disable /dev/kmsg and /proc/kmsg

2026-05-21 06:45:29 -06:00 · 2016-01-23 10:18:41 -05:00 · 2016-01-23 10:18:41 -05:00 · 9a6afbab3d
commit 9a6afbab3d
parent 7583e1dac9
2 changed files with 12 additions and 4 deletions
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@ -119,7 +119,3 @@ read-only ${HOME}/.xmonad
 # The user ~/bin directory can override commands such as ls
 read-only ${HOME}/bin

-# syslog
-blacklist /dev/kmsg
-blacklist /proc/kmsg
-
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@ -604,6 +604,18 @@ void fs_proc_sys_dev_boot(void) {
 	if (stat("/dev/port", &s) == 0) {
 		disable_file(BLACKLIST_FILE, "/dev/port");
 	}
+	
+	if (getuid() != 0) {
+		// disable /dev/kmsg
+		if (stat("/dev/kmsg", &s) == 0) {
+			disable_file(BLACKLIST_FILE, "/dev/kmsg");
+		}
+		
+		// disable /proc/kmsg
+		if (stat("/proc/kmsg", &s) == 0) {
+			disable_file(BLACKLIST_FILE, "/proc/kmsg");
+		}
+	}
 }

 // disable firejail configuration in /etc/firejail and in ~/.config/firejail