diff options
author | netblue30 <netblue30@protonmail.com> | 2021-06-19 10:34:03 -0400 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2021-06-19 10:34:03 -0400 |
commit | 7b78bf75c7bcf49e91065ff3013f3e8908c3a9ff (patch) | |
tree | 2ab8509348d1cfa623cc513ff3097f054fe1ddbc /src/jailcheck | |
parent | Merge pull request #4360 from kmk3/gcov-add-missing-includes (diff) | |
download | firejail-7b78bf75c7bcf49e91065ff3013f3e8908c3a9ff.tar.gz firejail-7b78bf75c7bcf49e91065ff3013f3e8908c3a9ff.tar.zst firejail-7b78bf75c7bcf49e91065ff3013f3e8908c3a9ff.zip |
jailcheck: networking support
Diffstat (limited to 'src/jailcheck')
-rw-r--r-- | src/jailcheck/jailcheck.h | 2 | ||||
-rw-r--r-- | src/jailcheck/main.c | 23 |
2 files changed, 25 insertions, 0 deletions
diff --git a/src/jailcheck/jailcheck.h b/src/jailcheck/jailcheck.h index 32be1c978..be3104da3 100644 --- a/src/jailcheck/jailcheck.h +++ b/src/jailcheck/jailcheck.h | |||
@@ -53,6 +53,8 @@ void apparmor_test(pid_t pid); | |||
53 | // seccomp.c | 53 | // seccomp.c |
54 | void seccomp_test(pid_t pid); | 54 | void seccomp_test(pid_t pid); |
55 | 55 | ||
56 | // network.c | ||
57 | void network_test(void); | ||
56 | // utils.c | 58 | // utils.c |
57 | char *get_sudo_user(void); | 59 | char *get_sudo_user(void); |
58 | char *get_homedir(const char *user, uid_t *uid, gid_t *gid); | 60 | char *get_homedir(const char *user, uid_t *uid, gid_t *gid); |
diff --git a/src/jailcheck/main.c b/src/jailcheck/main.c index 4d642bf96..812ac5808 100644 --- a/src/jailcheck/main.c +++ b/src/jailcheck/main.c | |||
@@ -157,6 +157,7 @@ int main(int argc, char **argv) { | |||
157 | seccomp_test(pid); | 157 | seccomp_test(pid); |
158 | fflush(0); | 158 | fflush(0); |
159 | 159 | ||
160 | // filesystem tests | ||
160 | pid_t child = fork(); | 161 | pid_t child = fork(); |
161 | if (child == -1) | 162 | if (child == -1) |
162 | errExit("fork"); | 163 | errExit("fork"); |
@@ -185,6 +186,28 @@ int main(int argc, char **argv) { | |||
185 | } | 186 | } |
186 | int status; | 187 | int status; |
187 | wait(&status); | 188 | wait(&status); |
189 | |||
190 | // network test | ||
191 | child = fork(); | ||
192 | if (child == -1) | ||
193 | errExit("fork"); | ||
194 | if (child == 0) { | ||
195 | int rv = join_namespace(pid, "net"); | ||
196 | if (rv == 0) | ||
197 | network_test(); | ||
198 | else { | ||
199 | printf(" Error: I cannot join the process network stack\n"); | ||
200 | exit(1); | ||
201 | } | ||
202 | |||
203 | // drop privileges in order not to trigger cleanup() | ||
204 | if (setgid(user_gid) != 0) | ||
205 | errExit("setgid"); | ||
206 | if (setuid(user_uid) != 0) | ||
207 | errExit("setuid"); | ||
208 | return 0; | ||
209 | } | ||
210 | wait(&status); | ||
188 | } | 211 | } |
189 | } | 212 | } |
190 | 213 | ||