diff options
author | netblue30 <netblue30@yahoo.com> | 2016-04-05 13:17:20 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-04-05 13:17:20 -0400 |
commit | 10c7565f9d414d745122dac2e441f5e816db7843 (patch) | |
tree | d6e56dacb20561abeb59c3bebd2ca857f4c35112 /src/firemon | |
parent | firecfg fixes (diff) | |
download | firejail-10c7565f9d414d745122dac2e441f5e816db7843.tar.gz firejail-10c7565f9d414d745122dac2e441f5e816db7843.tar.zst firejail-10c7565f9d414d745122dac2e441f5e816db7843.zip |
grsecurity: --caps.print
Diffstat (limited to 'src/firemon')
-rw-r--r-- | src/firemon/firemon.c | 9 | ||||
-rw-r--r-- | src/firemon/usage.c | 3 |
2 files changed, 10 insertions, 2 deletions
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c index 0e38696ac..9c3558362 100644 --- a/src/firemon/firemon.c +++ b/src/firemon/firemon.c | |||
@@ -23,7 +23,8 @@ | |||
23 | #include <sys/ioctl.h> | 23 | #include <sys/ioctl.h> |
24 | #include <sys/prctl.h> | 24 | #include <sys/prctl.h> |
25 | #include <grp.h> | 25 | #include <grp.h> |
26 | 26 | #include <sys/stat.h> | |
27 | |||
27 | 28 | ||
28 | static int arg_route = 0; | 29 | static int arg_route = 0; |
29 | static int arg_arp = 0; | 30 | static int arg_arp = 0; |
@@ -111,6 +112,12 @@ int main(int argc, char **argv) { | |||
111 | unsigned pid = 0; | 112 | unsigned pid = 0; |
112 | int i; | 113 | int i; |
113 | 114 | ||
115 | struct stat s; | ||
116 | if (getuid() != 0 &&stat("/proc/sys/kernel/grsecurity", &s) == 0) { | ||
117 | fprintf(stderr, "Error: on Grsecurity systems only root user can run this program\n"); | ||
118 | exit(1); | ||
119 | } | ||
120 | |||
114 | // handle CTRL-C | 121 | // handle CTRL-C |
115 | signal (SIGINT, my_handler); | 122 | signal (SIGINT, my_handler); |
116 | signal (SIGTERM, my_handler); | 123 | signal (SIGTERM, my_handler); |
diff --git a/src/firemon/usage.c b/src/firemon/usage.c index 926e1c89f..74a2a61f0 100644 --- a/src/firemon/usage.c +++ b/src/firemon/usage.c | |||
@@ -24,7 +24,8 @@ void usage(void) { | |||
24 | printf("Usage: firemon [OPTIONS] [PID]\n\n"); | 24 | printf("Usage: firemon [OPTIONS] [PID]\n\n"); |
25 | printf("Monitor processes started in a Firejail sandbox. Without any PID specified,\n"); | 25 | printf("Monitor processes started in a Firejail sandbox. Without any PID specified,\n"); |
26 | printf("all processes started by Firejail are monitored. Descendants of these processes\n"); | 26 | printf("all processes started by Firejail are monitored. Descendants of these processes\n"); |
27 | printf("are also being monitored.\n\n"); | 27 | printf("are also being monitored. On Grsecurity systems only root user\n"); |
28 | printf("can run this program.\n\n"); | ||
28 | printf("Options:\n"); | 29 | printf("Options:\n"); |
29 | printf("\t--arp - print ARP table for each sandbox.\n\n"); | 30 | printf("\t--arp - print ARP table for each sandbox.\n\n"); |
30 | printf("\t--caps - print capabilities configuration for each sandbox.\n\n"); | 31 | printf("\t--caps - print capabilities configuration for each sandbox.\n\n"); |