diff options
author | netblue30 <netblue30@yahoo.com> | 2016-02-19 14:57:58 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-02-19 14:57:58 -0500 |
commit | 02a66f7e4086097a98dfdac0b47c9909908360a0 (patch) | |
tree | 443fb269e84c89842965677386260e71b85de227 /src/firejail/caps.c | |
parent | moved sandbox name to /run/firejail/name/<PID> (diff) | |
download | firejail-02a66f7e4086097a98dfdac0b47c9909908360a0.tar.gz firejail-02a66f7e4086097a98dfdac0b47c9909908360a0.tar.zst firejail-02a66f7e4086097a98dfdac0b47c9909908360a0.zip |
euid switching
Diffstat (limited to 'src/firejail/caps.c')
-rw-r--r-- | src/firejail/caps.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/firejail/caps.c b/src/firejail/caps.c index 1c4ac8d37..838934aee 100644 --- a/src/firejail/caps.c +++ b/src/firejail/caps.c | |||
@@ -193,6 +193,7 @@ static int caps_find_name(const char *name) { | |||
193 | 193 | ||
194 | // return 1 if error, 0 if OK | 194 | // return 1 if error, 0 if OK |
195 | int caps_check_list(const char *clist, void (*callback)(int)) { | 195 | int caps_check_list(const char *clist, void (*callback)(int)) { |
196 | |||
196 | // don't allow empty lists | 197 | // don't allow empty lists |
197 | if (clist == NULL || *clist == '\0') { | 198 | if (clist == NULL || *clist == '\0') { |
198 | fprintf(stderr, "Error: empty capabilities lists are not allowed\n"); | 199 | fprintf(stderr, "Error: empty capabilities lists are not allowed\n"); |
@@ -240,6 +241,7 @@ int caps_check_list(const char *clist, void (*callback)(int)) { | |||
240 | } | 241 | } |
241 | 242 | ||
242 | void caps_print(void) { | 243 | void caps_print(void) { |
244 | EUID_ASSERT(); | ||
243 | int i; | 245 | int i; |
244 | int elems = sizeof(capslist) / sizeof(capslist[0]); | 246 | int elems = sizeof(capslist) / sizeof(capslist[0]); |
245 | 247 | ||
@@ -364,6 +366,8 @@ void caps_keep_list(const char *clist) { | |||
364 | 366 | ||
365 | #define MAXBUF 4098 | 367 | #define MAXBUF 4098 |
366 | static uint64_t extract_caps(int pid) { | 368 | static uint64_t extract_caps(int pid) { |
369 | EUID_ASSERT(); | ||
370 | |||
367 | char *file; | 371 | char *file; |
368 | if (asprintf(&file, "/proc/%d/status", pid) == -1) { | 372 | if (asprintf(&file, "/proc/%d/status", pid) == -1) { |
369 | errExit("asprintf"); | 373 | errExit("asprintf"); |
@@ -410,6 +414,8 @@ void caps_print_filter_name(const char *name) { | |||
410 | } | 414 | } |
411 | 415 | ||
412 | void caps_print_filter(pid_t pid) { | 416 | void caps_print_filter(pid_t pid) { |
417 | EUID_ASSERT(); | ||
418 | |||
413 | // if the pid is that of a firejail process, use the pid of the first child process | 419 | // if the pid is that of a firejail process, use the pid of the first child process |
414 | char *comm = pid_proc_comm(pid); | 420 | char *comm = pid_proc_comm(pid); |
415 | if (comm) { | 421 | if (comm) { |