diff options
-rw-r--r-- | src/firejail/sandbox.c | 5 | ||||
-rw-r--r-- | src/firejail/util.c | 5 | ||||
-rwxr-xr-x | test/test.sh | 14 |
3 files changed, 14 insertions, 10 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index d43e1dac1..c51dcf927 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -643,14 +643,15 @@ int sandbox(void* sandbox_arg) { | |||
643 | if (arg_noroot) { | 643 | if (arg_noroot) { |
644 | int rv = unshare(CLONE_NEWUSER); | 644 | int rv = unshare(CLONE_NEWUSER); |
645 | if (rv == -1) { | 645 | if (rv == -1) { |
646 | fprintf(stderr, "Error: cannot mount a new user namespace\n"); | 646 | fprintf(stderr, "Warning: cannot mount a new user namespace, going forward without it\n"); |
647 | perror("unshare"); | 647 | perror("unshare"); |
648 | drop_privs(arg_nogroups); | 648 | drop_privs(arg_nogroups); |
649 | arg_noroot = 0; | ||
649 | } | 650 | } |
650 | } | 651 | } |
651 | else | 652 | else |
652 | drop_privs(arg_nogroups); | 653 | drop_privs(arg_nogroups); |
653 | 654 | ||
654 | // notify parent that new user namespace has been created so a proper | 655 | // notify parent that new user namespace has been created so a proper |
655 | // UID/GID map can be setup | 656 | // UID/GID map can be setup |
656 | notify_other(child_to_parent_fds[1]); | 657 | notify_other(child_to_parent_fds[1]); |
diff --git a/src/firejail/util.c b/src/firejail/util.c index c62f4285c..04b564370 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -513,6 +513,9 @@ void wait_for_other(int fd) { | |||
513 | fprintf(stderr, "Error: cannot establish communication with the parent, exiting...\n"); | 513 | fprintf(stderr, "Error: cannot establish communication with the parent, exiting...\n"); |
514 | exit(1); | 514 | exit(1); |
515 | } | 515 | } |
516 | if (strcmp(childstr, "arg_noroot=0") == 0) | ||
517 | arg_noroot = 0; | ||
518 | |||
516 | fclose(stream); | 519 | fclose(stream); |
517 | } | 520 | } |
518 | 521 | ||
@@ -523,7 +526,7 @@ void notify_other(int fd) { | |||
523 | if (newfd == -1) | 526 | if (newfd == -1) |
524 | errExit("dup"); | 527 | errExit("dup"); |
525 | stream = fdopen(newfd, "w"); | 528 | stream = fdopen(newfd, "w"); |
526 | fprintf(stream, "%u\n", getpid()); | 529 | fprintf(stream, "arg_noroot=%d\n", arg_noroot); |
527 | fflush(stream); | 530 | fflush(stream); |
528 | fclose(stream); | 531 | fclose(stream); |
529 | } | 532 | } |
diff --git a/test/test.sh b/test/test.sh index 0ef816717..cb3cd728a 100755 --- a/test/test.sh +++ b/test/test.sh | |||
@@ -61,7 +61,7 @@ echo "TESTING: version (option_version.exp)" | |||
61 | echo "TESTING: help (option_help.exp)" | 61 | echo "TESTING: help (option_help.exp)" |
62 | ./option_help.exp | 62 | ./option_help.exp |
63 | 63 | ||
64 | echo "TESTING: man (opton_man.exp)" | 64 | echo "TESTING: man (option_man.exp)" |
65 | ./option_man.exp | 65 | ./option_man.exp |
66 | 66 | ||
67 | echo "TESTING: list (option_list.exp)" | 67 | echo "TESTING: list (option_list.exp)" |
@@ -105,13 +105,13 @@ echo "TESTING: rlimit (option_rlimit.exp)" | |||
105 | echo "TESTING: shutdown (option_shutdown.exp)" | 105 | echo "TESTING: shutdown (option_shutdown.exp)" |
106 | ./option-shutdown.exp | 106 | ./option-shutdown.exp |
107 | 107 | ||
108 | echo "TESTING: join (opton-join.exp)" | 108 | echo "TESTING: join (option-join.exp)" |
109 | ./option-join.exp | 109 | ./option-join.exp |
110 | 110 | ||
111 | echo "TESTING: join2 (opton-join2.exp)" | 111 | echo "TESTING: join2 (option-join2.exp)" |
112 | ./option-join2.exp | 112 | ./option-join2.exp |
113 | 113 | ||
114 | echo "TESTING: join3 (opton-join3.exp)" | 114 | echo "TESTING: join3 (option-join3.exp)" |
115 | ./option-join3.exp | 115 | ./option-join3.exp |
116 | 116 | ||
117 | echo "TESTING: join profile (option-join-profile.exp)" | 117 | echo "TESTING: join profile (option-join-profile.exp)" |
@@ -123,13 +123,13 @@ echo "TESTING: firejail in firejail - single sandbox (firejail-in-firejail.exp)" | |||
123 | echo "TESTING: firejail in firejail - force new sandbox (firejail-in-firejail2.exp)" | 123 | echo "TESTING: firejail in firejail - force new sandbox (firejail-in-firejail2.exp)" |
124 | ./firejail-in-firejail2.exp | 124 | ./firejail-in-firejail2.exp |
125 | 125 | ||
126 | echo "TESTING: chroot overlay (opton_chroot_overlay.exp)" | 126 | echo "TESTING: chroot overlay (option_chroot_overlay.exp)" |
127 | ./option_chroot_overlay.exp | 127 | ./option_chroot_overlay.exp |
128 | 128 | ||
129 | echo "TESTING: blacklist directory (option_blacklist.exp)" | 129 | echo "TESTING: blacklist directory (option_blacklist.exp)" |
130 | ./option_blacklist.exp | 130 | ./option_blacklist.exp |
131 | 131 | ||
132 | echo "TESTING: blacklist file (opton_blacklist_file.exp)" | 132 | echo "TESTING: blacklist file (opiton_blacklist_file.exp)" |
133 | ./option_blacklist_file.exp | 133 | ./option_blacklist_file.exp |
134 | 134 | ||
135 | echo "TESTING: bind as user (option_bind_user.exp)" | 135 | echo "TESTING: bind as user (option_bind_user.exp)" |
@@ -137,7 +137,7 @@ echo "TESTING: bind as user (option_bind_user.exp)" | |||
137 | 137 | ||
138 | if [ -d /home/bingo ]; | 138 | if [ -d /home/bingo ]; |
139 | then | 139 | then |
140 | echo "TESTING: home sanitize (opton_version.exp)" | 140 | echo "TESTING: home sanitize (opiton_version.exp)" |
141 | ./option_version.exp | 141 | ./option_version.exp |
142 | fi | 142 | fi |
143 | 143 | ||