diff options
| -rw-r--r-- | src/firejail/sandbox.c | 5 | ||||
| -rw-r--r-- | src/firejail/util.c | 5 | ||||
| -rwxr-xr-x | test/test.sh | 14 |
3 files changed, 14 insertions, 10 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index d43e1dac1..c51dcf927 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
| @@ -643,14 +643,15 @@ int sandbox(void* sandbox_arg) { | |||
| 643 | if (arg_noroot) { | 643 | if (arg_noroot) { |
| 644 | int rv = unshare(CLONE_NEWUSER); | 644 | int rv = unshare(CLONE_NEWUSER); |
| 645 | if (rv == -1) { | 645 | if (rv == -1) { |
| 646 | fprintf(stderr, "Error: cannot mount a new user namespace\n"); | 646 | fprintf(stderr, "Warning: cannot mount a new user namespace, going forward without it\n"); |
| 647 | perror("unshare"); | 647 | perror("unshare"); |
| 648 | drop_privs(arg_nogroups); | 648 | drop_privs(arg_nogroups); |
| 649 | arg_noroot = 0; | ||
| 649 | } | 650 | } |
| 650 | } | 651 | } |
| 651 | else | 652 | else |
| 652 | drop_privs(arg_nogroups); | 653 | drop_privs(arg_nogroups); |
| 653 | 654 | ||
| 654 | // notify parent that new user namespace has been created so a proper | 655 | // notify parent that new user namespace has been created so a proper |
| 655 | // UID/GID map can be setup | 656 | // UID/GID map can be setup |
| 656 | notify_other(child_to_parent_fds[1]); | 657 | notify_other(child_to_parent_fds[1]); |
diff --git a/src/firejail/util.c b/src/firejail/util.c index c62f4285c..04b564370 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
| @@ -513,6 +513,9 @@ void wait_for_other(int fd) { | |||
| 513 | fprintf(stderr, "Error: cannot establish communication with the parent, exiting...\n"); | 513 | fprintf(stderr, "Error: cannot establish communication with the parent, exiting...\n"); |
| 514 | exit(1); | 514 | exit(1); |
| 515 | } | 515 | } |
| 516 | if (strcmp(childstr, "arg_noroot=0") == 0) | ||
| 517 | arg_noroot = 0; | ||
| 518 | |||
| 516 | fclose(stream); | 519 | fclose(stream); |
| 517 | } | 520 | } |
| 518 | 521 | ||
| @@ -523,7 +526,7 @@ void notify_other(int fd) { | |||
| 523 | if (newfd == -1) | 526 | if (newfd == -1) |
| 524 | errExit("dup"); | 527 | errExit("dup"); |
| 525 | stream = fdopen(newfd, "w"); | 528 | stream = fdopen(newfd, "w"); |
| 526 | fprintf(stream, "%u\n", getpid()); | 529 | fprintf(stream, "arg_noroot=%d\n", arg_noroot); |
| 527 | fflush(stream); | 530 | fflush(stream); |
| 528 | fclose(stream); | 531 | fclose(stream); |
| 529 | } | 532 | } |
diff --git a/test/test.sh b/test/test.sh index 0ef816717..cb3cd728a 100755 --- a/test/test.sh +++ b/test/test.sh | |||
| @@ -61,7 +61,7 @@ echo "TESTING: version (option_version.exp)" | |||
| 61 | echo "TESTING: help (option_help.exp)" | 61 | echo "TESTING: help (option_help.exp)" |
| 62 | ./option_help.exp | 62 | ./option_help.exp |
| 63 | 63 | ||
| 64 | echo "TESTING: man (opton_man.exp)" | 64 | echo "TESTING: man (option_man.exp)" |
| 65 | ./option_man.exp | 65 | ./option_man.exp |
| 66 | 66 | ||
| 67 | echo "TESTING: list (option_list.exp)" | 67 | echo "TESTING: list (option_list.exp)" |
| @@ -105,13 +105,13 @@ echo "TESTING: rlimit (option_rlimit.exp)" | |||
| 105 | echo "TESTING: shutdown (option_shutdown.exp)" | 105 | echo "TESTING: shutdown (option_shutdown.exp)" |
| 106 | ./option-shutdown.exp | 106 | ./option-shutdown.exp |
| 107 | 107 | ||
| 108 | echo "TESTING: join (opton-join.exp)" | 108 | echo "TESTING: join (option-join.exp)" |
| 109 | ./option-join.exp | 109 | ./option-join.exp |
| 110 | 110 | ||
| 111 | echo "TESTING: join2 (opton-join2.exp)" | 111 | echo "TESTING: join2 (option-join2.exp)" |
| 112 | ./option-join2.exp | 112 | ./option-join2.exp |
| 113 | 113 | ||
| 114 | echo "TESTING: join3 (opton-join3.exp)" | 114 | echo "TESTING: join3 (option-join3.exp)" |
| 115 | ./option-join3.exp | 115 | ./option-join3.exp |
| 116 | 116 | ||
| 117 | echo "TESTING: join profile (option-join-profile.exp)" | 117 | echo "TESTING: join profile (option-join-profile.exp)" |
| @@ -123,13 +123,13 @@ echo "TESTING: firejail in firejail - single sandbox (firejail-in-firejail.exp)" | |||
| 123 | echo "TESTING: firejail in firejail - force new sandbox (firejail-in-firejail2.exp)" | 123 | echo "TESTING: firejail in firejail - force new sandbox (firejail-in-firejail2.exp)" |
| 124 | ./firejail-in-firejail2.exp | 124 | ./firejail-in-firejail2.exp |
| 125 | 125 | ||
| 126 | echo "TESTING: chroot overlay (opton_chroot_overlay.exp)" | 126 | echo "TESTING: chroot overlay (option_chroot_overlay.exp)" |
| 127 | ./option_chroot_overlay.exp | 127 | ./option_chroot_overlay.exp |
| 128 | 128 | ||
| 129 | echo "TESTING: blacklist directory (option_blacklist.exp)" | 129 | echo "TESTING: blacklist directory (option_blacklist.exp)" |
| 130 | ./option_blacklist.exp | 130 | ./option_blacklist.exp |
| 131 | 131 | ||
| 132 | echo "TESTING: blacklist file (opton_blacklist_file.exp)" | 132 | echo "TESTING: blacklist file (opiton_blacklist_file.exp)" |
| 133 | ./option_blacklist_file.exp | 133 | ./option_blacklist_file.exp |
| 134 | 134 | ||
| 135 | echo "TESTING: bind as user (option_bind_user.exp)" | 135 | echo "TESTING: bind as user (option_bind_user.exp)" |
| @@ -137,7 +137,7 @@ echo "TESTING: bind as user (option_bind_user.exp)" | |||
| 137 | 137 | ||
| 138 | if [ -d /home/bingo ]; | 138 | if [ -d /home/bingo ]; |
| 139 | then | 139 | then |
| 140 | echo "TESTING: home sanitize (opton_version.exp)" | 140 | echo "TESTING: home sanitize (opiton_version.exp)" |
| 141 | ./option_version.exp | 141 | ./option_version.exp |
| 142 | fi | 142 | fi |
| 143 | 143 | ||