diff options
-rw-r--r-- | src/firejail/seccomp.c | 5 | ||||
-rwxr-xr-x | test/seccomp-print.exp | 33 | ||||
-rwxr-xr-x | test/test.sh | 3 |
3 files changed, 39 insertions, 2 deletions
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c index 43b849ecf..7108b5a05 100644 --- a/src/firejail/seccomp.c +++ b/src/firejail/seccomp.c | |||
@@ -816,9 +816,11 @@ void seccomp_print_filter_name(const char *name) { | |||
816 | 816 | ||
817 | void seccomp_print_filter(pid_t pid) { | 817 | void seccomp_print_filter(pid_t pid) { |
818 | EUID_ASSERT(); | 818 | EUID_ASSERT(); |
819 | 819 | ||
820 | // if the pid is that of a firejail process, use the pid of the first child process | 820 | // if the pid is that of a firejail process, use the pid of the first child process |
821 | EUID_ROOT(); | ||
821 | char *comm = pid_proc_comm(pid); | 822 | char *comm = pid_proc_comm(pid); |
823 | EUID_USER(); | ||
822 | if (comm) { | 824 | if (comm) { |
823 | if (strcmp(comm, "firejail") == 0) { | 825 | if (strcmp(comm, "firejail") == 0) { |
824 | pid_t child; | 826 | pid_t child; |
@@ -839,7 +841,6 @@ void seccomp_print_filter(pid_t pid) { | |||
839 | } | 841 | } |
840 | } | 842 | } |
841 | 843 | ||
842 | |||
843 | // find the seccomp filter | 844 | // find the seccomp filter |
844 | EUID_ROOT(); | 845 | EUID_ROOT(); |
845 | char *fname; | 846 | char *fname; |
diff --git a/test/seccomp-print.exp b/test/seccomp-print.exp new file mode 100755 index 000000000..b4e6ed35e --- /dev/null +++ b/test/seccomp-print.exp | |||
@@ -0,0 +1,33 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --name=test\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 2 | ||
13 | |||
14 | spawn $env(SHELL) | ||
15 | send -- "firejail --seccomp.print=test\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
18 | "EXAMINE_SYSCAL" | ||
19 | } | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 2\n";exit} | ||
22 | "init_module" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3\n";exit} | ||
26 | "delete_module" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 4\n";exit} | ||
30 | "RETURN_ALLOW" | ||
31 | } | ||
32 | sleep 1 | ||
33 | puts "\nall done\n" | ||
diff --git a/test/test.sh b/test/test.sh index 99ca4287d..34a079d07 100755 --- a/test/test.sh +++ b/test/test.sh | |||
@@ -9,6 +9,9 @@ | |||
9 | echo "TESTING: caps.print (caps-print.exp) | 9 | echo "TESTING: caps.print (caps-print.exp) |
10 | ./caps-print.exp | 10 | ./caps-print.exp |
11 | 11 | ||
12 | echo "TESTING: seccomp.print (seccomp-print.exp) | ||
13 | ./seccomp-print.exp | ||
14 | |||
12 | echo "TESTING: sound (sound.exp)" | 15 | echo "TESTING: sound (sound.exp)" |
13 | ./sound.exp | 16 | ./sound.exp |
14 | 17 | ||