diff options
author | netblue30 <netblue30@yahoo.com> | 2016-08-17 12:51:18 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-08-17 12:51:18 -0400 |
commit | 20e643e967f67e08889f05a197d378faa3665343 (patch) | |
tree | 12e1b323eb77f767f1bf1981931b82679ed377a4 | |
parent | firemon fixes for x11 sandboxes (diff) | |
download | firejail-20e643e967f67e08889f05a197d378faa3665343.tar.gz firejail-20e643e967f67e08889f05a197d378faa3665343.tar.zst firejail-20e643e967f67e08889f05a197d378faa3665343.zip |
firemon fixes
-rw-r--r-- | README.md | 12 | ||||
-rw-r--r-- | src/include/common.h | 1 | ||||
-rw-r--r-- | src/lib/common.c | 5 | ||||
-rw-r--r-- | src/lib/pid.c | 4 |
4 files changed, 5 insertions, 17 deletions
@@ -57,19 +57,7 @@ TESTING: file | |||
57 | TESTING: tar | 57 | TESTING: tar |
58 | netblue@debian:~/work/github/firejail/test/sysutils$ TESTING ERROR 3.1 | 58 | netblue@debian:~/work/github/firejail/test/sysutils$ TESTING ERROR 3.1 |
59 | [...] | 59 | [...] |
60 | cd test/apps-x11; ./apps-x11.sh | grep TESTING | ||
61 | TESTING: xterm x11 | ||
62 | netblue@debian:~/work/github/firejail/test/apps-x11$ TESTING ERROR 5.1 | ||
63 | TESTING: firefox x11 | ||
64 | netblue@debian:~/work/github/firejail/test/apps-x11$ TESTING ERROR 5.1 | ||
65 | TESTING: chromium x11 | ||
66 | TESTING: transmission-gtk x11 | ||
67 | netblue@debian:~/work/github/firejail/test/apps-x11$ TESTING ERROR 5.1 | ||
68 | TESTING: icedove x11 | ||
69 | netblue@debian:~/work/github/firejail/test/apps-x11$ TESTING ERROR 5.1 | ||
70 | [...] | ||
71 | ````` | 60 | ````` |
72 | "firemon --seccomp" and "firemon --caps" are misbehaving at the moment. | ||
73 | 61 | ||
74 | ## Deprecated --user | 62 | ## Deprecated --user |
75 | 63 | ||
diff --git a/src/include/common.h b/src/include/common.h index cd4b9c874..762a0262a 100644 --- a/src/include/common.h +++ b/src/include/common.h | |||
@@ -113,4 +113,5 @@ int join_namespace(pid_t pid, char *type); | |||
113 | int name2pid(const char *name, pid_t *pid); | 113 | int name2pid(const char *name, pid_t *pid); |
114 | char *pid_proc_comm(const pid_t pid); | 114 | char *pid_proc_comm(const pid_t pid); |
115 | char *pid_proc_cmdline(const pid_t pid); | 115 | char *pid_proc_cmdline(const pid_t pid); |
116 | int pid_proc_cmdline_x11(const pid_t pid); | ||
116 | #endif | 117 | #endif |
diff --git a/src/lib/common.c b/src/lib/common.c index 885f31881..fe5c62536 100644 --- a/src/lib/common.c +++ b/src/lib/common.c | |||
@@ -242,7 +242,7 @@ int pid_proc_cmdline_x11(const pid_t pid) { | |||
242 | if (i >= len) | 242 | if (i >= len) |
243 | break; | 243 | break; |
244 | char *arg = buffer + i; | 244 | char *arg = buffer + i; |
245 | 245 | ||
246 | // detect the last command line option | 246 | // detect the last command line option |
247 | if (strcmp(arg, "--") == 0) | 247 | if (strcmp(arg, "--") == 0) |
248 | break; | 248 | break; |
@@ -250,8 +250,9 @@ int pid_proc_cmdline_x11(const pid_t pid) { | |||
250 | break; | 250 | break; |
251 | 251 | ||
252 | // check x11 | 252 | // check x11 |
253 | if (strcmp(arg, "--x11") == 0 || strncmp(arg, "--x11=", 6) == 0) | 253 | if (strncmp(arg, "--x11", 5) == 0) |
254 | return 1; | 254 | return 1; |
255 | i += strlen(arg); | ||
255 | } | 256 | } |
256 | return 0; | 257 | return 0; |
257 | } | 258 | } |
diff --git a/src/lib/pid.c b/src/lib/pid.c index 4540247a0..bbb123b81 100644 --- a/src/lib/pid.c +++ b/src/lib/pid.c | |||
@@ -341,10 +341,8 @@ void pid_read(pid_t mon_pid) { | |||
341 | } | 341 | } |
342 | 342 | ||
343 | if ((strncmp(ptr, "firejail", 8) == 0) && (mon_pid == 0 || mon_pid == pid)) { | 343 | if ((strncmp(ptr, "firejail", 8) == 0) && (mon_pid == 0 || mon_pid == pid)) { |
344 | if (pid_proc_cmdline_x11(pid)) { | 344 | if (pid_proc_cmdline_x11(pid)) |
345 | printf("--x11 detected for pid %d\n", pid); | ||
346 | pids[pid].level = -1; | 345 | pids[pid].level = -1; |
347 | } | ||
348 | else | 346 | else |
349 | pids[pid].level = 1; | 347 | pids[pid].level = 1; |
350 | } | 348 | } |