diff options
author | netblue30 <netblue30@yahoo.com> | 2018-11-05 07:33:37 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-11-05 07:33:37 -0500 |
commit | fe1b27aa7f57ce4e17fbd1f3de8de3b97145d256 (patch) | |
tree | 38b0fa57b1a9319d3df75f4769cca1587bfec518 /src | |
parent | profile fixes for recursive read-write mounts (diff) | |
download | firejail-fe1b27aa7f57ce4e17fbd1f3de8de3b97145d256.tar.gz firejail-fe1b27aa7f57ce4e17fbd1f3de8de3b97145d256.tar.zst firejail-fe1b27aa7f57ce4e17fbd1f3de8de3b97145d256.zip |
fix --bandwidth command
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/bandwidth.c | 80 |
1 files changed, 17 insertions, 63 deletions
diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c index d0487d49a..112afff69 100644 --- a/src/firejail/bandwidth.c +++ b/src/firejail/bandwidth.c | |||
@@ -296,69 +296,7 @@ void bandwidth_set(pid_t pid, const char *dev, int down, int up) { | |||
296 | //*********************************** | 296 | //*********************************** |
297 | void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, int up) { | 297 | void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, int up) { |
298 | EUID_ASSERT(); | 298 | EUID_ASSERT(); |
299 | //************************ | 299 | enter_network_namespace(pid); |
300 | // verify sandbox | ||
301 | //************************ | ||
302 | EUID_ROOT(); | ||
303 | char *comm = pid_proc_comm(pid); | ||
304 | EUID_USER(); | ||
305 | if (!comm) { | ||
306 | fprintf(stderr, "Error: cannot find sandbox\n"); | ||
307 | exit(1); | ||
308 | } | ||
309 | |||
310 | // check for firejail sandbox | ||
311 | if (strcmp(comm, "firejail") != 0) { | ||
312 | fprintf(stderr, "Error: cannot find sandbox\n"); | ||
313 | exit(1); | ||
314 | } | ||
315 | free(comm); | ||
316 | |||
317 | // check network namespace | ||
318 | char *name; | ||
319 | if (asprintf(&name, "/run/firejail/network/%d-netmap", pid) == -1) | ||
320 | errExit("asprintf"); | ||
321 | struct stat s; | ||
322 | if (stat(name, &s) == -1) { | ||
323 | fprintf(stderr, "Error: the sandbox doesn't use a new network namespace\n"); | ||
324 | exit(1); | ||
325 | } | ||
326 | |||
327 | //************************ | ||
328 | // join the network namespace | ||
329 | //************************ | ||
330 | pid_t child; | ||
331 | if (find_child(pid, &child) == 1) { | ||
332 | fprintf(stderr, "Error: cannot join the network namespace\n"); | ||
333 | exit(1); | ||
334 | } | ||
335 | |||
336 | if (invalid_sandbox(child)) { | ||
337 | fprintf(stderr, "Error: cannot join the network namespace\n"); | ||
338 | exit(1); | ||
339 | } | ||
340 | |||
341 | // check privileges for non-root users | ||
342 | uid_t uid = getuid(); | ||
343 | if (uid != 0) { | ||
344 | uid_t sandbox_uid = pid_get_uid(pid); | ||
345 | if (uid != sandbox_uid) { | ||
346 | fprintf(stderr, "Error: permission is denied to join a sandbox created by a different user.\n"); | ||
347 | exit(1); | ||
348 | } | ||
349 | } | ||
350 | |||
351 | EUID_ROOT(); | ||
352 | if (join_namespace(child, "net")) { | ||
353 | fprintf(stderr, "Error: cannot join the network namespace\n"); | ||
354 | exit(1); | ||
355 | } | ||
356 | |||
357 | // set run file | ||
358 | if (strcmp(command, "set") == 0) | ||
359 | bandwidth_set(pid, dev, down, up); | ||
360 | else if (strcmp(command, "clear") == 0) | ||
361 | bandwidth_remove(pid, dev); | ||
362 | 300 | ||
363 | //************************ | 301 | //************************ |
364 | // build command | 302 | // build command |
@@ -401,6 +339,22 @@ void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, in | |||
401 | fclose(fp); | 339 | fclose(fp); |
402 | } | 340 | } |
403 | 341 | ||
342 | // set run file | ||
343 | if (strcmp(command, "set") == 0) { | ||
344 | if (devname == NULL) { | ||
345 | fprintf(stderr, "Error: cannot find a %s interface inside the sandbox\n", dev); | ||
346 | exit(1); | ||
347 | } | ||
348 | bandwidth_set(pid, devname, down, up); | ||
349 | } | ||
350 | else if (strcmp(command, "clear") == 0) { | ||
351 | if (devname == NULL) { | ||
352 | fprintf(stderr, "Error: cannot find a %s interface inside the sandbox\n", dev); | ||
353 | exit(1); | ||
354 | } | ||
355 | bandwidth_remove(pid, devname); | ||
356 | } | ||
357 | |||
404 | // build fshaper.sh command | 358 | // build fshaper.sh command |
405 | char *cmd = NULL; | 359 | char *cmd = NULL; |
406 | if (devname) { | 360 | if (devname) { |