diff options
-rw-r--r-- | README | 4 | ||||
-rw-r--r-- | RELNOTES | 4 | ||||
-rwxr-xr-x | contrib/fjresize.py | 2 | ||||
-rw-r--r-- | src/faudit/caps.c | 2 | ||||
-rw-r--r-- | src/fbuilder/build_profile.c | 2 | ||||
-rw-r--r-- | src/firejail/cmdline.c | 2 | ||||
-rw-r--r-- | src/firejail/firejail.h | 6 | ||||
-rw-r--r-- | src/firejail/fs.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_lib.c | 2 | ||||
-rw-r--r-- | src/firejail/ls.c | 4 | ||||
-rw-r--r-- | src/firejail/main.c | 4 | ||||
-rw-r--r-- | src/firejail/no_sandbox.c | 2 | ||||
-rw-r--r-- | src/firejail/x11.c | 10 | ||||
-rw-r--r-- | src/firemon/procevent.c | 2 | ||||
-rwxr-xr-x | src/fshaper/fshaper.sh | 4 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 2 | ||||
-rw-r--r-- | src/man/firejail.txt | 2 | ||||
-rw-r--r-- | src/tools/testuid.c | 2 | ||||
-rw-r--r-- | test/network/README | 2 | ||||
-rwxr-xr-x | test/network/bandwidth.exp | 2 |
20 files changed, 31 insertions, 31 deletions
@@ -64,7 +64,7 @@ Aleksey Manevich (https://github.com/manevich) | |||
64 | - fix double quotes/single quotes problem | 64 | - fix double quotes/single quotes problem |
65 | - big rework of argument processing subsystem | 65 | - big rework of argument processing subsystem |
66 | - --join fixes | 66 | - --join fixes |
67 | - spliting up cmdline.c | 67 | - splitting up cmdline.c |
68 | - Busybox support | 68 | - Busybox support |
69 | - X11 support rewrite | 69 | - X11 support rewrite |
70 | - gether shell selection code in one place | 70 | - gether shell selection code in one place |
@@ -330,7 +330,7 @@ Jaykishan Mutkawoa (https://github.com/jmutkawoa) | |||
330 | - cpio profile | 330 | - cpio profile |
331 | James Elford (https://github.com/jelford) | 331 | James Elford (https://github.com/jelford) |
332 | - pass password manager support | 332 | - pass password manager support |
333 | - removed shell none from ssh-agent configuration, fixing the infinit loop | 333 | - removed shell none from ssh-agent configuration, fixing the infinite loop |
334 | - added gcloud profile | 334 | - added gcloud profile |
335 | - blacklist sensitive cloud provider files in disable-common | 335 | - blacklist sensitive cloud provider files in disable-common |
336 | Jean Lucas (https://github.com/flacks) | 336 | Jean Lucas (https://github.com/flacks) |
@@ -147,7 +147,7 @@ firejail (0.9.50) baseline; urgency=low | |||
147 | * feature: --profile.print | 147 | * feature: --profile.print |
148 | * enhancement: print all seccomp filters under --debug | 148 | * enhancement: print all seccomp filters under --debug |
149 | * enhancement: /proc/sys mounting | 149 | * enhancement: /proc/sys mounting |
150 | * enhancement: rework IP address assingment for --net options | 150 | * enhancement: rework IP address assignment for --net options |
151 | * enhancement: support for newer Xpra versions (2.1+) - | 151 | * enhancement: support for newer Xpra versions (2.1+) - |
152 | set xpra-attach yes in /etc/firejail/firejail.config | 152 | set xpra-attach yes in /etc/firejail/firejail.config |
153 | * enhancement: all profiles use a standard layout style | 153 | * enhancement: all profiles use a standard layout style |
@@ -181,7 +181,7 @@ firejail (0.9.50~rc1) baseline; urgency=low | |||
181 | * feature: --profile.print | 181 | * feature: --profile.print |
182 | * enhancement: print all seccomp filters under --debug | 182 | * enhancement: print all seccomp filters under --debug |
183 | * enhancement: /proc/sys mounting | 183 | * enhancement: /proc/sys mounting |
184 | * enhancement: rework IP address assingment for --net options | 184 | * enhancement: rework IP address assignment for --net options |
185 | * enhancement: support for newer Xpra versions (2.1+) - | 185 | * enhancement: support for newer Xpra versions (2.1+) - |
186 | set xpra-attach yes in /etc/firejail/firejail.config | 186 | set xpra-attach yes in /etc/firejail/firejail.config |
187 | * enhancement: all profiles use a standard layout style | 187 | * enhancement: all profiles use a standard layout style |
diff --git a/contrib/fjresize.py b/contrib/fjresize.py index 3997cf280..4eb33f120 100755 --- a/contrib/fjresize.py +++ b/contrib/fjresize.py | |||
@@ -8,7 +8,7 @@ usage = """usage: fjresize.py firejail-name displaysize | |||
8 | resize firejail xephyr windows. | 8 | resize firejail xephyr windows. |
9 | fjdisplay.py with no other arguments will list running named firejails with displays. | 9 | fjdisplay.py with no other arguments will list running named firejails with displays. |
10 | fjresize.py with only a firejail name will list valid resolutions. | 10 | fjresize.py with only a firejail name will list valid resolutions. |
11 | names can be shortend as long its unambiguous. | 11 | names can be shortened as long its unambiguous. |
12 | note: you may need to move the xephyr window for the resize to take effect | 12 | note: you may need to move the xephyr window for the resize to take effect |
13 | example: | 13 | example: |
14 | fjresize.py browser 1280x800 | 14 | fjresize.py browser 1280x800 |
diff --git a/src/faudit/caps.c b/src/faudit/caps.c index 46c262c89..e0fb38488 100644 --- a/src/faudit/caps.c +++ b/src/faudit/caps.c | |||
@@ -43,7 +43,7 @@ static int extract_caps(uint64_t *val) { | |||
43 | return 1; | 43 | return 1; |
44 | } | 44 | } |
45 | 45 | ||
46 | // return 1 if the capability is in tbe map | 46 | // return 1 if the capability is in the map |
47 | static int check_capability(uint64_t map, int cap) { | 47 | static int check_capability(uint64_t map, int cap) { |
48 | int i; | 48 | int i; |
49 | uint64_t mask = 1ULL; | 49 | uint64_t mask = 1ULL; |
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c index 74f0da226..d9cb1f568 100644 --- a/src/fbuilder/build_profile.c +++ b/src/fbuilder/build_profile.c | |||
@@ -91,7 +91,7 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
91 | if (arg_debug) | 91 | if (arg_debug) |
92 | printf("command len %d + %d + 1\n", (int) (sizeof(cmdlist) / sizeof(char*)), argc - index); | 92 | printf("command len %d + %d + 1\n", (int) (sizeof(cmdlist) / sizeof(char*)), argc - index); |
93 | char *cmd[len]; | 93 | char *cmd[len]; |
94 | cmd[0] = cmdlist[0]; // explicit assignemnt to clean scan-build error | 94 | cmd[0] = cmdlist[0]; // explicit assignment to clean scan-build error |
95 | 95 | ||
96 | // build command | 96 | // build command |
97 | unsigned i = 0; | 97 | unsigned i = 0; |
diff --git a/src/firejail/cmdline.c b/src/firejail/cmdline.c index 1fe5a2398..d616f3599 100644 --- a/src/firejail/cmdline.c +++ b/src/firejail/cmdline.c | |||
@@ -77,7 +77,7 @@ static void quote_cmdline(char *command_line, char *window_title, int len, int a | |||
77 | 77 | ||
78 | // enclose args by single quotes, | 78 | // enclose args by single quotes, |
79 | // and since single quote can't be represented in single quoted text | 79 | // and since single quote can't be represented in single quoted text |
80 | // each occurence of it should be enclosed by double quotes | 80 | // each occurrence of it should be enclosed by double quotes |
81 | in_quotes = false; | 81 | in_quotes = false; |
82 | for (j = 0; j < strlen(argv[i + index]); j++) { | 82 | for (j = 0; j < strlen(argv[i + index]); j++) { |
83 | // single quote | 83 | // single quote |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 2e921ad37..c66904c1b 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -359,7 +359,7 @@ extern int arg_private_bin; // private bin directory | |||
359 | extern int arg_private_tmp; // private tmp directory | 359 | extern int arg_private_tmp; // private tmp directory |
360 | extern int arg_private_lib; // private lib directory | 360 | extern int arg_private_lib; // private lib directory |
361 | extern int arg_scan; // arp-scan all interfaces | 361 | extern int arg_scan; // arp-scan all interfaces |
362 | extern int arg_whitelist; // whitelist commad | 362 | extern int arg_whitelist; // whitelist command |
363 | extern int arg_nosound; // disable sound | 363 | extern int arg_nosound; // disable sound |
364 | extern int arg_noautopulse; // disable automatic ~/.config/pulse init | 364 | extern int arg_noautopulse; // disable automatic ~/.config/pulse init |
365 | extern int arg_novideo; //disable video devices in /dev | 365 | extern int arg_novideo; //disable video devices in /dev |
@@ -380,7 +380,7 @@ extern char *arg_audit_prog; // audit | |||
380 | extern int arg_apparmor; // apparmor | 380 | extern int arg_apparmor; // apparmor |
381 | extern int arg_allow_debuggers; // allow debuggers | 381 | extern int arg_allow_debuggers; // allow debuggers |
382 | extern int arg_x11_block; // block X11 | 382 | extern int arg_x11_block; // block X11 |
383 | extern int arg_x11_xorg; // use X11 security extention | 383 | extern int arg_x11_xorg; // use X11 security extension |
384 | extern int arg_allusers; // all user home directories visible | 384 | extern int arg_allusers; // all user home directories visible |
385 | extern int arg_machineid; // preserve /etc/machine-id | 385 | extern int arg_machineid; // preserve /etc/machine-id |
386 | extern int arg_disable_mnt; // disable /mnt and /media | 386 | extern int arg_disable_mnt; // disable /mnt and /media |
@@ -437,7 +437,7 @@ void preproc_mount_mnt_dir(void); | |||
437 | void preproc_clean_run(void); | 437 | void preproc_clean_run(void); |
438 | 438 | ||
439 | // fs.c | 439 | // fs.c |
440 | // blacklist files or directoies by mounting empty files on top of them | 440 | // blacklist files or directories by mounting empty files on top of them |
441 | void fs_blacklist(void); | 441 | void fs_blacklist(void); |
442 | // remount a directory read-only | 442 | // remount a directory read-only |
443 | void fs_rdonly(const char *dir); | 443 | void fs_rdonly(const char *dir); |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 38af1fccf..ff920b913 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -72,7 +72,7 @@ static void disable_file(OPERATION op, const char *filename) { | |||
72 | if (fname == NULL && errno == EACCES) { | 72 | if (fname == NULL && errno == EACCES) { |
73 | if (arg_debug) | 73 | if (arg_debug) |
74 | printf("Debug: no access to file %s, forcing mount\n", filename); | 74 | printf("Debug: no access to file %s, forcing mount\n", filename); |
75 | // realpath and stat funtions will fail on FUSE filesystems | 75 | // realpath and stat functions will fail on FUSE filesystems |
76 | // they don't seem to like a uid of 0 | 76 | // they don't seem to like a uid of 0 |
77 | // force mounting | 77 | // force mounting |
78 | int rv = mount(RUN_RO_DIR, filename, "none", MS_BIND, "mode=400,gid=0"); | 78 | int rv = mount(RUN_RO_DIR, filename, "none", MS_BIND, "mode=400,gid=0"); |
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c index a607280a0..d2e9da022 100644 --- a/src/firejail/fs_lib.c +++ b/src/firejail/fs_lib.c | |||
@@ -114,7 +114,7 @@ void fslib_copy_libs(const char *full_path) { | |||
114 | if (chown(RUN_LIB_FILE, getuid(), getgid())) | 114 | if (chown(RUN_LIB_FILE, getuid(), getgid())) |
115 | errExit("chown"); | 115 | errExit("chown"); |
116 | 116 | ||
117 | // run fldd to extact the list of files | 117 | // run fldd to extract the list of files |
118 | if (arg_debug || arg_debug_private_lib) | 118 | if (arg_debug || arg_debug_private_lib) |
119 | printf(" running fldd %s\n", full_path); | 119 | printf(" running fldd %s\n", full_path); |
120 | sbox_run(SBOX_USER | SBOX_SECCOMP | SBOX_CAPS_NONE, 3, PATH_FLDD, full_path, RUN_LIB_FILE); | 120 | sbox_run(SBOX_USER | SBOX_SECCOMP | SBOX_CAPS_NONE, 3, PATH_FLDD, full_path, RUN_LIB_FILE); |
diff --git a/src/firejail/ls.c b/src/firejail/ls.c index 51370da60..164dc465a 100644 --- a/src/firejail/ls.c +++ b/src/firejail/ls.c | |||
@@ -353,7 +353,7 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { | |||
353 | exit(1); | 353 | exit(1); |
354 | } | 354 | } |
355 | 355 | ||
356 | // copy the temporary file into the destionation file | 356 | // copy the temporary file into the destination file |
357 | child = fork(); | 357 | child = fork(); |
358 | if (child < 0) | 358 | if (child < 0) |
359 | errExit("fork"); | 359 | errExit("fork"); |
@@ -428,7 +428,7 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { | |||
428 | exit(1); | 428 | exit(1); |
429 | } | 429 | } |
430 | 430 | ||
431 | // copy the temporary file into the destionation file | 431 | // copy the temporary file into the destination file |
432 | child = fork(); | 432 | child = fork(); |
433 | if (child < 0) | 433 | if (child < 0) |
434 | errExit("fork"); | 434 | errExit("fork"); |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 4eb92658c..f35b2a925 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -93,7 +93,7 @@ int arg_private_bin = 0; // private bin directory | |||
93 | int arg_private_tmp = 0; // private tmp directory | 93 | int arg_private_tmp = 0; // private tmp directory |
94 | int arg_private_lib = 0; // private lib directory | 94 | int arg_private_lib = 0; // private lib directory |
95 | int arg_scan = 0; // arp-scan all interfaces | 95 | int arg_scan = 0; // arp-scan all interfaces |
96 | int arg_whitelist = 0; // whitelist commad | 96 | int arg_whitelist = 0; // whitelist command |
97 | int arg_nosound = 0; // disable sound | 97 | int arg_nosound = 0; // disable sound |
98 | int arg_noautopulse = 0; // disable automatic ~/.config/pulse init | 98 | int arg_noautopulse = 0; // disable automatic ~/.config/pulse init |
99 | int arg_novideo = 0; //disable video devices in /dev | 99 | int arg_novideo = 0; //disable video devices in /dev |
@@ -114,7 +114,7 @@ char *arg_audit_prog = NULL; // audit | |||
114 | int arg_apparmor = 0; // apparmor | 114 | int arg_apparmor = 0; // apparmor |
115 | int arg_allow_debuggers = 0; // allow debuggers | 115 | int arg_allow_debuggers = 0; // allow debuggers |
116 | int arg_x11_block = 0; // block X11 | 116 | int arg_x11_block = 0; // block X11 |
117 | int arg_x11_xorg = 0; // use X11 security extention | 117 | int arg_x11_xorg = 0; // use X11 security extension |
118 | int arg_allusers = 0; // all user home directories visible | 118 | int arg_allusers = 0; // all user home directories visible |
119 | int arg_machineid = 0; // preserve /etc/machine-id | 119 | int arg_machineid = 0; // preserve /etc/machine-id |
120 | int arg_allow_private_blacklist = 0; // blacklist things in private directories | 120 | int arg_allow_private_blacklist = 0; // blacklist things in private directories |
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c index 7c5cc1df9..78322807b 100644 --- a/src/firejail/no_sandbox.c +++ b/src/firejail/no_sandbox.c | |||
@@ -190,7 +190,7 @@ void run_no_sandbox(int argc, char **argv) { | |||
190 | 190 | ||
191 | int prog_index = 0; | 191 | int prog_index = 0; |
192 | // find first non option arg: | 192 | // find first non option arg: |
193 | // - first argument not starting wiht --, | 193 | // - first argument not starting with --, |
194 | // - whatever follows after -c (example: firejail -c ls) | 194 | // - whatever follows after -c (example: firejail -c ls) |
195 | for (i = 1; i < argc; i++) { | 195 | for (i = 1; i < argc; i++) { |
196 | if (strcmp(argv[i], "-c") == 0) { | 196 | if (strcmp(argv[i], "-c") == 0) { |
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 9a15a06c8..c30ab5956 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -228,7 +228,7 @@ void x11_start_xvfb(int argc, char **argv) { | |||
228 | 228 | ||
229 | assert(xvfb_screen); | 229 | assert(xvfb_screen); |
230 | 230 | ||
231 | char *server_argv[256] = { // rest initialyzed to NULL | 231 | char *server_argv[256] = { // rest initialized to NULL |
232 | "Xvfb", display_str, "-screen", "0", xvfb_screen | 232 | "Xvfb", display_str, "-screen", "0", xvfb_screen |
233 | }; | 233 | }; |
234 | unsigned pos = 0; | 234 | unsigned pos = 0; |
@@ -418,7 +418,7 @@ void x11_start_xephyr(int argc, char **argv) { | |||
418 | pid_t jail = 0; | 418 | pid_t jail = 0; |
419 | pid_t server = 0; | 419 | pid_t server = 0; |
420 | 420 | ||
421 | // default xephyr screen can be overwriten by a --xephyr-screen= command line option | 421 | // default xephyr screen can be overwritten by a --xephyr-screen= command line option |
422 | char *newscreen = extract_setting(argc, argv, "--xephyr-screen="); | 422 | char *newscreen = extract_setting(argc, argv, "--xephyr-screen="); |
423 | if (newscreen) | 423 | if (newscreen) |
424 | xephyr_screen = newscreen; | 424 | xephyr_screen = newscreen; |
@@ -446,7 +446,7 @@ void x11_start_xephyr(int argc, char **argv) { | |||
446 | errExit("asprintf"); | 446 | errExit("asprintf"); |
447 | 447 | ||
448 | assert(xephyr_screen); | 448 | assert(xephyr_screen); |
449 | char *server_argv[256] = { // rest initialyzed to NULL | 449 | char *server_argv[256] = { // rest initialized to NULL |
450 | "Xephyr", "-ac", "-br", "-noreset", "-screen", xephyr_screen | 450 | "Xephyr", "-ac", "-br", "-noreset", "-screen", xephyr_screen |
451 | }; | 451 | }; |
452 | unsigned pos = 0; | 452 | unsigned pos = 0; |
@@ -627,7 +627,7 @@ void x11_start_xpra_old(int argc, char **argv, int display, char *display_str) { | |||
627 | pid_t server = 0; | 627 | pid_t server = 0; |
628 | 628 | ||
629 | // build the start command | 629 | // build the start command |
630 | char *server_argv[256] = { // rest initialyzed to NULL | 630 | char *server_argv[256] = { // rest initialized to NULL |
631 | "xpra", "start", display_str, "--no-daemon", | 631 | "xpra", "start", display_str, "--no-daemon", |
632 | }; | 632 | }; |
633 | unsigned pos = 0; | 633 | unsigned pos = 0; |
@@ -861,7 +861,7 @@ void x11_start_xpra_new(int argc, char **argv, char *display_str) { | |||
861 | pid_t server = 0; | 861 | pid_t server = 0; |
862 | 862 | ||
863 | // build the start command | 863 | // build the start command |
864 | char *server_argv[256] = { // rest initialyzed to NULL | 864 | char *server_argv[256] = { // rest initialized to NULL |
865 | "xpra", "start", display_str, "--daemon=no", "--attach=yes", "--exit-with-children=yes" | 865 | "xpra", "start", display_str, "--daemon=no", "--attach=yes", "--exit-with-children=yes" |
866 | }; | 866 | }; |
867 | unsigned spos = 0; | 867 | unsigned spos = 0; |
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c index 5b16191be..64d7d8f2d 100644 --- a/src/firemon/procevent.c +++ b/src/firemon/procevent.c | |||
@@ -385,7 +385,7 @@ static int procevent_monitor(const int sock, pid_t mypid) { | |||
385 | int add_new = 0; | 385 | int add_new = 0; |
386 | if (pids[pid].level < 0) // not a firejail process | 386 | if (pids[pid].level < 0) // not a firejail process |
387 | continue; | 387 | continue; |
388 | else if (pids[pid].level == 0) { // new porcess, do we track it? | 388 | else if (pids[pid].level == 0) { // new process, do we track it? |
389 | if (pid_is_firejail(pid) && mypid == 0) { | 389 | if (pid_is_firejail(pid) && mypid == 0) { |
390 | pids[pid].level = 1; | 390 | pids[pid].level = 1; |
391 | add_new = 1; | 391 | add_new = 1; |
diff --git a/src/fshaper/fshaper.sh b/src/fshaper/fshaper.sh index 470137895..30a07fb86 100755 --- a/src/fshaper/fshaper.sh +++ b/src/fshaper/fshaper.sh | |||
@@ -21,7 +21,7 @@ if [ "$1" = "--clear" ]; then | |||
21 | fi | 21 | fi |
22 | 22 | ||
23 | DEV=$2 | 23 | DEV=$2 |
24 | echo "Removing bandwith limits" | 24 | echo "Removing bandwidth limits" |
25 | /sbin/tc qdisc del dev $DEV root 2> /dev/null > /dev/null | 25 | /sbin/tc qdisc del dev $DEV root 2> /dev/null > /dev/null |
26 | /sbin/tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null | 26 | /sbin/tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null |
27 | exit | 27 | exit |
@@ -30,7 +30,7 @@ fi | |||
30 | 30 | ||
31 | if [ "$1" = "--set" ]; then | 31 | if [ "$1" = "--set" ]; then |
32 | DEV=$2 | 32 | DEV=$2 |
33 | echo "Removing bandwith limit" | 33 | echo "Removing bandwidth limit" |
34 | /sbin/tc qdisc del dev $DEV ingress #2> /dev/null > /dev/null | 34 | /sbin/tc qdisc del dev $DEV ingress #2> /dev/null > /dev/null |
35 | 35 | ||
36 | if [ $# -ne 4 ]; then | 36 | if [ $# -ne 4 ]; then |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 251346bd5..4e22796c9 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -275,7 +275,7 @@ Build a new /lib directory and bring in the libraries required by the applicatio | |||
275 | This feature is still under development, see \fBman 1 firejail\fR for some examples. | 275 | This feature is still under development, see \fBman 1 firejail\fR for some examples. |
276 | .TP | 276 | .TP |
277 | \fBprivate-opt file,directory | 277 | \fBprivate-opt file,directory |
278 | Build a new /optin a temporary | 278 | Build a new /opt in a temporary |
279 | filesystem, and copy the files and directories in the list. | 279 | filesystem, and copy the files and directories in the list. |
280 | All modifications are discarded when the sandbox is closed. | 280 | All modifications are discarded when the sandbox is closed. |
281 | .TP | 281 | .TP |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 2fe2e8bfa..8898c6791 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1712,7 +1712,7 @@ vm86, vm86old, vmsplice and vserver. | |||
1712 | To help creating useful seccomp filters more easily, the following | 1712 | To help creating useful seccomp filters more easily, the following |
1713 | system call groups are defined: @clock, @cpu-emulation, @debug, | 1713 | system call groups are defined: @clock, @cpu-emulation, @debug, |
1714 | @default, @default-nodebuggers, @default-keep, @module, @obsolete, | 1714 | @default, @default-nodebuggers, @default-keep, @module, @obsolete, |
1715 | @privileged, @raw-io, @reboot, @resources and @swap. In addtion, a | 1715 | @privileged, @raw-io, @reboot, @resources and @swap. In addition, a |
1716 | system call can be specified by its number instead of name with prefix | 1716 | system call can be specified by its number instead of name with prefix |
1717 | $, so for example $165 would be equal to mount on i386. | 1717 | $, so for example $165 would be equal to mount on i386. |
1718 | 1718 | ||
diff --git a/src/tools/testuid.c b/src/tools/testuid.c index 633b9773e..51395a98d 100644 --- a/src/tools/testuid.c +++ b/src/tools/testuid.c | |||
@@ -30,7 +30,7 @@ | |||
30 | static void print_status(void) { | 30 | static void print_status(void) { |
31 | FILE *fp = fopen("/proc/self/status", "r"); | 31 | FILE *fp = fopen("/proc/self/status", "r"); |
32 | if (!fp) { | 32 | if (!fp) { |
33 | fprintf(stderr, "Error, cannot open staus file\n"); | 33 | fprintf(stderr, "Error, cannot open status file\n"); |
34 | exit(1); | 34 | exit(1); |
35 | } | 35 | } |
36 | 36 | ||
diff --git a/test/network/README b/test/network/README index 4404c53b0..1e215b41e 100644 --- a/test/network/README +++ b/test/network/README | |||
@@ -1,7 +1,7 @@ | |||
1 | Warning: this test requires root access to configure a number of bridge, mac | 1 | Warning: this test requires root access to configure a number of bridge, mac |
2 | and vlan devices. Please take a look at configure file. By the time you are | 2 | and vlan devices. Please take a look at configure file. By the time you are |
3 | finished testing, you'll probably have to reboot the computer to get your | 3 | finished testing, you'll probably have to reboot the computer to get your |
4 | networking subsytem back to normal. | 4 | networking subsystem back to normal. |
5 | 5 | ||
6 | Limitations - to be investigated and fixed: | 6 | Limitations - to be investigated and fixed: |
7 | - the test is assuming an eth0 wired interface to be present | 7 | - the test is assuming an eth0 wired interface to be present |
diff --git a/test/network/bandwidth.exp b/test/network/bandwidth.exp index ff293a569..8f4e39022 100755 --- a/test/network/bandwidth.exp +++ b/test/network/bandwidth.exp | |||
@@ -50,7 +50,7 @@ sleep 1 | |||
50 | send -- "firejail --bandwidth=test clear br0\r" | 50 | send -- "firejail --bandwidth=test clear br0\r" |
51 | expect { | 51 | expect { |
52 | timeout {puts "TESTING ERROR 7\n";exit} | 52 | timeout {puts "TESTING ERROR 7\n";exit} |
53 | "Removing bandwith limits" | 53 | "Removing bandwidth limits" |
54 | } | 54 | } |
55 | sleep 1 | 55 | sleep 1 |
56 | 56 | ||