diff options
author | netblue30 <netblue30@yahoo.com> | 2016-06-12 11:58:59 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-06-12 11:58:59 -0400 |
commit | a137cfb715fab07a2e21cf2a0770d1afcd2e2119 (patch) | |
tree | eca38e162a3b898aa4603164e2f3e227a3058b8a | |
parent | support to disable enforcing firejail.config (diff) | |
download | firejail-a137cfb715fab07a2e21cf2a0770d1afcd2e2119.tar.gz firejail-a137cfb715fab07a2e21cf2a0770d1afcd2e2119.tar.zst firejail-a137cfb715fab07a2e21cf2a0770d1afcd2e2119.zip |
fixes
-rw-r--r-- | README | 2 | ||||
-rw-r--r-- | src/firejail/fs.c | 6 | ||||
-rwxr-xr-x | test/dist-compile/compile.sh | 45 |
3 files changed, 45 insertions, 8 deletions
@@ -25,6 +25,8 @@ Reiner Herrmann (https://github.com/reinerh) | |||
25 | - clang-analyzer fixes | 25 | - clang-analyzer fixes |
26 | - Debian reproducible build | 26 | - Debian reproducible build |
27 | - unit testing framework | 27 | - unit testing framework |
28 | geg2048 (https://github.com/geg2048) | ||
29 | - kwallet profile fixes | ||
28 | Simon Peter (https://github.com/probonopd) | 30 | Simon Peter (https://github.com/probonopd) |
29 | - set $APPIMAGE and $APPDIR environment variables | 31 | - set $APPIMAGE and $APPDIR environment variables |
30 | maces (https://github.com/maces) | 32 | maces (https://github.com/maces) |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index acc03e412..7811fd2a2 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -725,8 +725,6 @@ void fs_basic_fs(void) { | |||
725 | // firejail sandboxes (firejail --force) | 725 | // firejail sandboxes (firejail --force) |
726 | if (getuid() != 0) | 726 | if (getuid() != 0) |
727 | disable_firejail_config(); | 727 | disable_firejail_config(); |
728 | else | ||
729 | fprintf(stderr, "Warning: masking /etc/firejail disabled when starting the sandbox as root\n"); | ||
730 | 728 | ||
731 | if (getuid() == 0) | 729 | if (getuid() == 0) |
732 | fs_rdwr(); | 730 | fs_rdwr(); |
@@ -964,8 +962,6 @@ void fs_overlayfs(void) { | |||
964 | // firejail sandboxes (firejail --force) | 962 | // firejail sandboxes (firejail --force) |
965 | if (getuid() != 0) | 963 | if (getuid() != 0) |
966 | disable_firejail_config(); | 964 | disable_firejail_config(); |
967 | else | ||
968 | fprintf(stderr, "Warning: masking /etc/firejail disabled when starting the sandbox as root\n"); | ||
969 | 965 | ||
970 | // cleanup and exit | 966 | // cleanup and exit |
971 | free(option); | 967 | free(option); |
@@ -1101,8 +1097,6 @@ void fs_chroot(const char *rootdir) { | |||
1101 | // firejail sandboxes (firejail --force) | 1097 | // firejail sandboxes (firejail --force) |
1102 | if (getuid() != 0) | 1098 | if (getuid() != 0) |
1103 | disable_firejail_config(); | 1099 | disable_firejail_config(); |
1104 | else | ||
1105 | fprintf(stderr, "Warning: masking /etc/firejail disabled when starting the sandbox as root\n"); | ||
1106 | } | 1100 | } |
1107 | #endif | 1101 | #endif |
1108 | 1102 | ||
diff --git a/test/dist-compile/compile.sh b/test/dist-compile/compile.sh index 64c99133a..2d055c1bd 100755 --- a/test/dist-compile/compile.sh +++ b/test/dist-compile/compile.sh | |||
@@ -9,7 +9,8 @@ arr[6]="TEST 6: compile network disabled" | |||
9 | arr[7]="TEST 7: compile X11 disabled" | 9 | arr[7]="TEST 7: compile X11 disabled" |
10 | arr[8]="TEST 8: compile network restricted" | 10 | arr[8]="TEST 8: compile network restricted" |
11 | arr[9]="TEST 9: compile file transfer disabled" | 11 | arr[9]="TEST 9: compile file transfer disabled" |
12 | 12 | arr[10]="TEST 10: compile disable whitelist" | |
13 | arr[11]="TEST 11: compile disable global config" | ||
13 | 14 | ||
14 | # remove previous reports and output file | 15 | # remove previous reports and output file |
15 | cleanup() { | 16 | cleanup() { |
@@ -213,7 +214,7 @@ print_title "${arr[9]}" | |||
213 | # seccomp | 214 | # seccomp |
214 | cd firejail | 215 | cd firejail |
215 | make distclean | 216 | make distclean |
216 | ./configure --prefix=/usr --enable-network=restricted --enable-fatal-warnings 2>&1 | tee ../output-configure | 217 | ./configure --prefix=/usr --disable-file-transfer --enable-fatal-warnings 2>&1 | tee ../output-configure |
217 | make -j4 2>&1 | tee ../output-make | 218 | make -j4 2>&1 | tee ../output-make |
218 | cd .. | 219 | cd .. |
219 | grep Warning output-configure output-make > ./report-test9 | 220 | grep Warning output-configure output-make > ./report-test9 |
@@ -222,6 +223,44 @@ cp output-configure oc9 | |||
222 | cp output-make om9 | 223 | cp output-make om9 |
223 | rm output-configure output-make | 224 | rm output-configure output-make |
224 | 225 | ||
226 | #***************************************************************** | ||
227 | # TEST 10 | ||
228 | #***************************************************************** | ||
229 | # - disable whitelist | ||
230 | # - check compilation | ||
231 | #***************************************************************** | ||
232 | print_title "${arr[10]}" | ||
233 | # seccomp | ||
234 | cd firejail | ||
235 | make distclean | ||
236 | ./configure --prefix=/usr --disable-whitelist --enable-fatal-warnings 2>&1 | tee ../output-configure | ||
237 | make -j4 2>&1 | tee ../output-make | ||
238 | cd .. | ||
239 | grep Warning output-configure output-make > ./report-test10 | ||
240 | grep Error output-configure output-make >> ./report-test10 | ||
241 | cp output-configure oc10 | ||
242 | cp output-make om10 | ||
243 | rm output-configure output-make | ||
244 | |||
245 | #***************************************************************** | ||
246 | # TEST 11 | ||
247 | #***************************************************************** | ||
248 | # - disable global config | ||
249 | # - check compilation | ||
250 | #***************************************************************** | ||
251 | print_title "${arr[11]}" | ||
252 | # seccomp | ||
253 | cd firejail | ||
254 | make distclean | ||
255 | ./configure --prefix=/usr --disable-globalcfg --enable-fatal-warnings 2>&1 | tee ../output-configure | ||
256 | make -j4 2>&1 | tee ../output-make | ||
257 | cd .. | ||
258 | grep Warning output-configure output-make > ./report-test11 | ||
259 | grep Error output-configure output-make >> ./report-test11 | ||
260 | cp output-configure oc11 | ||
261 | cp output-make om11 | ||
262 | rm output-configure output-make | ||
263 | |||
225 | 264 | ||
226 | #***************************************************************** | 265 | #***************************************************************** |
227 | # PRINT REPORTS | 266 | # PRINT REPORTS |
@@ -246,3 +285,5 @@ echo ${arr[6]} | |||
246 | echo ${arr[7]} | 285 | echo ${arr[7]} |
247 | echo ${arr[8]} | 286 | echo ${arr[8]} |
248 | echo ${arr[9]} | 287 | echo ${arr[9]} |
288 | echo ${arr[10]} | ||
289 | echo ${arr[11]} | ||