aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorLibravatar Martin Carpenter <mcarpenter@free.fr>2016-01-29 04:29:30 -0500
committerLibravatar Martin Carpenter <mcarpenter@free.fr>2016-01-29 04:38:58 -0500
commiteaf273846152ec2fc8950590d8b3a65895bd5b88 (patch)
tree281b3bddadaa14aa98da7c74bc37f4f2dba273d2 /src
parentthe first protocol list requested takes precedence (diff)
downloadfirejail-eaf273846152ec2fc8950590d8b3a65895bd5b88.tar.gz
firejail-eaf273846152ec2fc8950590d8b3a65895bd5b88.tar.zst
firejail-eaf273846152ec2fc8950590d8b3a65895bd5b88.zip
Fix for systems that don't have CAP_SYSLOG
CAP_SYSLOG was retroactively split from CAP_SYSADMIN (Linux kernel commit ce6ada35bdf710d16582cc4869c26722547e6f11). Existing supported systems might not yet have this commit (eg RHEL 6.6) in which case compilation fails.
Diffstat (limited to 'src')
-rw-r--r--src/firejail/caps.c2
-rw-r--r--src/firejail/usage.c4
2 files changed, 6 insertions, 0 deletions
diff --git a/src/firejail/caps.c b/src/firejail/caps.c
index 93049ebf0..1c4ac8d37 100644
--- a/src/firejail/caps.c
+++ b/src/firejail/caps.c
@@ -289,10 +289,12 @@ int caps_default_filter(void) {
289 else if (arg_debug) 289 else if (arg_debug)
290 printf("Drop CAP_SYS_TTY_CONFIG\n"); 290 printf("Drop CAP_SYS_TTY_CONFIG\n");
291 291
292#ifdef CAP_SYSLOG
292 if (prctl(PR_CAPBSET_DROP, CAP_SYSLOG, 0, 0, 0) && arg_debug) 293 if (prctl(PR_CAPBSET_DROP, CAP_SYSLOG, 0, 0, 0) && arg_debug)
293 fprintf(stderr, "Warning: cannot drop CAP_SYSLOG"); 294 fprintf(stderr, "Warning: cannot drop CAP_SYSLOG");
294 else if (arg_debug) 295 else if (arg_debug)
295 printf("Drop CAP_SYSLOG\n"); 296 printf("Drop CAP_SYSLOG\n");
297#endif
296 298
297 if (prctl(PR_CAPBSET_DROP, CAP_MKNOD, 0, 0, 0) && arg_debug) 299 if (prctl(PR_CAPBSET_DROP, CAP_MKNOD, 0, 0, 0) && arg_debug)
298 fprintf(stderr, "Warning: cannot drop CAP_MKNOD"); 300 fprintf(stderr, "Warning: cannot drop CAP_MKNOD");
diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index 5021025e8..52b85f5ce 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -48,7 +48,11 @@ void usage(void) {
48 printf("\t-c - execute command and exit.\n\n"); 48 printf("\t-c - execute command and exit.\n\n");
49 printf("\t--caps - enable default Linux capabilities filter. The filter disables\n"); 49 printf("\t--caps - enable default Linux capabilities filter. The filter disables\n");
50 printf("\t\tCAP_SYS_MODULE, CAP_SYS_RAWIO, CAP_SYS_BOOT, CAP_SYS_NICE,\n"); 50 printf("\t\tCAP_SYS_MODULE, CAP_SYS_RAWIO, CAP_SYS_BOOT, CAP_SYS_NICE,\n");
51#ifdef CAP_SYSLOG
51 printf("\t\tCAP_SYS_TTY_CONFIG, CAP_SYSLOG, CAP_MKNOD, CAP_SYS_ADMIN.\n\n"); 52 printf("\t\tCAP_SYS_TTY_CONFIG, CAP_SYSLOG, CAP_MKNOD, CAP_SYS_ADMIN.\n\n");
53#else
54 printf("\t\tCAP_SYS_TTY_CONFIG, CAP_MKNOD, CAP_SYS_ADMIN.\n\n");
55#endif
52 printf("\t--caps.drop=all - drop all capabilities.\n\n"); 56 printf("\t--caps.drop=all - drop all capabilities.\n\n");
53 printf("\t--caps.drop=capability,capability,capability - blacklist Linux\n"); 57 printf("\t--caps.drop=capability,capability,capability - blacklist Linux\n");
54 printf("\t\tcapabilities filter.\n\n"); 58 printf("\t\tcapabilities filter.\n\n");
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-08 23:51:54 +0000