From 0f1a12da2881727a2e1c214e0d48aa10b546f5fc Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Sun, 22 Nov 2015 13:37:36 -0500
Subject: disable firejail configuration by default

---
 src/firejail/fs.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'src')

diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index c6dfdec30..a0a7d9342 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -552,6 +552,19 @@ void fs_proc_sys_dev_boot(void) {
 	}
 }
 
+// disable firejail configuration in /etc/firejail and in ~/.config/firejail
+static void disable_firejail_config(void) {
+	struct stat s;
+	if (stat("/etc/firejail", &s) == 0)
+		disable_file(BLACKLIST_FILE, "/etc/firejail");
+	
+	char *fname;
+	if (asprintf(&fname, "%s/.config/firejail", cfg.homedir) == -1)
+		errExit("asprintf");
+	disable_file(BLACKLIST_FILE, fname);
+	free(fname);
+}
+
 
 // build a basic read-only filesystem
 void fs_basic_fs(void) {
@@ -577,6 +590,8 @@ void fs_basic_fs(void) {
 
 	// don't leak user information
 	restrict_users();
+	
+	disable_firejail_config();
 }
 
 
@@ -723,6 +738,8 @@ void fs_overlayfs(void) {
 	// don't leak user information
 	restrict_users();
 
+	disable_firejail_config();
+
 	// cleanup and exit
 	free(option);
 	free(oroot);
@@ -846,6 +863,8 @@ void fs_chroot(const char *rootdir) {
 
 	// don't leak user information
 	restrict_users();
+
+	disable_firejail_config();
 }
 #endif
 
-- 
cgit v1.2.3-70-g09d2