diff options
author | netblue30 <netblue30@yahoo.com> | 2016-03-23 09:18:13 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-03-23 09:18:13 -0400 |
commit | 7d13ec6274b71fa1359b1ef8ebb966498e5b2f45 (patch) | |
tree | 7adfceb348c88c811ccbe6dc6e2be7fad61cbdb3 /todo | |
parent | --quiet problem (diff) | |
download | firejail-7d13ec6274b71fa1359b1ef8ebb966498e5b2f45.tar.gz firejail-7d13ec6274b71fa1359b1ef8ebb966498e5b2f45.tar.zst firejail-7d13ec6274b71fa1359b1ef8ebb966498e5b2f45.zip |
hide firejail run time information
Diffstat (limited to 'todo')
-rw-r--r-- | todo | 20 |
1 files changed, 20 insertions, 0 deletions
@@ -55,3 +55,23 @@ Warning: seccomp file not found | |||
55 | Warning: seccomp disabled, it requires a Linux kernel version 3.5 or newer. | 55 | Warning: seccomp disabled, it requires a Linux kernel version 3.5 or newer. |
56 | $ ls ~ <----------------- all files are available, the directory is not empty! | 56 | $ ls ~ <----------------- all files are available, the directory is not empty! |
57 | 57 | ||
58 | 10. Posibly capabilities broken for --join | ||
59 | |||
60 | $ firejail --name=test | ||
61 | ... | ||
62 | $ firejail --debug --join=test | ||
63 | Switching to pid 18591, the first child process inside the sandbox | ||
64 | User namespace detected: /proc/18591/uid_map, 1000, 1000 | ||
65 | Set caps filter 0 | ||
66 | Set protocol filter: unix,inet,inet6 | ||
67 | Read seccomp filter, size 792 bytes | ||
68 | |||
69 | However, in the join sandbox we have: | ||
70 | $ cat /proc/self/status | grep Cap | ||
71 | CapInh: 0000000000000000 | ||
72 | CapPrm: 0000000000000000 | ||
73 | CapEff: 0000000000000000 | ||
74 | CapBnd: 0000003fffffffff | ||
75 | CapAmb: 0000000000000000 | ||
76 | |||
77 | 11. net_netfilter.exp broken | ||