diff options
author | netblue30 <netblue30@yahoo.com> | 2016-05-25 13:48:51 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-05-25 13:48:51 -0400 |
commit | 8d14f1e157f06543e6f7799a25f19367da95ed8c (patch) | |
tree | 28e52f5480ad88ee7900cf9553979a1a2a2e6496 /src | |
parent | Merge pull request #536 from KellerFuchs/no_new_privs (diff) | |
download | firejail-8d14f1e157f06543e6f7799a25f19367da95ed8c.tar.gz firejail-8d14f1e157f06543e6f7799a25f19367da95ed8c.tar.zst firejail-8d14f1e157f06543e6f7799a25f19367da95ed8c.zip |
fixes
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/checkcfg.c | 2 | ||||
-rw-r--r-- | src/firejail/main.c | 7 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 2 |
3 files changed, 8 insertions, 3 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 4fdbe1897..3ea8caf5b 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -47,7 +47,7 @@ int checkcfg(int val) { | |||
47 | 47 | ||
48 | FILE *fp = fopen(fname, "r"); | 48 | FILE *fp = fopen(fname, "r"); |
49 | if (!fp) { | 49 | if (!fp) { |
50 | fprintf(stderr, "Error: Firejail configuration file %s not found\n", fname); | 50 | fprintf(stderr, "Warning: Firejail configuration file %s not found\n", fname); |
51 | exit(1); | 51 | exit(1); |
52 | } | 52 | } |
53 | 53 | ||
diff --git a/src/firejail/main.c b/src/firejail/main.c index 2f4a78d4b..cda9e788e 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -806,7 +806,7 @@ int main(int argc, char **argv) { | |||
806 | } | 806 | } |
807 | } | 807 | } |
808 | 808 | ||
809 | // is this a login shell, or a command passed by sshd insert command line options from /etc/firejail/login.users | 809 | // is this a login shell, or a command passed by sshd, insert command line options from /etc/firejail/login.users |
810 | if (*argv[0] == '-' || parent_sshd) { | 810 | if (*argv[0] == '-' || parent_sshd) { |
811 | fullargc = restricted_shell(cfg.username); | 811 | fullargc = restricted_shell(cfg.username); |
812 | if (fullargc) { | 812 | if (fullargc) { |
@@ -825,6 +825,11 @@ int main(int argc, char **argv) { | |||
825 | check_user(argc, argv); // the function will not return if --user option was found | 825 | check_user(argc, argv); // the function will not return if --user option was found |
826 | } | 826 | } |
827 | 827 | ||
828 | |||
829 | // check for force-nonewprivs in /etc/firejail/firejail.config file | ||
830 | if (!option_force && checkcfg(CFG_FORCE_NONEWPRIVS)) | ||
831 | arg_nonewprivs = 1; | ||
832 | |||
828 | // parse arguments | 833 | // parse arguments |
829 | for (i = 1; i < argc; i++) { | 834 | for (i = 1; i < argc; i++) { |
830 | run_cmd_and_exit(i, argc, argv); // will exit if the command is recognized | 835 | run_cmd_and_exit(i, argc, argv); // will exit if the command is recognized |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 6133a610d..843c1efe5 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -750,7 +750,7 @@ int sandbox(void* sandbox_arg) { | |||
750 | //**************************************** | 750 | //**************************************** |
751 | // Set NO_NEW_PRIVS if desired | 751 | // Set NO_NEW_PRIVS if desired |
752 | //**************************************** | 752 | //**************************************** |
753 | if (arg_nonewprivs || checkcfg(CFG_FORCE_NONEWPRIVS)) { | 753 | if (arg_nonewprivs) { |
754 | int no_new_privs = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); | 754 | int no_new_privs = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); |
755 | 755 | ||
756 | if(no_new_privs != 0) | 756 | if(no_new_privs != 0) |