diff options
author | 2022-06-16 10:12:10 -0400 | |
---|---|---|
committer | 2022-06-16 10:12:10 -0400 | |
commit | dab6742eeefe1f9c0a9f405f8a0c4f01256da4b9 (patch) | |
tree | 60bdf6ab627c1154e43cb54968c2e91563473d8e /src | |
parent | fix CI (diff) | |
download | firejail-dab6742eeefe1f9c0a9f405f8a0c4f01256da4b9.tar.gz firejail-dab6742eeefe1f9c0a9f405f8a0c4f01256da4b9.tar.zst firejail-dab6742eeefe1f9c0a9f405f8a0c4f01256da4b9.zip |
more on removing cgroups (#5200)
Diffstat (limited to 'src')
-rw-r--r-- | src/bash_completion/firejail.bash_completion.in | 4 | ||||
-rw-r--r-- | src/firejail/join.c | 2 | ||||
-rw-r--r-- | src/include/rundefs.h | 1 | ||||
-rw-r--r-- | src/zsh_completion/_firejail.in | 1 |
4 files changed, 1 insertions, 7 deletions
diff --git a/src/bash_completion/firejail.bash_completion.in b/src/bash_completion/firejail.bash_completion.in index ff411c807..8e047ce90 100644 --- a/src/bash_completion/firejail.bash_completion.in +++ b/src/bash_completion/firejail.bash_completion.in | |||
@@ -42,10 +42,6 @@ _firejail() | |||
42 | _filedir -d | 42 | _filedir -d |
43 | return 0 | 43 | return 0 |
44 | ;; | 44 | ;; |
45 | --cgroup) | ||
46 | _filedir -d | ||
47 | return 0 | ||
48 | ;; | ||
49 | --tmpfs) | 45 | --tmpfs) |
50 | _filedir | 46 | _filedir |
51 | return 0 | 47 | return 0 |
diff --git a/src/firejail/join.c b/src/firejail/join.c index 7e05fc785..b47089b0e 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c | |||
@@ -414,7 +414,7 @@ void join(pid_t pid, int argc, char **argv, int index) { | |||
414 | if (!arg_shell_none) | 414 | if (!arg_shell_none) |
415 | shfd = open_shell(); | 415 | shfd = open_shell(); |
416 | 416 | ||
417 | // in user mode set caps seccomp, cpu, cgroup, etc | 417 | // in user mode set caps seccomp, cpu etc. |
418 | if (getuid() != 0) { | 418 | if (getuid() != 0) { |
419 | extract_nonewprivs(sandbox); // redundant on Linux >= 4.10; duplicated in function extract_caps | 419 | extract_nonewprivs(sandbox); // redundant on Linux >= 4.10; duplicated in function extract_caps |
420 | extract_caps(sandbox); | 420 | extract_caps(sandbox); |
diff --git a/src/include/rundefs.h b/src/include/rundefs.h index 2f6b47461..08042d2c4 100644 --- a/src/include/rundefs.h +++ b/src/include/rundefs.h | |||
@@ -37,7 +37,6 @@ | |||
37 | #define RUN_RO_DIR RUN_FIREJAIL_DIR "/firejail.ro.dir" | 37 | #define RUN_RO_DIR RUN_FIREJAIL_DIR "/firejail.ro.dir" |
38 | #define RUN_RO_FILE RUN_FIREJAIL_DIR "/firejail.ro.file" | 38 | #define RUN_RO_FILE RUN_FIREJAIL_DIR "/firejail.ro.file" |
39 | #define RUN_MNT_DIR RUN_FIREJAIL_DIR "/mnt" // a tmpfs is mounted on this directory before any of the files below are created | 39 | #define RUN_MNT_DIR RUN_FIREJAIL_DIR "/mnt" // a tmpfs is mounted on this directory before any of the files below are created |
40 | #define RUN_CGROUP_CFG RUN_MNT_DIR "/cgroup" | ||
41 | #define RUN_CPU_CFG RUN_MNT_DIR "/cpu" | 40 | #define RUN_CPU_CFG RUN_MNT_DIR "/cpu" |
42 | #define RUN_GROUPS_CFG RUN_MNT_DIR "/groups" | 41 | #define RUN_GROUPS_CFG RUN_MNT_DIR "/groups" |
43 | #define RUN_PROTOCOL_CFG RUN_MNT_DIR "/protocol" | 42 | #define RUN_PROTOCOL_CFG RUN_MNT_DIR "/protocol" |
diff --git a/src/zsh_completion/_firejail.in b/src/zsh_completion/_firejail.in index f7cd3cdff..8383d83d3 100644 --- a/src/zsh_completion/_firejail.in +++ b/src/zsh_completion/_firejail.in | |||
@@ -91,7 +91,6 @@ _firejail_args=( | |||
91 | '--caps.drop=all[drop all capabilities]' | 91 | '--caps.drop=all[drop all capabilities]' |
92 | '*--caps.drop=-[drop capabilities: all|cap1,cap2,...]: :_caps' | 92 | '*--caps.drop=-[drop capabilities: all|cap1,cap2,...]: :_caps' |
93 | '*--caps.keep=-[keep capabilities: cap1,cap2,...]: :_caps' | 93 | '*--caps.keep=-[keep capabilities: cap1,cap2,...]: :_caps' |
94 | '--cgroup=-[place the sandbox in the specified control group]: :' | ||
95 | '--cpu=-[set cpu affinity]: :->cpus' | 94 | '--cpu=-[set cpu affinity]: :->cpus' |
96 | "--deterministic-exit-code[always exit with first child's status code]" | 95 | "--deterministic-exit-code[always exit with first child's status code]" |
97 | '--deterministic-shutdown[terminate orphan processes]' | 96 | '--deterministic-shutdown[terminate orphan processes]' |