diff options
author | netblue30 <netblue30@yahoo.com> | 2018-10-17 09:20:32 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-10-17 09:20:32 -0400 |
commit | 7ef3560b009343313a4dee1444e21b98073956ce (patch) | |
tree | ac504f794497a15327925de52e91f11e83644262 | |
parent | Merge pull request #2199 from crass/fix-2142-firefox-sandbox-appimage (diff) | |
download | firejail-7ef3560b009343313a4dee1444e21b98073956ce.tar.gz firejail-7ef3560b009343313a4dee1444e21b98073956ce.tar.zst firejail-7ef3560b009343313a4dee1444e21b98073956ce.zip |
fix #2197
-rw-r--r-- | README | 1 | ||||
-rw-r--r-- | src/firejail/firejail.h | 4 | ||||
-rw-r--r-- | src/firejail/main.c | 6 |
3 files changed, 6 insertions, 5 deletions
@@ -35,6 +35,7 @@ Maintainer: | |||
35 | Committers | 35 | Committers |
36 | - chiraag-nataraj (https://github.com/chiraag-nataraj) | 36 | - chiraag-nataraj (https://github.com/chiraag-nataraj) |
37 | - crass (https://github.com/crass) | 37 | - crass (https://github.com/crass) |
38 | - glitsj16 (https://github.com/glitsj16) | ||
38 | - Fred-Barclay (https://github.com/Fred-Barclay) | 39 | - Fred-Barclay (https://github.com/Fred-Barclay) |
39 | - Reiner Herrmann (https://github.com/reinerh - Debian/Ubuntu maintainer) | 40 | - Reiner Herrmann (https://github.com/reinerh - Debian/Ubuntu maintainer) |
40 | - smithsohu (https://github.com/smitsohu) | 41 | - smithsohu (https://github.com/smitsohu) |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 8145c1bb5..19b8480f8 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -801,8 +801,8 @@ void build_appimage_cmdline(char **command_line, char **window_title, int argc, | |||
801 | #define PATH_FIREMON (PREFIX "/bin/firemon") | 801 | #define PATH_FIREMON (PREFIX "/bin/firemon") |
802 | #define PATH_FIREJAIL (PREFIX "/bin/firejail") | 802 | #define PATH_FIREJAIL (PREFIX "/bin/firejail") |
803 | 803 | ||
804 | //#define PATH_FSECCOMP (LIBDIR "/firejail/fseccomp") | 804 | #define PATH_FSECCOMP_MAIN (LIBDIR "/firejail/fseccomp") // when called from main thread |
805 | #define PATH_FSECCOMP ( RUN_FIREJAIL_LIB_DIR "/fseccomp") | 805 | #define PATH_FSECCOMP ( RUN_FIREJAIL_LIB_DIR "/fseccomp") // when called from sandbox thread |
806 | 806 | ||
807 | // FSEC_PRINT is run outside of sandbox by --seccomp.print | 807 | // FSEC_PRINT is run outside of sandbox by --seccomp.print |
808 | // it is also run from inside the sandbox by --debug; in this case we do an access(filename, X_OK) test first | 808 | // it is also run from inside the sandbox by --debug; in this case we do an access(filename, X_OK) test first |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 680ce5800..29e3df7c6 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -456,7 +456,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
456 | #ifdef HAVE_SECCOMP | 456 | #ifdef HAVE_SECCOMP |
457 | else if (strcmp(argv[i], "--debug-syscalls") == 0) { | 457 | else if (strcmp(argv[i], "--debug-syscalls") == 0) { |
458 | if (checkcfg(CFG_SECCOMP)) { | 458 | if (checkcfg(CFG_SECCOMP)) { |
459 | int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP, "debug-syscalls"); | 459 | int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP_MAIN, "debug-syscalls"); |
460 | exit(rv); | 460 | exit(rv); |
461 | } | 461 | } |
462 | else | 462 | else |
@@ -464,7 +464,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
464 | } | 464 | } |
465 | else if (strcmp(argv[i], "--debug-errnos") == 0) { | 465 | else if (strcmp(argv[i], "--debug-errnos") == 0) { |
466 | if (checkcfg(CFG_SECCOMP)) { | 466 | if (checkcfg(CFG_SECCOMP)) { |
467 | int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP, "debug-errnos"); | 467 | int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP_MAIN, "debug-errnos"); |
468 | exit(rv); | 468 | exit(rv); |
469 | } | 469 | } |
470 | else | 470 | else |
@@ -482,7 +482,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
482 | exit(0); | 482 | exit(0); |
483 | } | 483 | } |
484 | else if (strcmp(argv[i], "--debug-protocols") == 0) { | 484 | else if (strcmp(argv[i], "--debug-protocols") == 0) { |
485 | int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP, "debug-protocols"); | 485 | int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP_MAIN, "debug-protocols"); |
486 | exit(rv); | 486 | exit(rv); |
487 | } | 487 | } |
488 | else if (strncmp(argv[i], "--protocol.print=", 17) == 0) { | 488 | else if (strncmp(argv[i], "--protocol.print=", 17) == 0) { |