From 9a6afbab3d072c37dbfdd5366a4f78795d286414 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Sat, 23 Jan 2016 10:18:41 -0500
Subject: disable /dev/kmsg and /proc/kmsg

---
 src/firejail/fs.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'src')

diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 50e55f868..f4c448024 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -604,6 +604,18 @@ void fs_proc_sys_dev_boot(void) {
 	if (stat("/dev/port", &s) == 0) {
 		disable_file(BLACKLIST_FILE, "/dev/port");
 	}
+	
+	if (getuid() != 0) {
+		// disable /dev/kmsg
+		if (stat("/dev/kmsg", &s) == 0) {
+			disable_file(BLACKLIST_FILE, "/dev/kmsg");
+		}
+		
+		// disable /proc/kmsg
+		if (stat("/proc/kmsg", &s) == 0) {
+			disable_file(BLACKLIST_FILE, "/proc/kmsg");
+		}
+	}
 }
 
 // disable firejail configuration in /etc/firejail and in ~/.config/firejail
-- 
cgit v1.2.3-54-g00ecf