diff options
| author | Alexander Larsson <alexl@redhat.com> | 2018-11-12 11:15:08 +0100 |
|---|---|---|
| committer | Alexander Larsson <alexander.larsson@gmail.com> | 2018-11-12 15:38:05 +0100 |
| commit | 613fcfee5cbe9f40e3cbe35d3f8057b88d0a35fc (patch) | |
| tree | 9fbce6010397fcc8797035cc6ca425d846bf771d | |
| parent | 2645aa80f19a44a57c25f4584b944bd476f48434 (diff) | |
| download | flatpak-613fcfee5cbe9f40e3cbe35d3f8057b88d0a35fc.tar.gz | |
Don't allow writes to runtime files in /etc
We mistakenly bind-mounted the runtime /usr/etc files read-write in
/etc, which means that application could modify some parts of the
runtimes (at least when using a per-user installed runtime). Fix
this by using a --ro-bind.
(cherry picked from commit 08e47e954443520962e0e0f8b9a5aac0017ae5c8)
| -rw-r--r-- | common/flatpak-run.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/common/flatpak-run.c b/common/flatpak-run.c index 90b435fe..04b7c800 100644 --- a/common/flatpak-run.c +++ b/common/flatpak-run.c @@ -2464,7 +2464,7 @@ flatpak_run_setup_base_argv (FlatpakBwrap *bwrap, } else { - flatpak_bwrap_add_args (bwrap, "--bind", src, dest, NULL); + flatpak_bwrap_add_args (bwrap, "--ro-bind", src, dest, NULL); } } } |