diff options
author | netblue30 <netblue30@yahoo.com> | 2017-10-27 08:46:49 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-10-27 08:46:49 -0400 |
commit | e73db09bdd521e3fe1219bae4a30e75cac188cfc (patch) | |
tree | 1cce5aa5f25241cf8392c8d984b71b6a106919a8 /src | |
parent | fix vlc profile (diff) | |
download | firejail-e73db09bdd521e3fe1219bae4a30e75cac188cfc.tar.gz firejail-e73db09bdd521e3fe1219bae4a30e75cac188cfc.tar.zst firejail-e73db09bdd521e3fe1219bae4a30e75cac188cfc.zip |
modif: remount-proc-sys deprecated from firejail.config
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/checkcfg.c | 9 | ||||
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/main.c | 2 | ||||
-rw-r--r-- | src/firejail/profile.c | 2 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 9 |
5 files changed, 5 insertions, 18 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 7f371b299..1dee87a64 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -299,14 +299,9 @@ int checkcfg(int val) { | |||
299 | else | 299 | else |
300 | goto errout; | 300 | goto errout; |
301 | } | 301 | } |
302 | // remount /proc and /sys | ||
303 | else if (strncmp(ptr, "remount-proc-sys ", 17) == 0) { | 302 | else if (strncmp(ptr, "remount-proc-sys ", 17) == 0) { |
304 | if (strcmp(ptr + 17, "yes") == 0) | 303 | if (!arg_quiet) |
305 | cfg_val[CFG_REMOUNT_PROC_SYS] = 1; | 304 | fprintf(stderr, "Warning: remount-proc-sys from firejail.config was deprecated\n"); |
306 | else if (strcmp(ptr + 17, "no") == 0) | ||
307 | cfg_val[CFG_REMOUNT_PROC_SYS] = 0; | ||
308 | else | ||
309 | goto errout; | ||
310 | } | 305 | } |
311 | else if (strncmp(ptr, "overlayfs ", 10) == 0) { | 306 | else if (strncmp(ptr, "overlayfs ", 10) == 0) { |
312 | if (strcmp(ptr + 10, "yes") == 0) | 307 | if (strcmp(ptr + 10, "yes") == 0) |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index a6b57f263..c6c6c76cc 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -725,7 +725,6 @@ enum { | |||
725 | CFG_FORCE_NONEWPRIVS, | 725 | CFG_FORCE_NONEWPRIVS, |
726 | CFG_WHITELIST, | 726 | CFG_WHITELIST, |
727 | CFG_XEPHYR_WINDOW_TITLE, | 727 | CFG_XEPHYR_WINDOW_TITLE, |
728 | CFG_REMOUNT_PROC_SYS, | ||
729 | CFG_OVERLAYFS, | 728 | CFG_OVERLAYFS, |
730 | CFG_CHROOT_DESKTOP, | 729 | CFG_CHROOT_DESKTOP, |
731 | CFG_PRIVATE_HOME, | 730 | CFG_PRIVATE_HOME, |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 67b40f9c2..069aa6ca8 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1615,7 +1615,7 @@ int main(int argc, char **argv) { | |||
1615 | } | 1615 | } |
1616 | else if (strcmp(argv[i], "--allow-private-blacklist") == 0) { | 1616 | else if (strcmp(argv[i], "--allow-private-blacklist") == 0) { |
1617 | if (!arg_quiet) | 1617 | if (!arg_quiet) |
1618 | fprintf(stderr, "--allow-private-blacklist was deprecated\n"); | 1618 | fprintf(stderr, "Warning: --allow-private-blacklist was deprecated\n"); |
1619 | } | 1619 | } |
1620 | else if (strcmp(argv[i], "--private") == 0) { | 1620 | else if (strcmp(argv[i], "--private") == 0) { |
1621 | arg_private = 1; | 1621 | arg_private = 1; |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index dc1333988..4851dc9ad 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -243,7 +243,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
243 | } | 243 | } |
244 | else if (strcmp(ptr, "allow-private-blacklist") == 0) { | 244 | else if (strcmp(ptr, "allow-private-blacklist") == 0) { |
245 | if (!arg_quiet) | 245 | if (!arg_quiet) |
246 | fprintf(stderr, "--allow-private-blacklist was deprecated\n"); | 246 | fprintf(stderr, "Warning: --allow-private-blacklist was deprecated\n"); |
247 | return 0; | 247 | return 0; |
248 | } | 248 | } |
249 | else if (strcmp(ptr, "netfilter") == 0) { | 249 | else if (strcmp(ptr, "netfilter") == 0) { |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index b92483c66..131163c68 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -245,12 +245,6 @@ static int monitor_application(pid_t app_pid) { | |||
245 | sleep(1); | 245 | sleep(1); |
246 | } | 246 | } |
247 | 247 | ||
248 | // if /proc is not remounted, we cannot check /proc directory, | ||
249 | // for now we just get out of here | ||
250 | // todo: find another way of checking child processes! | ||
251 | if (!checkcfg(CFG_REMOUNT_PROC_SYS)) | ||
252 | break; | ||
253 | |||
254 | DIR *dir; | 248 | DIR *dir; |
255 | if (!(dir = opendir("/proc"))) { | 249 | if (!(dir = opendir("/proc"))) { |
256 | // sleep 2 seconds and try again | 250 | // sleep 2 seconds and try again |
@@ -872,8 +866,7 @@ int sandbox(void* sandbox_arg) { | |||
872 | //**************************** | 866 | //**************************** |
873 | // update /proc, /sys, /dev, /boot directory | 867 | // update /proc, /sys, /dev, /boot directory |
874 | //**************************** | 868 | //**************************** |
875 | if (checkcfg(CFG_REMOUNT_PROC_SYS)) | 869 | fs_proc_sys_dev_boot(); |
876 | fs_proc_sys_dev_boot(); | ||
877 | 870 | ||
878 | //**************************** | 871 | //**************************** |
879 | // handle /mnt and /media | 872 | // handle /mnt and /media |