From 66d58b0d1588785d47adf97e4a02044b6253a070 Mon Sep 17 00:00:00 2001 From: startx2017 Date: Tue, 6 Nov 2018 10:15:00 -0500 Subject: mainline merge: mount appimage nodev,nosuid --- src/firejail/appimage.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c index e8db91958..7adf31eb6 100644 --- a/src/firejail/appimage.c +++ b/src/firejail/appimage.c @@ -106,16 +106,19 @@ void appimage_set(const char *appimage) { char *mode; if (asprintf(&mode, "mode=700,uid=%d,gid=%d", getuid(), getgid()) == -1) errExit("asprintf"); - EUID_ROOT(); + unsigned long flags = MS_MGC_VAL|MS_RDONLY; + if (getuid()) + flags |= MS_NODEV|MS_NOSUID; + EUID_ROOT(); if (size == 0) { fmessage("Mounting appimage type 1\n"); - if (mount(devloop, mntdir, "iso9660",MS_MGC_VAL|MS_RDONLY, mode) < 0) + if (mount(devloop, mntdir, "iso9660", flags, mode) < 0) errExit("mounting appimage"); } else { fmessage("Mounting appimage type 2\n"); - if (mount(devloop, mntdir, "squashfs",MS_MGC_VAL|MS_RDONLY, mode) < 0) + if (mount(devloop, mntdir, "squashfs", flags, mode) < 0) errExit("mounting appimage"); } -- cgit v1.2.3-70-g09d2