diff options
author | smitsohu <smitsohu@gmail.com> | 2023-03-02 17:45:13 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2023-03-02 17:53:58 +0100 |
commit | 5e1b85e41594efb4a3f6b19033a53dca90ce6987 (patch) | |
tree | 5f9d07e50856313cbe0c5581f70c03cfe56ce1ea /src | |
parent | cleanup (diff) | |
download | firejail-5e1b85e41594efb4a3f6b19033a53dca90ce6987.tar.gz firejail-5e1b85e41594efb4a3f6b19033a53dca90ce6987.tar.zst firejail-5e1b85e41594efb4a3f6b19033a53dca90ce6987.zip |
cleanup
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/join.c | 5 | ||||
-rw-r--r-- | src/firejail/main.c | 6 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 5 |
3 files changed, 7 insertions, 9 deletions
diff --git a/src/firejail/join.c b/src/firejail/join.c index 5ef54002b..742cda80b 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c | |||
@@ -501,10 +501,7 @@ void join(pid_t pid, int argc, char **argv, int index) { | |||
501 | } | 501 | } |
502 | 502 | ||
503 | // set nonewprivs | 503 | // set nonewprivs |
504 | #ifndef HAVE_FORCE_NONEWPRIVS | 504 | if (arg_nonewprivs == 1) { |
505 | if (arg_nonewprivs == 1) // not available for uid 0 | ||
506 | #endif | ||
507 | { | ||
508 | if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) != 0) | 505 | if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) != 0) |
509 | errExit("prctl"); | 506 | errExit("prctl"); |
510 | if (arg_debug) | 507 | if (arg_debug) |
diff --git a/src/firejail/main.c b/src/firejail/main.c index ac84f00c9..0e5363cb0 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -97,7 +97,11 @@ int arg_rlimit_fsize = 0; // rlimit fsize | |||
97 | int arg_rlimit_sigpending = 0; // rlimit fsize | 97 | int arg_rlimit_sigpending = 0; // rlimit fsize |
98 | int arg_rlimit_as = 0; // rlimit as | 98 | int arg_rlimit_as = 0; // rlimit as |
99 | int arg_nogroups = 0; // disable supplementary groups | 99 | int arg_nogroups = 0; // disable supplementary groups |
100 | int arg_nonewprivs = 0; // set the NO_NEW_PRIVS prctl | 100 | #ifdef HAVE_FORCE_NONEWPRIVS |
101 | int arg_nonewprivs = 1; // set the NO_NEW_PRIVS prctl | ||
102 | #else | ||
103 | int arg_nonewprivs = 0; | ||
104 | #endif | ||
101 | int arg_noroot = 0; // create a new user namespace and disable root user | 105 | int arg_noroot = 0; // create a new user namespace and disable root user |
102 | int arg_netfilter; // enable netfilter | 106 | int arg_netfilter; // enable netfilter |
103 | int arg_netfilter6; // enable netfilter6 | 107 | int arg_netfilter6; // enable netfilter6 |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 88de1fc5f..648fc2248 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -1277,10 +1277,7 @@ int sandbox(void* sandbox_arg) { | |||
1277 | //**************************************** | 1277 | //**************************************** |
1278 | // Set NO_NEW_PRIVS if desired | 1278 | // Set NO_NEW_PRIVS if desired |
1279 | //**************************************** | 1279 | //**************************************** |
1280 | #ifndef HAVE_FORCE_NONEWPRIVS | 1280 | if (arg_nonewprivs) { |
1281 | if (arg_nonewprivs) | ||
1282 | #endif | ||
1283 | { | ||
1284 | if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) != 0) { | 1281 | if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) != 0) { |
1285 | fprintf(stderr, "Error: cannot set NO_NEW_PRIVS, it requires a Linux kernel version 3.5 or newer.\n"); | 1282 | fprintf(stderr, "Error: cannot set NO_NEW_PRIVS, it requires a Linux kernel version 3.5 or newer.\n"); |
1286 | exit(1); | 1283 | exit(1); |