diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-02-19 14:57:58 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-02-19 14:57:58 -0500 |
| commit | 02a66f7e4086097a98dfdac0b47c9909908360a0 (patch) | |
| tree | 443fb269e84c89842965677386260e71b85de227 /src/firejail/caps.c | |
| parent | moved sandbox name to /run/firejail/name/<PID> (diff) | |
| download | firejail-02a66f7e4086097a98dfdac0b47c9909908360a0.tar.gz firejail-02a66f7e4086097a98dfdac0b47c9909908360a0.tar.zst firejail-02a66f7e4086097a98dfdac0b47c9909908360a0.zip | |
euid switching
Diffstat (limited to 'src/firejail/caps.c')
| -rw-r--r-- | src/firejail/caps.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/firejail/caps.c b/src/firejail/caps.c index 1c4ac8d37..838934aee 100644 --- a/src/firejail/caps.c +++ b/src/firejail/caps.c | |||
| @@ -193,6 +193,7 @@ static int caps_find_name(const char *name) { | |||
| 193 | 193 | ||
| 194 | // return 1 if error, 0 if OK | 194 | // return 1 if error, 0 if OK |
| 195 | int caps_check_list(const char *clist, void (*callback)(int)) { | 195 | int caps_check_list(const char *clist, void (*callback)(int)) { |
| 196 | |||
| 196 | // don't allow empty lists | 197 | // don't allow empty lists |
| 197 | if (clist == NULL || *clist == '\0') { | 198 | if (clist == NULL || *clist == '\0') { |
| 198 | fprintf(stderr, "Error: empty capabilities lists are not allowed\n"); | 199 | fprintf(stderr, "Error: empty capabilities lists are not allowed\n"); |
| @@ -240,6 +241,7 @@ int caps_check_list(const char *clist, void (*callback)(int)) { | |||
| 240 | } | 241 | } |
| 241 | 242 | ||
| 242 | void caps_print(void) { | 243 | void caps_print(void) { |
| 244 | EUID_ASSERT(); | ||
| 243 | int i; | 245 | int i; |
| 244 | int elems = sizeof(capslist) / sizeof(capslist[0]); | 246 | int elems = sizeof(capslist) / sizeof(capslist[0]); |
| 245 | 247 | ||
| @@ -364,6 +366,8 @@ void caps_keep_list(const char *clist) { | |||
| 364 | 366 | ||
| 365 | #define MAXBUF 4098 | 367 | #define MAXBUF 4098 |
| 366 | static uint64_t extract_caps(int pid) { | 368 | static uint64_t extract_caps(int pid) { |
| 369 | EUID_ASSERT(); | ||
| 370 | |||
| 367 | char *file; | 371 | char *file; |
| 368 | if (asprintf(&file, "/proc/%d/status", pid) == -1) { | 372 | if (asprintf(&file, "/proc/%d/status", pid) == -1) { |
| 369 | errExit("asprintf"); | 373 | errExit("asprintf"); |
| @@ -410,6 +414,8 @@ void caps_print_filter_name(const char *name) { | |||
| 410 | } | 414 | } |
| 411 | 415 | ||
| 412 | void caps_print_filter(pid_t pid) { | 416 | void caps_print_filter(pid_t pid) { |
| 417 | EUID_ASSERT(); | ||
| 418 | |||
| 413 | // if the pid is that of a firejail process, use the pid of the first child process | 419 | // if the pid is that of a firejail process, use the pid of the first child process |
| 414 | char *comm = pid_proc_comm(pid); | 420 | char *comm = pid_proc_comm(pid); |
| 415 | if (comm) { | 421 | if (comm) { |