hide firejail run time information

author: netblue30 <netblue30@yahoo.com> 2016-03-23 09:18:13 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-03-23 09:18:13 -0400
commit: 7d13ec6274b71fa1359b1ef8ebb966498e5b2f45 (patch)
tree: 7adfceb348c88c811ccbe6dc6e2be7fad61cbdb3 /todo
parent: --quiet problem (diff)
download: firejail-7d13ec6274b71fa1359b1ef8ebb966498e5b2f45.tar.gz
firejail-7d13ec6274b71fa1359b1ef8ebb966498e5b2f45.tar.zst
firejail-7d13ec6274b71fa1359b1ef8ebb966498e5b2f45.zip
1 files changed, 20 insertions, 0 deletions
diff --git a/todo b/todo
index b631e6a06..d47a47fd0 100644
--- a/todo
+++ b/todo
@@ -55,3 +55,23 @@ Warning: seccomp file not found
 Warning: seccomp disabled, it requires a Linux kernel version 3.5 or newer.
 $ ls ~ <----------------- all files are available, the directory is not empty!
+10. Posibly capabilities broken for --join
+$ firejail --name=test
+...
+$ firejail --debug --join=test
+Switching to pid 18591, the first child process inside the sandbox
+User namespace detected: /proc/18591/uid_map, 1000, 1000
+Set caps filter 0
+Set protocol filter: unix,inet,inet6
+Read seccomp filter, size 792 bytes
+However, in the join sandbox we have:
+$ cat /proc/self/status | grep Cap
+CapInh: 0000000000000000
+CapPrm: 0000000000000000
+CapEff: 0000000000000000
+CapBnd: 0000003fffffffff
+CapAmb: 0000000000000000
+11. net_netfilter.exp broken
author	netblue30 <netblue30@yahoo.com>	2016-03-23 09:18:13 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-03-23 09:18:13 -0400
commit	7d13ec6274b71fa1359b1ef8ebb966498e5b2f45 (patch)
tree	7adfceb348c88c811ccbe6dc6e2be7fad61cbdb3 /todo
parent	--quiet problem (diff)
download	firejail-7d13ec6274b71fa1359b1ef8ebb966498e5b2f45.tar.gz firejail-7d13ec6274b71fa1359b1ef8ebb966498e5b2f45.tar.zst firejail-7d13ec6274b71fa1359b1ef8ebb966498e5b2f45.zip

diff --git a/todo b/todo index b631e6a06..d47a47fd0 100644 --- a/todo +++ b/todo
@@ -55,3 +55,23 @@ Warning: seccomp file not found
55	Warning: seccomp disabled, it requires a Linux kernel version 3.5 or newer.	55	Warning: seccomp disabled, it requires a Linux kernel version 3.5 or newer.
56	$ ls ~ <----------------- all files are available, the directory is not empty!	56	$ ls ~ <----------------- all files are available, the directory is not empty!
57		57
		58	10. Posibly capabilities broken for --join
		59
		60	$ firejail --name=test
		61	...
		62	$ firejail --debug --join=test
		63	Switching to pid 18591, the first child process inside the sandbox
		64	User namespace detected: /proc/18591/uid_map, 1000, 1000
		65	Set caps filter 0
		66	Set protocol filter: unix,inet,inet6
		67	Read seccomp filter, size 792 bytes
		68
		69	However, in the join sandbox we have:
		70	$ cat /proc/self/status \| grep Cap
		71	CapInh: 0000000000000000
		72	CapPrm: 0000000000000000
		73	CapEff: 0000000000000000
		74	CapBnd: 0000003fffffffff
		75	CapAmb: 0000000000000000
		76
		77	11. net_netfilter.exp broken