faudit: caps

author: netblue30 <netblue30@yahoo.com> 2016-07-02 07:41:19 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-07-02 07:41:19 -0400
commit: 7655973d13775fc8a939cae7ebbadf3b38209a02 (patch)
tree: 07792b22f23daa4cc51298fdca3db75e78f3a679 /todo
parent: audit pid (diff)
download: firejail-7655973d13775fc8a939cae7ebbadf3b38209a02.tar.gz
firejail-7655973d13775fc8a939cae7ebbadf3b38209a02.tar.zst
firejail-7655973d13775fc8a939cae7ebbadf3b38209a02.zip
1 files changed, 20 insertions, 5 deletions
diff --git a/todo b/todo
index a5c311562..a30a5319b 100644
--- a/todo
+++ b/todo
@@ -101,10 +101,25 @@ firejail.src: E: no-changelogname-tag
 firejail.src: W: invalid-url Source0: https://github.com/netblue30/firejail/archive/0.9.40.tar.gz#/firejail-0.9.40.tar.gz HTTP Error 404: Not Found
 1 packages and 0 specfiles checked; 1 errors, 1 warnings.
-15. Testing:
+15. bug: capabiliteis declared on the command line take precedence over caps declared in profiles
-find /usr/share/doc/firejail | cpio -ov > t1
-strings /usr/bin/firejail > t1
-gzip -c /usr/bin/firejail > t1
-use diff -s to compare the files
+$ firejail  --caps.keep=chown,net_bind_service src/faudit/faudit
+Reading profile /etc/firejail/default.profile
+Reading profile /etc/firejail/disable-common.inc
+Reading profile /etc/firejail/disable-programs.inc
+Reading profile /etc/firejail/disable-passwdmgr.inc
+** Note: you can use --noprofile to disable default.profile **
+Parent pid 6872, child pid 6873
+Child process initialized
+----- Firejail Audit: the Good, the Bad and the Ugly -----
+GOOD: Process PID 2, running in a PID namespace
+Container/sandbox: firejail
+GOOD: all capabilities are disabled
+Parent is shutting down, bye...
author	netblue30 <netblue30@yahoo.com>	2016-07-02 07:41:19 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-07-02 07:41:19 -0400
commit	7655973d13775fc8a939cae7ebbadf3b38209a02 (patch)
tree	07792b22f23daa4cc51298fdca3db75e78f3a679 /todo
parent	audit pid (diff)
download	firejail-7655973d13775fc8a939cae7ebbadf3b38209a02.tar.gz firejail-7655973d13775fc8a939cae7ebbadf3b38209a02.tar.zst firejail-7655973d13775fc8a939cae7ebbadf3b38209a02.zip

diff --git a/todo b/todo index a5c311562..a30a5319b 100644 --- a/todo +++ b/todo
@@ -101,10 +101,25 @@ firejail.src: E: no-changelogname-tag
101	firejail.src: W: invalid-url Source0: https://github.com/netblue30/firejail/archive/0.9.40.tar.gz#/firejail-0.9.40.tar.gz HTTP Error 404: Not Found	101	firejail.src: W: invalid-url Source0: https://github.com/netblue30/firejail/archive/0.9.40.tar.gz#/firejail-0.9.40.tar.gz HTTP Error 404: Not Found
102	1 packages and 0 specfiles checked; 1 errors, 1 warnings.	102	1 packages and 0 specfiles checked; 1 errors, 1 warnings.
103		103
104	15. Testing:	104	15. bug: capabiliteis declared on the command line take precedence over caps declared in profiles
105	find /usr/share/doc/firejail \| cpio -ov > t1
106	strings /usr/bin/firejail > t1
107	gzip -c /usr/bin/firejail > t1
108		105
109	use diff -s to compare the files	106	$ firejail --caps.keep=chown,net_bind_service src/faudit/faudit
		107	Reading profile /etc/firejail/default.profile
		108	Reading profile /etc/firejail/disable-common.inc
		109	Reading profile /etc/firejail/disable-programs.inc
		110	Reading profile /etc/firejail/disable-passwdmgr.inc
110		111
		112	Note: you can use --noprofile to disable default.profile
		113
		114	Parent pid 6872, child pid 6873
		115
		116	Child process initialized
		117
		118	----- Firejail Audit: the Good, the Bad and the Ugly -----
		119
		120	GOOD: Process PID 2, running in a PID namespace
		121	Container/sandbox: firejail
		122	GOOD: all capabilities are disabled
		123
		124
		125	Parent is shutting down, bye...