grsecurity: --protocol.print

3 files changed, 28 insertions, 2 deletions

diff --git a/src/firejail/protocol.c b/src/firejail/protocol.c
index 70b8496ec..7e5ab7dfb 100644
--- a/src/firejail/protocol.c
+++ b/src/firejail/protocol.c
@@ -339,7 +339,9 @@ void protocol_print_filter(pid_t pid) {
         (void) pid;
 #ifdef SYS_socket
         // if the pid is that of a firejail  process, use the pid of the first child process
+        EUID_ROOT();
         char *comm = pid_proc_comm(pid);
+        EUID_USER();
         if (comm) {
                 if (strcmp(comm, "firejail") == 0) {
                         pid_t child;
diff --git a/test/protocol-print.exp b/test/protocol-print.exp
new file mode 100755
index 000000000..4d1ae34d6
--- /dev/null
+++ b/test/protocol-print.exp
@@ -0,0 +1,21 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --name=test\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+spawn $env(SHELL)
+send -- "firejail --protocol.print=test\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "unix,inet,inet6"
+}
+sleep 1
+puts "\nall done\n"
diff --git a/test/test.sh b/test/test.sh
index 34a079d07..c8720044a 100755
--- a/test/test.sh
+++ b/test/test.sh
@@ -6,12 +6,15 @@
 
 ./fscheck.sh
 
-echo "TESTING: caps.print (caps-print.exp)
+echo "TESTING: caps.print (caps-print.exp)"
 ./caps-print.exp
 
-echo "TESTING: seccomp.print (seccomp-print.exp)
+echo "TESTING: seccomp.print (seccomp-print.exp)"
 ./seccomp-print.exp
 
+echo "TESTING: protocol.print (protocol-print.exp)"
+./protocol-print.exp
+
 echo "TESTING: sound (sound.exp)"
 ./sound.exp