diff options
Diffstat (limited to 'src/faudit/seccomp.c')
| -rw-r--r-- | src/faudit/seccomp.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/src/faudit/seccomp.c b/src/faudit/seccomp.c index 1c188aa45..2e9665fd9 100644 --- a/src/faudit/seccomp.c +++ b/src/faudit/seccomp.c | |||
| @@ -24,7 +24,7 @@ static int extract_seccomp(int *val) { | |||
| 24 | FILE *fp = fopen("/proc/self/status", "r"); | 24 | FILE *fp = fopen("/proc/self/status", "r"); |
| 25 | if (!fp) | 25 | if (!fp) |
| 26 | return 1; | 26 | return 1; |
| 27 | 27 | ||
| 28 | char buf[MAXBUF]; | 28 | char buf[MAXBUF]; |
| 29 | while (fgets(buf, MAXBUF, fp)) { | 29 | while (fgets(buf, MAXBUF, fp)) { |
| 30 | if (strncmp(buf, "Seccomp:\t", 8) == 0) { | 30 | if (strncmp(buf, "Seccomp:\t", 8) == 0) { |
| @@ -44,12 +44,12 @@ static int extract_seccomp(int *val) { | |||
| 44 | void seccomp_test(void) { | 44 | void seccomp_test(void) { |
| 45 | int seccomp_status; | 45 | int seccomp_status; |
| 46 | int rv = extract_seccomp(&seccomp_status); | 46 | int rv = extract_seccomp(&seccomp_status); |
| 47 | 47 | ||
| 48 | if (rv) { | 48 | if (rv) { |
| 49 | printf("INFO: cannot extract seccomp configuration on this platform.\n"); | 49 | printf("INFO: cannot extract seccomp configuration on this platform.\n"); |
| 50 | return; | 50 | return; |
| 51 | } | 51 | } |
| 52 | 52 | ||
| 53 | if (seccomp_status == 0) { | 53 | if (seccomp_status == 0) { |
| 54 | printf("BAD: seccomp disabled. Use \"firejail --seccomp\" to enable it.\n"); | 54 | printf("BAD: seccomp disabled. Use \"firejail --seccomp\" to enable it.\n"); |
| 55 | } | 55 | } |
| @@ -67,10 +67,10 @@ void seccomp_test(void) { | |||
| 67 | 67 | ||
| 68 | printf("ptrace... "); fflush(0); | 68 | printf("ptrace... "); fflush(0); |
| 69 | syscall_run("ptrace"); | 69 | syscall_run("ptrace"); |
| 70 | 70 | ||
| 71 | printf("swapon... "); fflush(0); | 71 | printf("swapon... "); fflush(0); |
| 72 | syscall_run("swapon"); | 72 | syscall_run("swapon"); |
| 73 | 73 | ||
| 74 | printf("swapoff... "); fflush(0); | 74 | printf("swapoff... "); fflush(0); |
| 75 | syscall_run("swapoff"); | 75 | syscall_run("swapoff"); |
| 76 | 76 | ||
| @@ -79,20 +79,20 @@ void seccomp_test(void) { | |||
| 79 | 79 | ||
| 80 | printf("delete_module... "); fflush(0); | 80 | printf("delete_module... "); fflush(0); |
| 81 | syscall_run("delete_module"); | 81 | syscall_run("delete_module"); |
| 82 | 82 | ||
| 83 | printf("chroot... "); fflush(0); | 83 | printf("chroot... "); fflush(0); |
| 84 | syscall_run("chroot"); | 84 | syscall_run("chroot"); |
| 85 | 85 | ||
| 86 | printf("pivot_root... "); fflush(0); | 86 | printf("pivot_root... "); fflush(0); |
| 87 | syscall_run("pivot_root"); | 87 | syscall_run("pivot_root"); |
| 88 | 88 | ||
| 89 | #if defined(__i386__) || defined(__x86_64__) | 89 | #if defined(__i386__) || defined(__x86_64__) |
| 90 | printf("iopl... "); fflush(0); | 90 | printf("iopl... "); fflush(0); |
| 91 | syscall_run("iopl"); | 91 | syscall_run("iopl"); |
| 92 | 92 | ||
| 93 | printf("ioperm... "); fflush(0); | 93 | printf("ioperm... "); fflush(0); |
| 94 | syscall_run("ioperm"); | 94 | syscall_run("ioperm"); |
| 95 | #endif | 95 | #endif |
| 96 | printf("\n"); | 96 | printf("\n"); |
| 97 | } | 97 | } |
| 98 | else | 98 | else |