aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@protonmail.com>2022-10-24 09:06:01 -0400
committerLibravatar netblue30 <netblue30@protonmail.com>2022-10-24 09:06:01 -0400
commit3d3365cb31d91661b503a04488873aca17a86636 (patch)
treea66f9af470b3fe4fb14a3c49384f81830a1565b1 /src
parent--icmptrace (diff)
downloadfirejail-3d3365cb31d91661b503a04488873aca17a86636.tar.gz
firejail-3d3365cb31d91661b503a04488873aca17a86636.tar.zst
firejail-3d3365cb31d91661b503a04488873aca17a86636.zip
removed grsecurity support
Diffstat (limited to 'src')
-rw-r--r--src/firejail/main.c23
-rw-r--r--src/firejail/profile.c15
2 files changed, 1 insertions, 37 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index ed5b4901b..1eda26f99 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -728,8 +728,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
728#ifdef HAVE_NETWORK 728#ifdef HAVE_NETWORK
729 else if (strcmp(argv[i], "--netstats") == 0) { 729 else if (strcmp(argv[i], "--netstats") == 0) {
730 if (checkcfg(CFG_NETWORK)) { 730 if (checkcfg(CFG_NETWORK)) {
731 struct stat s; 731 if (pid_hidepid())
732 if (stat("/proc/sys/kernel/grsecurity", &s) == 0 || pid_hidepid())
733 sbox_run(SBOX_ROOT | SBOX_CAPS_HIDEPID | SBOX_SECCOMP | SBOX_ALLOW_STDIN, 732 sbox_run(SBOX_ROOT | SBOX_CAPS_HIDEPID | SBOX_SECCOMP | SBOX_ALLOW_STDIN,
734 2, PATH_FIREMON, "--netstats"); 733 2, PATH_FIREMON, "--netstats");
735 else 734 else
@@ -1747,11 +1746,6 @@ int main(int argc, char **argv, char **envp) {
1747 fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); 1746 fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n");
1748 exit(1); 1747 exit(1);
1749 } 1748 }
1750 struct stat s;
1751 if (stat("/proc/sys/kernel/grsecurity", &s) == 0) {
1752 fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n");
1753 exit(1);
1754 }
1755 arg_overlay = 1; 1749 arg_overlay = 1;
1756 arg_overlay_keep = 1; 1750 arg_overlay_keep = 1;
1757 1751
@@ -1775,11 +1769,6 @@ int main(int argc, char **argv, char **envp) {
1775 fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); 1769 fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n");
1776 exit(1); 1770 exit(1);
1777 } 1771 }
1778 struct stat s;
1779 if (stat("/proc/sys/kernel/grsecurity", &s) == 0) {
1780 fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n");
1781 exit(1);
1782 }
1783 arg_overlay = 1; 1772 arg_overlay = 1;
1784 arg_overlay_keep = 1; 1773 arg_overlay_keep = 1;
1785 arg_overlay_reuse = 1; 1774 arg_overlay_reuse = 1;
@@ -1811,11 +1800,6 @@ int main(int argc, char **argv, char **envp) {
1811 fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); 1800 fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n");
1812 exit(1); 1801 exit(1);
1813 } 1802 }
1814 struct stat s;
1815 if (stat("/proc/sys/kernel/grsecurity", &s) == 0) {
1816 fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n");
1817 exit(1);
1818 }
1819 arg_overlay = 1; 1803 arg_overlay = 1;
1820 } 1804 }
1821 else 1805 else
@@ -1954,11 +1938,6 @@ int main(int argc, char **argv, char **envp) {
1954 exit(1); 1938 exit(1);
1955 } 1939 }
1956 1940
1957 struct stat s;
1958 if (stat("/proc/sys/kernel/grsecurity", &s) == 0) {
1959 fprintf(stderr, "Error: --chroot option is not available on Grsecurity systems\n");
1960 exit(1);
1961 }
1962 // extract chroot dirname 1941 // extract chroot dirname
1963 cfg.chrootdir = argv[i] + 9; 1942 cfg.chrootdir = argv[i] + 9;
1964 if (*cfg.chrootdir == '\0') { 1943 if (*cfg.chrootdir == '\0') {
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 641bb09b1..24964d40d 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -1418,11 +1418,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
1418 fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); 1418 fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n");
1419 exit(1); 1419 exit(1);
1420 } 1420 }
1421 struct stat s;
1422 if (stat("/proc/sys/kernel/grsecurity", &s) == 0) {
1423 fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n");
1424 exit(1);
1425 }
1426 arg_overlay = 1; 1421 arg_overlay = 1;
1427 arg_overlay_keep = 1; 1422 arg_overlay_keep = 1;
1428 arg_overlay_reuse = 1; 1423 arg_overlay_reuse = 1;
@@ -1455,11 +1450,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
1455 fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); 1450 fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n");
1456 exit(1); 1451 exit(1);
1457 } 1452 }
1458 struct stat s;
1459 if (stat("/proc/sys/kernel/grsecurity", &s) == 0) {
1460 fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n");
1461 exit(1);
1462 }
1463 arg_overlay = 1; 1453 arg_overlay = 1;
1464 } 1454 }
1465 else 1455 else
@@ -1476,11 +1466,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
1476 fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); 1466 fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n");
1477 exit(1); 1467 exit(1);
1478 } 1468 }
1479 struct stat s;
1480 if (stat("/proc/sys/kernel/grsecurity", &s) == 0) {
1481 fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n");
1482 exit(1);
1483 }
1484 arg_overlay = 1; 1469 arg_overlay = 1;
1485 arg_overlay_keep = 1; 1470 arg_overlay_keep = 1;
1486 1471
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-26 08:48:37 +0000