diff options
author | netblue30 <netblue30@yahoo.com> | 2016-07-05 07:24:10 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-07-05 07:24:10 -0400 |
commit | 3f8d6787b7ccff3ed7ff77a3b474856ae1be6a9b (patch) | |
tree | 15b9f2e7810b0812eaa9827a4ee668ee29b6551f /src/faudit/caps.c | |
parent | src/faudit/dbus.c (diff) | |
download | firejail-3f8d6787b7ccff3ed7ff77a3b474856ae1be6a9b.tar.gz firejail-3f8d6787b7ccff3ed7ff77a3b474856ae1be6a9b.tar.zst firejail-3f8d6787b7ccff3ed7ff77a3b474856ae1be6a9b.zip |
faudit: dbus
Diffstat (limited to 'src/faudit/caps.c')
-rw-r--r-- | src/faudit/caps.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/faudit/caps.c b/src/faudit/caps.c index db1d3266f..d4a62b34f 100644 --- a/src/faudit/caps.c +++ b/src/faudit/caps.c | |||
@@ -60,20 +60,20 @@ void caps_test(void) { | |||
60 | uint64_t caps_val; | 60 | uint64_t caps_val; |
61 | 61 | ||
62 | if (extract_caps(&caps_val)) { | 62 | if (extract_caps(&caps_val)) { |
63 | printf("SKIP: cannot extract capabilities on this platform\n"); | 63 | printf("SKIP: cannot extract capabilities on this platform.\n"); |
64 | return; | 64 | return; |
65 | } | 65 | } |
66 | 66 | ||
67 | if (caps_val) { | 67 | if (caps_val) { |
68 | printf("BAD: the capability map is %llx, it should be all zero\n", (unsigned long long) caps_val); | 68 | printf("BAD: the capability map is %llx, it should be all zero. ", (unsigned long long) caps_val); |
69 | printf("Use \"firejail --caps.drop=all\" to fix it.\n"); | 69 | printf("Use \"firejail --caps.drop=all\" to fix it.\n"); |
70 | 70 | ||
71 | if (check_capability(caps_val, CAP_SYS_ADMIN)) | 71 | if (check_capability(caps_val, CAP_SYS_ADMIN)) |
72 | printf("UGLY: CAP_SYS_ADMIN is enabled\n"); | 72 | printf("UGLY: CAP_SYS_ADMIN is enabled.\n"); |
73 | if (check_capability(caps_val, CAP_SYS_BOOT)) | 73 | if (check_capability(caps_val, CAP_SYS_BOOT)) |
74 | printf("UGLY: CAP_SYS_BOOT is enabled\n"); | 74 | printf("UGLY: CAP_SYS_BOOT is enabled.\n"); |
75 | } | 75 | } |
76 | else | 76 | else |
77 | printf("GOOD: all capabilities are disabled\n"); | 77 | printf("GOOD: all capabilities are disabled.\n"); |
78 | } | 78 | } |
79 | 79 | ||