diff options
| author |  netblue30 <netblue30@yahoo.com> | 2018-10-17 09:20:32 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2018-10-17 09:20:32 -0400 |
| commit | 7ef3560b009343313a4dee1444e21b98073956ce (patch) | |
| tree | ac504f794497a15327925de52e91f11e83644262 /src | |
| parent | Merge pull request #2199 from crass/fix-2142-firefox-sandbox-appimage (diff) | |
| download | firejail-7ef3560b009343313a4dee1444e21b98073956ce.tar.gz firejail-7ef3560b009343313a4dee1444e21b98073956ce.tar.zst firejail-7ef3560b009343313a4dee1444e21b98073956ce.zip | |
fix #2197
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/firejail.h | 4 | ||||
| -rw-r--r-- | src/firejail/main.c | 6 |
2 files changed, 5 insertions, 5 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 8145c1bb5..19b8480f8 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
| @@ -801,8 +801,8 @@ void build_appimage_cmdline(char **command_line, char **window_title, int argc, | |||
| 801 | #define PATH_FIREMON (PREFIX "/bin/firemon") | 801 | #define PATH_FIREMON (PREFIX "/bin/firemon") |
| 802 | #define PATH_FIREJAIL (PREFIX "/bin/firejail") | 802 | #define PATH_FIREJAIL (PREFIX "/bin/firejail") |
| 803 | 803 | ||
| 804 | //#define PATH_FSECCOMP (LIBDIR "/firejail/fseccomp") | 804 | #define PATH_FSECCOMP_MAIN (LIBDIR "/firejail/fseccomp") // when called from main thread |
| 805 | #define PATH_FSECCOMP ( RUN_FIREJAIL_LIB_DIR "/fseccomp") | 805 | #define PATH_FSECCOMP ( RUN_FIREJAIL_LIB_DIR "/fseccomp") // when called from sandbox thread |
| 806 | 806 | ||
| 807 | // FSEC_PRINT is run outside of sandbox by --seccomp.print | 807 | // FSEC_PRINT is run outside of sandbox by --seccomp.print |
| 808 | // it is also run from inside the sandbox by --debug; in this case we do an access(filename, X_OK) test first | 808 | // it is also run from inside the sandbox by --debug; in this case we do an access(filename, X_OK) test first |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 680ce5800..29e3df7c6 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -456,7 +456,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
| 456 | #ifdef HAVE_SECCOMP | 456 | #ifdef HAVE_SECCOMP |
| 457 | else if (strcmp(argv[i], "--debug-syscalls") == 0) { | 457 | else if (strcmp(argv[i], "--debug-syscalls") == 0) { |
| 458 | if (checkcfg(CFG_SECCOMP)) { | 458 | if (checkcfg(CFG_SECCOMP)) { |
| 459 | int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP, "debug-syscalls"); | 459 | int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP_MAIN, "debug-syscalls"); |
| 460 | exit(rv); | 460 | exit(rv); |
| 461 | } | 461 | } |
| 462 | else | 462 | else |
| @@ -464,7 +464,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
| 464 | } | 464 | } |
| 465 | else if (strcmp(argv[i], "--debug-errnos") == 0) { | 465 | else if (strcmp(argv[i], "--debug-errnos") == 0) { |
| 466 | if (checkcfg(CFG_SECCOMP)) { | 466 | if (checkcfg(CFG_SECCOMP)) { |
| 467 | int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP, "debug-errnos"); | 467 | int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP_MAIN, "debug-errnos"); |
| 468 | exit(rv); | 468 | exit(rv); |
| 469 | } | 469 | } |
| 470 | else | 470 | else |
| @@ -482,7 +482,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
| 482 | exit(0); | 482 | exit(0); |
| 483 | } | 483 | } |
| 484 | else if (strcmp(argv[i], "--debug-protocols") == 0) { | 484 | else if (strcmp(argv[i], "--debug-protocols") == 0) { |
| 485 | int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP, "debug-protocols"); | 485 | int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP_MAIN, "debug-protocols"); |
| 486 | exit(rv); | 486 | exit(rv); |
| 487 | } | 487 | } |
| 488 | else if (strncmp(argv[i], "--protocol.print=", 17) == 0) { | 488 | else if (strncmp(argv[i], "--protocol.print=", 17) == 0) { |