diff options
author | smitsohu <smitsohu@gmail.com> | 2020-09-01 11:55:20 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-09-01 11:55:20 +0200 |
commit | ef4f58a67904cb9c28a1195e9184fa292c3a055a (patch) | |
tree | bac143f40d4dfda54730b6c4101cab1ed33b0f4d /src | |
parent | Merge branch 'master' of https://github.com/netblue30/firejail (diff) | |
download | firejail-ef4f58a67904cb9c28a1195e9184fa292c3a055a.tar.gz firejail-ef4f58a67904cb9c28a1195e9184fa292c3a055a.tar.zst firejail-ef4f58a67904cb9c28a1195e9184fa292c3a055a.zip |
shell none: avoid syscalls after seccomp_install_filters
fixes e.g. --shell=none --seccomp.drop=write --seccomp-error-action=kill
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/sandbox.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index ef09a790c..5a4741a56 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -528,7 +528,10 @@ void start_application(int no_sandbox, char *set_sandbox_status) { | |||
528 | if (!arg_command && !arg_quiet) | 528 | if (!arg_command && !arg_quiet) |
529 | print_time(); | 529 | print_time(); |
530 | 530 | ||
531 | int rv = ok_to_run(cfg.original_argv[cfg.original_program_index]); | 531 | if (ok_to_run(cfg.original_argv[cfg.original_program_index]) == 0) { |
532 | fprintf(stderr, "Error: no suitable %s executable found\n", cfg.original_argv[cfg.original_program_index]); | ||
533 | exit(1); | ||
534 | } | ||
532 | 535 | ||
533 | #ifdef HAVE_GCOV | 536 | #ifdef HAVE_GCOV |
534 | __gcov_dump(); | 537 | __gcov_dump(); |
@@ -538,11 +541,7 @@ void start_application(int no_sandbox, char *set_sandbox_status) { | |||
538 | #endif | 541 | #endif |
539 | if (set_sandbox_status) | 542 | if (set_sandbox_status) |
540 | *set_sandbox_status = SANDBOX_DONE; | 543 | *set_sandbox_status = SANDBOX_DONE; |
541 | if (rv) | 544 | execvp(cfg.original_argv[cfg.original_program_index], &cfg.original_argv[cfg.original_program_index]); |
542 | execvp(cfg.original_argv[cfg.original_program_index], &cfg.original_argv[cfg.original_program_index]); | ||
543 | else | ||
544 | fprintf(stderr, "Error: no suitable %s executable found\n", cfg.original_argv[cfg.original_program_index]); | ||
545 | exit(1); | ||
546 | } | 545 | } |
547 | //**************************************** | 546 | //**************************************** |
548 | // start the program using a shell | 547 | // start the program using a shell |