diff options
-rw-r--r-- | src/firejail/main.c | 8 | ||||
-rw-r--r-- | src/man/firejail.txt | 3 | ||||
-rwxr-xr-x | test/fs_chroot.exp | 3 | ||||
-rwxr-xr-x | test/invalid_filename.exp | 3 | ||||
-rwxr-xr-x | test/option_chroot_overlay.exp | 3 |
5 files changed, 16 insertions, 4 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index e86aa85ac..976348c33 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1204,6 +1204,14 @@ int main(int argc, char **argv) { | |||
1204 | fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); | 1204 | fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); |
1205 | exit(1); | 1205 | exit(1); |
1206 | } | 1206 | } |
1207 | |||
1208 | struct stat s; | ||
1209 | if (stat("/proc/sys/kernel/grsecurity", &s) == 0) { | ||
1210 | fprintf(stderr, "Error: --chroot option is not available on GRSecurity systems\n"); | ||
1211 | exit(1); | ||
1212 | } | ||
1213 | |||
1214 | |||
1207 | invalid_filename(argv[i] + 9); | 1215 | invalid_filename(argv[i] + 9); |
1208 | 1216 | ||
1209 | // extract chroot dirname | 1217 | // extract chroot dirname |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index f22762499..8972e2380 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -201,7 +201,8 @@ Example: | |||
201 | .TP | 201 | .TP |
202 | \fB\-\-chroot=dirname | 202 | \fB\-\-chroot=dirname |
203 | Chroot the sandbox into a root filesystem. If the sandbox is started as a | 203 | Chroot the sandbox into a root filesystem. If the sandbox is started as a |
204 | regular user, default seccomp and capabilities filters are enabled. | 204 | regular user, default seccomp and capabilities filters are enabled. This |
205 | option is not available on Grsecurity systems. | ||
205 | .br | 206 | .br |
206 | 207 | ||
207 | .br | 208 | .br |
diff --git a/test/fs_chroot.exp b/test/fs_chroot.exp index cc0d82179..cced5a0f0 100755 --- a/test/fs_chroot.exp +++ b/test/fs_chroot.exp | |||
@@ -7,7 +7,8 @@ match_max 100000 | |||
7 | send -- "firejail --chroot=/tmp/chroot\r" | 7 | send -- "firejail --chroot=/tmp/chroot\r" |
8 | expect { | 8 | expect { |
9 | timeout {puts "TESTING ERROR 0\n";exit} | 9 | timeout {puts "TESTING ERROR 0\n";exit} |
10 | "Child process initialized" | 10 | "Error: --chroot option is not available on GRSecurity systems" {puts "\nall done\n"; exit} |
11 | "Child process initialized" {puts "chroot available\n"}; | ||
11 | } | 12 | } |
12 | sleep 1 | 13 | sleep 1 |
13 | 14 | ||
diff --git a/test/invalid_filename.exp b/test/invalid_filename.exp index dd1fa4634..8b8087e9b 100755 --- a/test/invalid_filename.exp +++ b/test/invalid_filename.exp | |||
@@ -56,7 +56,8 @@ after 100 | |||
56 | send -- "firejail --debug-check-filename --noprofile --chroot=\"bla&&bla\"\r" | 56 | send -- "firejail --debug-check-filename --noprofile --chroot=\"bla&&bla\"\r" |
57 | expect { | 57 | expect { |
58 | timeout {puts "TESTING ERROR 3.1\n";exit} | 58 | timeout {puts "TESTING ERROR 3.1\n";exit} |
59 | "Checking filename bla&&bla" | 59 | "Checking filename bla&&bla" {puts "normal system\n"} |
60 | "Error: --chroot option is not available on GRSecurity systems" { puts "\nall done\n"; exit} | ||
60 | } | 61 | } |
61 | expect { | 62 | expect { |
62 | timeout {puts "TESTING ERROR 3.2\n";exit} | 63 | timeout {puts "TESTING ERROR 3.2\n";exit} |
diff --git a/test/option_chroot_overlay.exp b/test/option_chroot_overlay.exp index b39bc0c8e..dd1b8eb28 100755 --- a/test/option_chroot_overlay.exp +++ b/test/option_chroot_overlay.exp | |||
@@ -7,7 +7,8 @@ match_max 100000 | |||
7 | send -- "firejail --chroot=/tmp/chroot --overlay\r" | 7 | send -- "firejail --chroot=/tmp/chroot --overlay\r" |
8 | expect { | 8 | expect { |
9 | timeout {puts "TESTING ERROR 0\n";exit} | 9 | timeout {puts "TESTING ERROR 0\n";exit} |
10 | "mutually exclusive" | 10 | "mutually exclusive" {puts "normal system\n"} |
11 | "Error: --chroot option is not available on GRSecurity systems" { puts "\nall done\n"; exit} | ||
11 | } | 12 | } |
12 | sleep 1 | 13 | sleep 1 |
13 | 14 | ||