fixes for Debian wheezy

author: netblue30 <netblue30@yahoo.com> 2016-05-27 09:21:30 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-05-27 09:21:30 -0400
commit: 22a9d046d10614d8fa706ae09f9483fb1d42e6e7 (patch)
tree: 7d8633eea8ff3b75f58da69c7569c3e274a16891
parent: fixes (diff)
download: firejail-22a9d046d10614d8fa706ae09f9483fb1d42e6e7.tar.gz
firejail-22a9d046d10614d8fa706ae09f9483fb1d42e6e7.tar.zst
firejail-22a9d046d10614d8fa706ae09f9483fb1d42e6e7.zip
1 files changed, 8 insertions, 2 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 843c1efe5..7518477b7 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -34,6 +34,13 @@
 #define CLONE_NEWUSER   0x10000000
 #endif
+#include <sys/prctl.h>
+#ifndef PR_SET_NO_NEW_PRIVS
+# define PR_SET_NO_NEW_PRIVS 38
+#endif
 static int monitored_pid = 0;
 static void sandbox_handler(int sig){
        if (!arg_quiet) {
@@ -746,7 +753,7 @@ int sandbox(void* sandbox_arg) {
                        printf("noroot user namespace installed\n");
                set_caps();
        }
+        
        //****************************************
        // Set NO_NEW_PRIVS if desired
        //****************************************
@@ -759,7 +766,6 @@ int sandbox(void* sandbox_arg) {
                        printf("NO_NEW_PRIVS set\n");
        }
        //****************************************
        // fork the application and monitor it
        //****************************************
author	netblue30 <netblue30@yahoo.com>	2016-05-27 09:21:30 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-05-27 09:21:30 -0400
commit	22a9d046d10614d8fa706ae09f9483fb1d42e6e7 (patch)
tree	7d8633eea8ff3b75f58da69c7569c3e274a16891
parent	fixes (diff)
download	firejail-22a9d046d10614d8fa706ae09f9483fb1d42e6e7.tar.gz firejail-22a9d046d10614d8fa706ae09f9483fb1d42e6e7.tar.zst firejail-22a9d046d10614d8fa706ae09f9483fb1d42e6e7.zip