diff options
author | netblue30 <netblue30@yahoo.com> | 2016-03-10 09:53:12 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-03-10 09:53:12 -0500 |
commit | ac82511074099144ec5610efb1ccc18028b9202f (patch) | |
tree | 3f8384e9d485194bfc644398a9623b47a5ba24ac /src | |
parent | overlayfs fix for home directories mounted on a different partition (diff) | |
download | firejail-ac82511074099144ec5610efb1ccc18028b9202f.tar.gz firejail-ac82511074099144ec5610efb1ccc18028b9202f.tar.zst firejail-ac82511074099144ec5610efb1ccc18028b9202f.zip |
centos8 user namespace fix
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/sandbox.c | 5 | ||||
-rw-r--r-- | src/firejail/util.c | 5 |
2 files changed, 7 insertions, 3 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index d43e1dac1..c51dcf927 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -643,14 +643,15 @@ int sandbox(void* sandbox_arg) { | |||
643 | if (arg_noroot) { | 643 | if (arg_noroot) { |
644 | int rv = unshare(CLONE_NEWUSER); | 644 | int rv = unshare(CLONE_NEWUSER); |
645 | if (rv == -1) { | 645 | if (rv == -1) { |
646 | fprintf(stderr, "Error: cannot mount a new user namespace\n"); | 646 | fprintf(stderr, "Warning: cannot mount a new user namespace, going forward without it\n"); |
647 | perror("unshare"); | 647 | perror("unshare"); |
648 | drop_privs(arg_nogroups); | 648 | drop_privs(arg_nogroups); |
649 | arg_noroot = 0; | ||
649 | } | 650 | } |
650 | } | 651 | } |
651 | else | 652 | else |
652 | drop_privs(arg_nogroups); | 653 | drop_privs(arg_nogroups); |
653 | 654 | ||
654 | // notify parent that new user namespace has been created so a proper | 655 | // notify parent that new user namespace has been created so a proper |
655 | // UID/GID map can be setup | 656 | // UID/GID map can be setup |
656 | notify_other(child_to_parent_fds[1]); | 657 | notify_other(child_to_parent_fds[1]); |
diff --git a/src/firejail/util.c b/src/firejail/util.c index c62f4285c..04b564370 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -513,6 +513,9 @@ void wait_for_other(int fd) { | |||
513 | fprintf(stderr, "Error: cannot establish communication with the parent, exiting...\n"); | 513 | fprintf(stderr, "Error: cannot establish communication with the parent, exiting...\n"); |
514 | exit(1); | 514 | exit(1); |
515 | } | 515 | } |
516 | if (strcmp(childstr, "arg_noroot=0") == 0) | ||
517 | arg_noroot = 0; | ||
518 | |||
516 | fclose(stream); | 519 | fclose(stream); |
517 | } | 520 | } |
518 | 521 | ||
@@ -523,7 +526,7 @@ void notify_other(int fd) { | |||
523 | if (newfd == -1) | 526 | if (newfd == -1) |
524 | errExit("dup"); | 527 | errExit("dup"); |
525 | stream = fdopen(newfd, "w"); | 528 | stream = fdopen(newfd, "w"); |
526 | fprintf(stream, "%u\n", getpid()); | 529 | fprintf(stream, "arg_noroot=%d\n", arg_noroot); |
527 | fflush(stream); | 530 | fflush(stream); |
528 | fclose(stream); | 531 | fclose(stream); |
529 | } | 532 | } |