diff options
author | netblue30 <netblue30@yahoo.com> | 2016-04-04 11:36:15 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-04-04 11:36:15 -0400 |
commit | df2458e18912268ba421e5d65becec039c935af5 (patch) | |
tree | 604f3a56b81d6ed7e6184eac1c7aca6513730517 | |
parent | tentative grsecurity fix for Error getpwuid:init_cfg(179): Permission denied (diff) | |
download | firejail-df2458e18912268ba421e5d65becec039c935af5.tar.gz firejail-df2458e18912268ba421e5d65becec039c935af5.tar.zst firejail-df2458e18912268ba421e5d65becec039c935af5.zip |
grsecurity: fix Error fopen:network_get_defaultgw(479): Permission denied
-rw-r--r-- | src/firejail/main.c | 2 | ||||
-rw-r--r-- | src/firejail/network_main.c | 3 |
2 files changed, 4 insertions, 1 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 91e5e9229..0e0ec094c 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -174,7 +174,7 @@ static void init_cfg(int argc, char **argv) { | |||
174 | cfg.bridge3.devsandbox = "eth3"; | 174 | cfg.bridge3.devsandbox = "eth3"; |
175 | 175 | ||
176 | // extract user data | 176 | // extract user data |
177 | EUID_ROOT(); | 177 | EUID_ROOT(); // rise permissions for grsecurity |
178 | struct passwd *pw = getpwuid(getuid()); | 178 | struct passwd *pw = getpwuid(getuid()); |
179 | if (!pw) | 179 | if (!pw) |
180 | errExit("getpwuid"); | 180 | errExit("getpwuid"); |
diff --git a/src/firejail/network_main.c b/src/firejail/network_main.c index 3fb79b9f4..a8ebb3480 100644 --- a/src/firejail/network_main.c +++ b/src/firejail/network_main.c | |||
@@ -212,7 +212,10 @@ void net_check_cfg(void) { | |||
212 | // first network is a mac device | 212 | // first network is a mac device |
213 | else { | 213 | else { |
214 | // get the host default gw | 214 | // get the host default gw |
215 | EUID_ROOT(); // rise permissions for grsecurity | ||
216 | // Error fopen:network_get_defaultgw(479): Permission denied | ||
215 | uint32_t gw = network_get_defaultgw(); | 217 | uint32_t gw = network_get_defaultgw(); |
218 | EUID_USER(); | ||
216 | // check the gateway is network range | 219 | // check the gateway is network range |
217 | if (in_netrange(gw, cfg.bridge0.ip, cfg.bridge0.mask)) | 220 | if (in_netrange(gw, cfg.bridge0.ip, cfg.bridge0.mask)) |
218 | gw = 0; | 221 | gw = 0; |