diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-05-25 13:48:51 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-05-25 13:48:51 -0400 |
| commit | 8d14f1e157f06543e6f7799a25f19367da95ed8c (patch) | |
| tree | 28e52f5480ad88ee7900cf9553979a1a2a2e6496 /src | |
| parent | Merge pull request #536 from KellerFuchs/no_new_privs (diff) | |
| download | firejail-8d14f1e157f06543e6f7799a25f19367da95ed8c.tar.gz firejail-8d14f1e157f06543e6f7799a25f19367da95ed8c.tar.zst firejail-8d14f1e157f06543e6f7799a25f19367da95ed8c.zip | |
fixes
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/checkcfg.c | 2 | ||||
| -rw-r--r-- | src/firejail/main.c | 7 | ||||
| -rw-r--r-- | src/firejail/sandbox.c | 2 |
3 files changed, 8 insertions, 3 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 4fdbe1897..3ea8caf5b 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
| @@ -47,7 +47,7 @@ int checkcfg(int val) { | |||
| 47 | 47 | ||
| 48 | FILE *fp = fopen(fname, "r"); | 48 | FILE *fp = fopen(fname, "r"); |
| 49 | if (!fp) { | 49 | if (!fp) { |
| 50 | fprintf(stderr, "Error: Firejail configuration file %s not found\n", fname); | 50 | fprintf(stderr, "Warning: Firejail configuration file %s not found\n", fname); |
| 51 | exit(1); | 51 | exit(1); |
| 52 | } | 52 | } |
| 53 | 53 | ||
diff --git a/src/firejail/main.c b/src/firejail/main.c index 2f4a78d4b..cda9e788e 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -806,7 +806,7 @@ int main(int argc, char **argv) { | |||
| 806 | } | 806 | } |
| 807 | } | 807 | } |
| 808 | 808 | ||
| 809 | // is this a login shell, or a command passed by sshd insert command line options from /etc/firejail/login.users | 809 | // is this a login shell, or a command passed by sshd, insert command line options from /etc/firejail/login.users |
| 810 | if (*argv[0] == '-' || parent_sshd) { | 810 | if (*argv[0] == '-' || parent_sshd) { |
| 811 | fullargc = restricted_shell(cfg.username); | 811 | fullargc = restricted_shell(cfg.username); |
| 812 | if (fullargc) { | 812 | if (fullargc) { |
| @@ -825,6 +825,11 @@ int main(int argc, char **argv) { | |||
| 825 | check_user(argc, argv); // the function will not return if --user option was found | 825 | check_user(argc, argv); // the function will not return if --user option was found |
| 826 | } | 826 | } |
| 827 | 827 | ||
| 828 | |||
| 829 | // check for force-nonewprivs in /etc/firejail/firejail.config file | ||
| 830 | if (!option_force && checkcfg(CFG_FORCE_NONEWPRIVS)) | ||
| 831 | arg_nonewprivs = 1; | ||
| 832 | |||
| 828 | // parse arguments | 833 | // parse arguments |
| 829 | for (i = 1; i < argc; i++) { | 834 | for (i = 1; i < argc; i++) { |
| 830 | run_cmd_and_exit(i, argc, argv); // will exit if the command is recognized | 835 | run_cmd_and_exit(i, argc, argv); // will exit if the command is recognized |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 6133a610d..843c1efe5 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
| @@ -750,7 +750,7 @@ int sandbox(void* sandbox_arg) { | |||
| 750 | //**************************************** | 750 | //**************************************** |
| 751 | // Set NO_NEW_PRIVS if desired | 751 | // Set NO_NEW_PRIVS if desired |
| 752 | //**************************************** | 752 | //**************************************** |
| 753 | if (arg_nonewprivs || checkcfg(CFG_FORCE_NONEWPRIVS)) { | 753 | if (arg_nonewprivs) { |
| 754 | int no_new_privs = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); | 754 | int no_new_privs = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); |
| 755 | 755 | ||
| 756 | if(no_new_privs != 0) | 756 | if(no_new_privs != 0) |