grsecurity fixes

author: netblue30 <netblue30@yahoo.com> 2016-04-06 15:20:33 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-04-06 15:20:33 -0400
commit: d090549e0e24dcc92ff411d4b51ac0df578b9ce4 (patch)
tree: aa60b725fbbaca12537df20f9775ec15f631b631
parent: grsecurity: --bandwidth (diff)
download: firejail-d090549e0e24dcc92ff411d4b51ac0df578b9ce4.tar.gz
firejail-d090549e0e24dcc92ff411d4b51ac0df578b9ce4.tar.zst
firejail-d090549e0e24dcc92ff411d4b51ac0df578b9ce4.zip
2 files changed, 64 insertions, 0 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 0b47fd6db..166ca1b89 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -783,7 +783,9 @@ int main(int argc, char **argv) {
        int parent_sshd = 0;
        {
                pid_t ppid = getppid();
+                EUID_ROOT();
                char *comm = pid_proc_comm(ppid);
+                EUID_USER();
                if (comm) {
                        if (strcmp(comm, "sshd") == 0)
                                parent_sshd = 1;
diff --git a/test/bandwidth.exp b/test/bandwidth.exp
new file mode 100755
index 000000000..33b351296
--- /dev/null
+++ b/test/bandwidth.exp
@@ -0,0 +1,62 @@
+#!/usr/bin/expect -f
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --name=test --net=br0\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 2
+spawn $env(SHELL)
+send -- "firejail --bandwidth=test status\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "qdisc noqueue 0: dev eth0"
+}
+sleep 1
+send -- "firejail --bandwidth=test set br0 50 10\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Configuring interface eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "configuring tc ingress"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "configuring tc egress"
+}
+send -- "firejail --bandwidth=test status\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "dev eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "rate 80Kbit burst 10Kb"
+}
+sleep 1
+send -- "firejail --bandwidth=test clear br0\r"
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "Removing bandwith limits"
+}
+sleep 1
+send -- "firejail --bandwidth=test status; pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "rate 80Kbit burst 10Kb" {puts "TESTING ERROR 9\n";exit}
+        "home" {puts "ok\n"}
+}
+sleep 1
+puts "\nall done\n"
author	netblue30 <netblue30@yahoo.com>	2016-04-06 15:20:33 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-04-06 15:20:33 -0400
commit	d090549e0e24dcc92ff411d4b51ac0df578b9ce4 (patch)
tree	aa60b725fbbaca12537df20f9775ec15f631b631
parent	grsecurity: --bandwidth (diff)
download	firejail-d090549e0e24dcc92ff411d4b51ac0df578b9ce4.tar.gz firejail-d090549e0e24dcc92ff411d4b51ac0df578b9ce4.tar.zst firejail-d090549e0e24dcc92ff411d4b51ac0df578b9ce4.zip

diff --git a/src/firejail/main.c b/src/firejail/main.c index 0b47fd6db..166ca1b89 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -783,7 +783,9 @@ int main(int argc, char **argv) {
783	int parent_sshd = 0;	783	int parent_sshd = 0;
784	{	784	{
785	pid_t ppid = getppid();	785	pid_t ppid = getppid();
		786	EUID_ROOT();
786	char *comm = pid_proc_comm(ppid);	787	char *comm = pid_proc_comm(ppid);
		788	EUID_USER();
787	if (comm) {	789	if (comm) {
788	if (strcmp(comm, "sshd") == 0)	790	if (strcmp(comm, "sshd") == 0)
789	parent_sshd = 1;	791	parent_sshd = 1;


diff --git a/test/bandwidth.exp b/test/bandwidth.exp new file mode 100755 index 000000000..33b351296 --- /dev/null +++ b/test/bandwidth.exp
@@ -0,0 +1,62 @@
		1	#!/usr/bin/expect -f
		2
		3	set timeout 10
		4	spawn $env(SHELL)
		5	match_max 100000
		6
		7	send -- "firejail --name=test --net=br0\r"
		8	expect {
		9	timeout {puts "TESTING ERROR 0\n";exit}
		10	"Child process initialized"
		11	}
		12	sleep 2
		13
		14	spawn $env(SHELL)
		15	send -- "firejail --bandwidth=test status\r"
		16	expect {
		17	timeout {puts "TESTING ERROR 1\n";exit}
		18	"qdisc noqueue 0: dev eth0"
		19	}
		20	sleep 1
		21
		22	send -- "firejail --bandwidth=test set br0 50 10\r"
		23	expect {
		24	timeout {puts "TESTING ERROR 2\n";exit}
		25	"Configuring interface eth0"
		26	}
		27	expect {
		28	timeout {puts "TESTING ERROR 3\n";exit}
		29	"configuring tc ingress"
		30	}
		31	expect {
		32	timeout {puts "TESTING ERROR 4\n";exit}
		33	"configuring tc egress"
		34	}
		35
		36	send -- "firejail --bandwidth=test status\r"
		37	expect {
		38	timeout {puts "TESTING ERROR 5\n";exit}
		39	"dev eth0"
		40	}
		41	expect {
		42	timeout {puts "TESTING ERROR 6\n";exit}
		43	"rate 80Kbit burst 10Kb"
		44	}
		45	sleep 1
		46
		47	send -- "firejail --bandwidth=test clear br0\r"
		48	expect {
		49	timeout {puts "TESTING ERROR 7\n";exit}
		50	"Removing bandwith limits"
		51	}
		52	sleep 1
		53
		54	send -- "firejail --bandwidth=test status; pwd\r"
		55	expect {
		56	timeout {puts "TESTING ERROR 8\n";exit}
		57	"rate 80Kbit burst 10Kb" {puts "TESTING ERROR 9\n";exit}
		58	"home" {puts "ok\n"}
		59	}
		60	sleep 1
		61
		62	puts "\nall done\n"