diff options
-rw-r--r-- | src/firejail/fs.c | 10 | ||||
-rwxr-xr-x | test/chroot/configure | 2 | ||||
-rwxr-xr-x | test/chroot/fs_chroot.exp | 8 | ||||
-rwxr-xr-x | test/overlay/fs.exp | 8 |
4 files changed, 21 insertions, 7 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 71cefffe0..f6aba7048 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -502,12 +502,10 @@ void fs_proc_sys_dev_boot(void) { | |||
502 | printf("Remounting /sys directory\n"); | 502 | printf("Remounting /sys directory\n"); |
503 | if (umount2("/sys", MNT_DETACH) < 0) | 503 | if (umount2("/sys", MNT_DETACH) < 0) |
504 | fprintf(stderr, "Warning: failed to unmount /sys\n"); | 504 | fprintf(stderr, "Warning: failed to unmount /sys\n"); |
505 | else { | 505 | if (mount("sysfs", "/sys", "sysfs", MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REC, NULL) < 0) |
506 | if (mount("sysfs", "/sys", "sysfs", MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REC, NULL) < 0) | 506 | fprintf(stderr, "Warning: failed to mount /sys\n"); |
507 | fprintf(stderr, "Warning: failed to mount /sys\n"); | 507 | else |
508 | else | 508 | fs_logger("remount /sys"); |
509 | fs_logger("remount /sys"); | ||
510 | } | ||
511 | 509 | ||
512 | disable_file(BLACKLIST_FILE, "/sys/firmware"); | 510 | disable_file(BLACKLIST_FILE, "/sys/firmware"); |
513 | disable_file(BLACKLIST_FILE, "/sys/hypervisor"); | 511 | disable_file(BLACKLIST_FILE, "/sys/hypervisor"); |
diff --git a/test/chroot/configure b/test/chroot/configure index ba8238803..26a516931 100755 --- a/test/chroot/configure +++ b/test/chroot/configure | |||
@@ -8,7 +8,7 @@ DEFAULT_FILES+=`find /lib -name libnss*` # files required by glibc | |||
8 | DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /sbin/ifconfig /usr/bin/touch /bin/ip /bin/hostname /bin/grep /usr/bin/dig /usr/bin/openssl /usr/bin/id /usr/bin/getent /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount" | 8 | DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /sbin/ifconfig /usr/bin/touch /bin/ip /bin/hostname /bin/grep /usr/bin/dig /usr/bin/openssl /usr/bin/id /usr/bin/getent /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount" |
9 | 9 | ||
10 | rm -fr $ROOTDIR | 10 | rm -fr $ROOTDIR |
11 | mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc} | 11 | mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc,sys} |
12 | chmod 777 $ROOTDIR/tmp | 12 | chmod 777 $ROOTDIR/tmp |
13 | mkdir -p $ROOTDIR/etc/firejail | 13 | mkdir -p $ROOTDIR/etc/firejail |
14 | mkdir -p $ROOTDIR/home/netblue/.config/firejail | 14 | mkdir -p $ROOTDIR/home/netblue/.config/firejail |
diff --git a/test/chroot/fs_chroot.exp b/test/chroot/fs_chroot.exp index 295ff8ff9..2190db359 100755 --- a/test/chroot/fs_chroot.exp +++ b/test/chroot/fs_chroot.exp | |||
@@ -49,6 +49,14 @@ expect { | |||
49 | } | 49 | } |
50 | after 100 | 50 | after 100 |
51 | 51 | ||
52 | # check /sys directory | ||
53 | send -- "ls /sys\r" | ||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 6\n";exit} | ||
56 | "block" | ||
57 | } | ||
58 | after 100 | ||
59 | |||
52 | 60 | ||
53 | puts "all done\n" | 61 | puts "all done\n" |
54 | 62 | ||
diff --git a/test/overlay/fs.exp b/test/overlay/fs.exp index 15ada9203..15828f437 100755 --- a/test/overlay/fs.exp +++ b/test/overlay/fs.exp | |||
@@ -40,7 +40,15 @@ expect { | |||
40 | "xyzxyzxyz" {puts "TESTING ERROR 5.1\n";exit} | 40 | "xyzxyzxyz" {puts "TESTING ERROR 5.1\n";exit} |
41 | "done" | 41 | "done" |
42 | } | 42 | } |
43 | after 100 | ||
43 | 44 | ||
45 | # check /sys directory | ||
46 | send -- "ls /sys\r" | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 6\n";exit} | ||
49 | "block" | ||
50 | } | ||
44 | after 100 | 51 | after 100 |
52 | |||
45 | puts "\nall done\n" | 53 | puts "\nall done\n" |
46 | 54 | ||