuid()) == -1) */ - /* errExit("asprintf"); */ - /* if (stat(fnamebus, &s) == 0) */ - /* disable_file(BLACKLIST_FILE, fnamebus); */ - /* free(fnamebus); */ - // disable /run/user/{uid}/gnupg char *fnamegpg; if (asprintf(&fnamegpg, "/run/user/%d/gnupg", getuid()) == -1) - errExit("asprintf"); + errExit("asprintf"); if (stat(fnamegpg, &s) == 0) - disable_file(BLACKLIST_FILE, fnamegpg); + disable_file(BLACKLIST_FILE, fnamegpg); free(fnamegpg); // disable /run/user/{uid}/systemd char *fnamesysd; if (asprintf(&fnamesysd, "/run/user/%d/systemd", getuid()) == -1) - errExit("asprintf"); + errExit("asprintf"); if (stat(fnamesysd, &s) == 0) - disable_file(BLACKLIST_FILE, fnamesysd); + disable_file(BLACKLIST_FILE, fnamesysd); free(fnamesysd); +// todo: investigate +#if 0 + // breaks too many applications, option needed + /* // disable /run/user/{uid}/bus */ + /* char *fnamebus; */ + /* if (asprintf(&fnamebus, "/run/user/%d/bus", getuid()) == -1) */ + /* errExit("asprintf"); */ + /* if (stat(fnamebus, &s) == 0) */ + /* disable_file(BLACKLIST_FILE, fnamebus); */ + /* free(fnamebus); */ // WARNING: not working // disable /run/user/{uid}/kdeinit* @@ -593,7 +594,7 @@ void fs_proc_sys_dev_boot(void) { //more files with sockets to be blacklisted // /run/dbus /run/systemd /run/udev /run/lvm - +#endif if (getuid() != 0) { -- cgit v1.2.3-54-g00ecf