fixes

author: netblue30 <netblue30@yahoo.com> 2016-06-12 11:58:59 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-06-12 11:58:59 -0400
commit: a137cfb715fab07a2e21cf2a0770d1afcd2e2119 (patch)
tree: eca38e162a3b898aa4603164e2f3e227a3058b8a
parent: support to disable enforcing firejail.config (diff)
download: firejail-a137cfb715fab07a2e21cf2a0770d1afcd2e2119.tar.gz
firejail-a137cfb715fab07a2e21cf2a0770d1afcd2e2119.tar.zst
firejail-a137cfb715fab07a2e21cf2a0770d1afcd2e2119.zip
3 files changed, 45 insertions, 8 deletions
diff --git a/README b/README
index 05c9408ec..0f825fd8e 100644
--- a/README
+++ b/README
@@ -25,6 +25,8 @@ Reiner Herrmann (https://github.com/reinerh)
        - clang-analyzer fixes
        - Debian reproducible build
        - unit testing framework
+geg2048 (https://github.com/geg2048)
+        - kwallet profile fixes
 Simon Peter (https://github.com/probonopd)
        - set $APPIMAGE and $APPDIR environment variables
 maces (https://github.com/maces)
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index acc03e412..7811fd2a2 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -725,8 +725,6 @@ void fs_basic_fs(void) {
        // firejail sandboxes (firejail --force)
        if (getuid() != 0)
                disable_firejail_config();
-        else
-                fprintf(stderr, "Warning: masking /etc/firejail disabled when starting the sandbox as root\n");
                
        if (getuid() == 0)
                fs_rdwr();
@@ -964,8 +962,6 @@ void fs_overlayfs(void) {
        // firejail sandboxes (firejail --force)
        if (getuid() != 0)
                disable_firejail_config();
-        else
-                fprintf(stderr, "Warning: masking /etc/firejail disabled when starting the sandbox as root\n");
        // cleanup and exit
        free(option);
@@ -1101,8 +1097,6 @@ void fs_chroot(const char *rootdir) {
        // firejail sandboxes (firejail --force)
        if (getuid() != 0)
                disable_firejail_config();
-        else
-                fprintf(stderr, "Warning: masking /etc/firejail disabled when starting the sandbox as root\n");
 }
 #endif
diff --git a/test/dist-compile/compile.sh b/test/dist-compile/compile.sh
index 64c99133a..2d055c1bd 100755
--- a/test/dist-compile/compile.sh
+++ b/test/dist-compile/compile.sh
@@ -9,7 +9,8 @@ arr[6]="TEST 6: compile network disabled"
 arr[7]="TEST 7: compile X11 disabled"
 arr[8]="TEST 8: compile network restricted"
 arr[9]="TEST 9: compile file transfer disabled"
+arr[10]="TEST 10: compile disable whitelist"
+arr[11]="TEST 11: compile disable global config"
 # remove previous reports and output file
 cleanup() {
@@ -213,7 +214,7 @@ print_title "${arr[9]}"
 # seccomp
 cd firejail
 make distclean
-./configure --prefix=/usr --enable-network=restricted  --enable-fatal-warnings 2>&1 | tee ../output-configure
+./configure --prefix=/usr --disable-file-transfer  --enable-fatal-warnings 2>&1 | tee ../output-configure
 make -j4 2>&1 | tee ../output-make
 cd ..
 grep Warning output-configure output-make > ./report-test9
@@ -222,6 +223,44 @@ cp output-configure oc9
 cp output-make om9
 rm output-configure output-make
+#*****************************************************************
+# TEST 10
+#*****************************************************************
+# - disable whitelist
+# - check compilation
+#*****************************************************************
+print_title "${arr[10]}"
+# seccomp
+cd firejail
+make distclean
+./configure --prefix=/usr --disable-whitelist  --enable-fatal-warnings 2>&1 | tee ../output-configure
+make -j4 2>&1 | tee ../output-make
+cd ..
+grep Warning output-configure output-make > ./report-test10
+grep Error output-configure output-make >> ./report-test10
+cp output-configure oc10
+cp output-make om10
+rm output-configure output-make
+#*****************************************************************
+# TEST 11
+#*****************************************************************
+# - disable global config
+# - check compilation
+#*****************************************************************
+print_title "${arr[11]}"
+# seccomp
+cd firejail
+make distclean
+./configure --prefix=/usr --disable-globalcfg  --enable-fatal-warnings 2>&1 | tee ../output-configure
+make -j4 2>&1 | tee ../output-make
+cd ..
+grep Warning output-configure output-make > ./report-test11
+grep Error output-configure output-make >> ./report-test11
+cp output-configure oc11
+cp output-make om11
+rm output-configure output-make
 #*****************************************************************
 # PRINT REPORTS
@@ -246,3 +285,5 @@ echo ${arr[6]}
 echo ${arr[7]}
 echo ${arr[8]}
 echo ${arr[9]}
+echo ${arr[10]}
+echo ${arr[11]}
author	netblue30 <netblue30@yahoo.com>	2016-06-12 11:58:59 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-06-12 11:58:59 -0400
commit	a137cfb715fab07a2e21cf2a0770d1afcd2e2119 (patch)
tree	eca38e162a3b898aa4603164e2f3e227a3058b8a
parent	support to disable enforcing firejail.config (diff)
download	firejail-a137cfb715fab07a2e21cf2a0770d1afcd2e2119.tar.gz firejail-a137cfb715fab07a2e21cf2a0770d1afcd2e2119.tar.zst firejail-a137cfb715fab07a2e21cf2a0770d1afcd2e2119.zip

diff --git a/README b/README index 05c9408ec..0f825fd8e 100644 --- a/README +++ b/README
@@ -25,6 +25,8 @@ Reiner Herrmann (https://github.com/reinerh)
25	- clang-analyzer fixes	25	- clang-analyzer fixes
26	- Debian reproducible build	26	- Debian reproducible build
27	- unit testing framework	27	- unit testing framework
		28	geg2048 (https://github.com/geg2048)
		29	- kwallet profile fixes
28	Simon Peter (https://github.com/probonopd)	30	Simon Peter (https://github.com/probonopd)
29	- set $APPIMAGE and $APPDIR environment variables	31	- set $APPIMAGE and $APPDIR environment variables
30	maces (https://github.com/maces)	32	maces (https://github.com/maces)


diff --git a/src/firejail/fs.c b/src/firejail/fs.c index acc03e412..7811fd2a2 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c
@@ -725,8 +725,6 @@ void fs_basic_fs(void) {
725	// firejail sandboxes (firejail --force)	725	// firejail sandboxes (firejail --force)
726	if (getuid() != 0)	726	if (getuid() != 0)
727	disable_firejail_config();	727	disable_firejail_config();
728	else
729	fprintf(stderr, "Warning: masking /etc/firejail disabled when starting the sandbox as root\n");
730		728
731	if (getuid() == 0)	729	if (getuid() == 0)
732	fs_rdwr();	730	fs_rdwr();
@@ -964,8 +962,6 @@ void fs_overlayfs(void) {
964	// firejail sandboxes (firejail --force)	962	// firejail sandboxes (firejail --force)
965	if (getuid() != 0)	963	if (getuid() != 0)
966	disable_firejail_config();	964	disable_firejail_config();
967	else
968	fprintf(stderr, "Warning: masking /etc/firejail disabled when starting the sandbox as root\n");
969		965
970	// cleanup and exit	966	// cleanup and exit
971	free(option);	967	free(option);
@@ -1101,8 +1097,6 @@ void fs_chroot(const char *rootdir) {
1101	// firejail sandboxes (firejail --force)	1097	// firejail sandboxes (firejail --force)
1102	if (getuid() != 0)	1098	if (getuid() != 0)
1103	disable_firejail_config();	1099	disable_firejail_config();
1104	else
1105	fprintf(stderr, "Warning: masking /etc/firejail disabled when starting the sandbox as root\n");
1106	}	1100	}
1107	#endif	1101	#endif
1108		1102


diff --git a/test/dist-compile/compile.sh b/test/dist-compile/compile.sh index 64c99133a..2d055c1bd 100755 --- a/test/dist-compile/compile.sh +++ b/test/dist-compile/compile.sh
@@ -9,7 +9,8 @@ arr[6]="TEST 6: compile network disabled"
9	arr[7]="TEST 7: compile X11 disabled"	9	arr[7]="TEST 7: compile X11 disabled"
10	arr[8]="TEST 8: compile network restricted"	10	arr[8]="TEST 8: compile network restricted"
11	arr[9]="TEST 9: compile file transfer disabled"	11	arr[9]="TEST 9: compile file transfer disabled"
12		12	arr[10]="TEST 10: compile disable whitelist"
		13	arr[11]="TEST 11: compile disable global config"
13		14
14	# remove previous reports and output file	15	# remove previous reports and output file
15	cleanup() {	16	cleanup() {
@@ -213,7 +214,7 @@ print_title "${arr[9]}"
213	# seccomp	214	# seccomp
214	cd firejail	215	cd firejail
215	make distclean	216	make distclean
216	./configure --prefix=/usr --enable-network=restricted --enable-fatal-warnings 2>&1 \| tee ../output-configure	217	./configure --prefix=/usr --disable-file-transfer --enable-fatal-warnings 2>&1 \| tee ../output-configure
217	make -j4 2>&1 \| tee ../output-make	218	make -j4 2>&1 \| tee ../output-make
218	cd ..	219	cd ..
219	grep Warning output-configure output-make > ./report-test9	220	grep Warning output-configure output-make > ./report-test9
@@ -222,6 +223,44 @@ cp output-configure oc9
222	cp output-make om9	223	cp output-make om9
223	rm output-configure output-make	224	rm output-configure output-make
224		225
		226	#*****************************************************************
		227	# TEST 10
		228	#*****************************************************************
		229	# - disable whitelist
		230	# - check compilation
		231	#*****************************************************************
		232	print_title "${arr[10]}"
		233	# seccomp
		234	cd firejail
		235	make distclean
		236	./configure --prefix=/usr --disable-whitelist --enable-fatal-warnings 2>&1 \| tee ../output-configure
		237	make -j4 2>&1 \| tee ../output-make
		238	cd ..
		239	grep Warning output-configure output-make > ./report-test10
		240	grep Error output-configure output-make >> ./report-test10
		241	cp output-configure oc10
		242	cp output-make om10
		243	rm output-configure output-make
		244
		245	#*****************************************************************
		246	# TEST 11
		247	#*****************************************************************
		248	# - disable global config
		249	# - check compilation
		250	#*****************************************************************
		251	print_title "${arr[11]}"
		252	# seccomp
		253	cd firejail
		254	make distclean
		255	./configure --prefix=/usr --disable-globalcfg --enable-fatal-warnings 2>&1 \| tee ../output-configure
		256	make -j4 2>&1 \| tee ../output-make
		257	cd ..
		258	grep Warning output-configure output-make > ./report-test11
		259	grep Error output-configure output-make >> ./report-test11
		260	cp output-configure oc11
		261	cp output-make om11
		262	rm output-configure output-make
		263
225		264
226	#*****************************************************************	265	#*****************************************************************
227	# PRINT REPORTS	266	# PRINT REPORTS
@@ -246,3 +285,5 @@ echo ${arr[6]}
246	echo ${arr[7]}	285	echo ${arr[7]}
247	echo ${arr[8]}	286	echo ${arr[8]}
248	echo ${arr[9]}	287	echo ${arr[9]}
		288	echo ${arr[10]}
		289	echo ${arr[11]}