diff options
author | netblue30 <netblue30@yahoo.com> | 2016-05-27 09:21:30 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-05-27 09:21:30 -0400 |
commit | 22a9d046d10614d8fa706ae09f9483fb1d42e6e7 (patch) | |
tree | 7d8633eea8ff3b75f58da69c7569c3e274a16891 /src | |
parent | fixes (diff) | |
download | firejail-22a9d046d10614d8fa706ae09f9483fb1d42e6e7.tar.gz firejail-22a9d046d10614d8fa706ae09f9483fb1d42e6e7.tar.zst firejail-22a9d046d10614d8fa706ae09f9483fb1d42e6e7.zip |
fixes for Debian wheezy
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/sandbox.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 843c1efe5..7518477b7 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -34,6 +34,13 @@ | |||
34 | #define CLONE_NEWUSER 0x10000000 | 34 | #define CLONE_NEWUSER 0x10000000 |
35 | #endif | 35 | #endif |
36 | 36 | ||
37 | #include <sys/prctl.h> | ||
38 | #ifndef PR_SET_NO_NEW_PRIVS | ||
39 | # define PR_SET_NO_NEW_PRIVS 38 | ||
40 | #endif | ||
41 | |||
42 | |||
43 | |||
37 | static int monitored_pid = 0; | 44 | static int monitored_pid = 0; |
38 | static void sandbox_handler(int sig){ | 45 | static void sandbox_handler(int sig){ |
39 | if (!arg_quiet) { | 46 | if (!arg_quiet) { |
@@ -746,7 +753,7 @@ int sandbox(void* sandbox_arg) { | |||
746 | printf("noroot user namespace installed\n"); | 753 | printf("noroot user namespace installed\n"); |
747 | set_caps(); | 754 | set_caps(); |
748 | } | 755 | } |
749 | 756 | ||
750 | //**************************************** | 757 | //**************************************** |
751 | // Set NO_NEW_PRIVS if desired | 758 | // Set NO_NEW_PRIVS if desired |
752 | //**************************************** | 759 | //**************************************** |
@@ -759,7 +766,6 @@ int sandbox(void* sandbox_arg) { | |||
759 | printf("NO_NEW_PRIVS set\n"); | 766 | printf("NO_NEW_PRIVS set\n"); |
760 | } | 767 | } |
761 | 768 | ||
762 | |||
763 | //**************************************** | 769 | //**************************************** |
764 | // fork the application and monitor it | 770 | // fork the application and monitor it |
765 | //**************************************** | 771 | //**************************************** |