diff options
author | netblue30 <netblue30@yahoo.com> | 2017-02-17 10:08:12 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-02-17 10:08:12 -0500 |
commit | ae7c2f508b0f27b5e7115dd3e75cec19eb40befa (patch) | |
tree | 0df06f384742d99febb3e99820094f1d4b19902b /src | |
parent | kino profile (diff) | |
download | firejail-ae7c2f508b0f27b5e7115dd3e75cec19eb40befa.tar.gz firejail-ae7c2f508b0f27b5e7115dd3e75cec19eb40befa.tar.zst firejail-ae7c2f508b0f27b5e7115dd3e75cec19eb40befa.zip |
merge #1100 from zackw: x11=xorg testing
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/x11.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 0fa789ff1..74eb00268 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -625,7 +625,6 @@ void x11_start(int argc, char **argv) { | |||
625 | exit(0); | 625 | exit(0); |
626 | } | 626 | } |
627 | } | 627 | } |
628 | |||
629 | #endif | 628 | #endif |
630 | 629 | ||
631 | // Porting notes: | 630 | // Porting notes: |
@@ -642,6 +641,11 @@ void x11_start(int argc, char **argv) { | |||
642 | // directory, we need to make sure /usr/bin/xauth executable is the real thing, and not | 641 | // directory, we need to make sure /usr/bin/xauth executable is the real thing, and not |
643 | // something picked up on $PATH. | 642 | // something picked up on $PATH. |
644 | // | 643 | // |
644 | // 3. If for any reason xauth command fails, we exit the sandbox. On Debian 8 this happens | ||
645 | // when using a network namespace. Somehow, xauth tries to connect to the abstract socket, | ||
646 | // and it failes because of the network namespace - it should try to connect to the regular | ||
647 | // Unix socket! If we ignore the fail condition, the program will be started on X server without | ||
648 | // the security extension loaded. | ||
645 | void x11_xorg(void) { | 649 | void x11_xorg(void) { |
646 | #ifdef HAVE_X11 | 650 | #ifdef HAVE_X11 |
647 | 651 | ||
@@ -690,7 +694,7 @@ void x11_xorg(void) { | |||
690 | #ifdef HAVE_GCOV | 694 | #ifdef HAVE_GCOV |
691 | __gcov_flush(); | 695 | __gcov_flush(); |
692 | #endif | 696 | #endif |
693 | execlp("/usr/bin/xauth", "/usr/bin/xauth", "-f", tmpfname, | 697 | execlp("/usr/bin/xauth", "/usr/bin/xauth", "-v", "-f", tmpfname, |
694 | "generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL); | 698 | "generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL); |
695 | 699 | ||
696 | _exit(127); | 700 | _exit(127); |
@@ -719,7 +723,7 @@ void x11_xorg(void) { | |||
719 | // ensure the file has the correct permissions and move it | 723 | // ensure the file has the correct permissions and move it |
720 | // into the correct location. | 724 | // into the correct location. |
721 | if (stat(tmpfname, &s) == -1) { | 725 | if (stat(tmpfname, &s) == -1) { |
722 | fprintf(stderr, "Error: .Xauthority file was mpt created\n"); | 726 | fprintf(stderr, "Error: .Xauthority file was not created\n"); |
723 | exit(1); | 727 | exit(1); |
724 | } | 728 | } |
725 | if (set_perms(tmpfname, getuid(), getgid(), 0600)) | 729 | if (set_perms(tmpfname, getuid(), getgid(), 0600)) |