diff options
author | netblue30 <netblue30@yahoo.com> | 2016-04-06 15:20:33 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-04-06 15:20:33 -0400 |
commit | d090549e0e24dcc92ff411d4b51ac0df578b9ce4 (patch) | |
tree | aa60b725fbbaca12537df20f9775ec15f631b631 | |
parent | grsecurity: --bandwidth (diff) | |
download | firejail-d090549e0e24dcc92ff411d4b51ac0df578b9ce4.tar.gz firejail-d090549e0e24dcc92ff411d4b51ac0df578b9ce4.tar.zst firejail-d090549e0e24dcc92ff411d4b51ac0df578b9ce4.zip |
grsecurity fixes
-rw-r--r-- | src/firejail/main.c | 2 | ||||
-rwxr-xr-x | test/bandwidth.exp | 62 |
2 files changed, 64 insertions, 0 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 0b47fd6db..166ca1b89 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -783,7 +783,9 @@ int main(int argc, char **argv) { | |||
783 | int parent_sshd = 0; | 783 | int parent_sshd = 0; |
784 | { | 784 | { |
785 | pid_t ppid = getppid(); | 785 | pid_t ppid = getppid(); |
786 | EUID_ROOT(); | ||
786 | char *comm = pid_proc_comm(ppid); | 787 | char *comm = pid_proc_comm(ppid); |
788 | EUID_USER(); | ||
787 | if (comm) { | 789 | if (comm) { |
788 | if (strcmp(comm, "sshd") == 0) | 790 | if (strcmp(comm, "sshd") == 0) |
789 | parent_sshd = 1; | 791 | parent_sshd = 1; |
diff --git a/test/bandwidth.exp b/test/bandwidth.exp new file mode 100755 index 000000000..33b351296 --- /dev/null +++ b/test/bandwidth.exp | |||
@@ -0,0 +1,62 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --name=test --net=br0\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 2 | ||
13 | |||
14 | spawn $env(SHELL) | ||
15 | send -- "firejail --bandwidth=test status\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
18 | "qdisc noqueue 0: dev eth0" | ||
19 | } | ||
20 | sleep 1 | ||
21 | |||
22 | send -- "firejail --bandwidth=test set br0 50 10\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 2\n";exit} | ||
25 | "Configuring interface eth0" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3\n";exit} | ||
29 | "configuring tc ingress" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 4\n";exit} | ||
33 | "configuring tc egress" | ||
34 | } | ||
35 | |||
36 | send -- "firejail --bandwidth=test status\r" | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 5\n";exit} | ||
39 | "dev eth0" | ||
40 | } | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 6\n";exit} | ||
43 | "rate 80Kbit burst 10Kb" | ||
44 | } | ||
45 | sleep 1 | ||
46 | |||
47 | send -- "firejail --bandwidth=test clear br0\r" | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 7\n";exit} | ||
50 | "Removing bandwith limits" | ||
51 | } | ||
52 | sleep 1 | ||
53 | |||
54 | send -- "firejail --bandwidth=test status; pwd\r" | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 8\n";exit} | ||
57 | "rate 80Kbit burst 10Kb" {puts "TESTING ERROR 9\n";exit} | ||
58 | "home" {puts "ok\n"} | ||
59 | } | ||
60 | sleep 1 | ||
61 | |||
62 | puts "\nall done\n" | ||