diff options
author | 2016-04-05 09:48:36 -0400 | |
---|---|---|
committer | 2016-04-05 09:48:36 -0400 | |
commit | 135338ba895d5feb444e3e4d6548e3474f262637 (patch) | |
tree | 9370a54dc7b05dd6381c8b517618cfc30445addb /src | |
parent | Opera profile patch (diff) | |
download | firejail-135338ba895d5feb444e3e4d6548e3474f262637.tar.gz firejail-135338ba895d5feb444e3e4d6548e3474f262637.tar.zst firejail-135338ba895d5feb444e3e4d6548e3474f262637.zip |
grsecurity: --chroot
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 8 | ||||
-rw-r--r-- | src/man/firejail.txt | 3 |
2 files changed, 10 insertions, 1 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index e86aa85ac..976348c33 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1204,6 +1204,14 @@ int main(int argc, char **argv) { | |||
1204 | fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); | 1204 | fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); |
1205 | exit(1); | 1205 | exit(1); |
1206 | } | 1206 | } |
1207 | |||
1208 | struct stat s; | ||
1209 | if (stat("/proc/sys/kernel/grsecurity", &s) == 0) { | ||
1210 | fprintf(stderr, "Error: --chroot option is not available on GRSecurity systems\n"); | ||
1211 | exit(1); | ||
1212 | } | ||
1213 | |||
1214 | |||
1207 | invalid_filename(argv[i] + 9); | 1215 | invalid_filename(argv[i] + 9); |
1208 | 1216 | ||
1209 | // extract chroot dirname | 1217 | // extract chroot dirname |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index f22762499..8972e2380 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -201,7 +201,8 @@ Example: | |||
201 | .TP | 201 | .TP |
202 | \fB\-\-chroot=dirname | 202 | \fB\-\-chroot=dirname |
203 | Chroot the sandbox into a root filesystem. If the sandbox is started as a | 203 | Chroot the sandbox into a root filesystem. If the sandbox is started as a |
204 | regular user, default seccomp and capabilities filters are enabled. | 204 | regular user, default seccomp and capabilities filters are enabled. This |
205 | option is not available on Grsecurity systems. | ||
205 | .br | 206 | .br |
206 | 207 | ||
207 | .br | 208 | .br |