diff options
Diffstat (limited to 'src/faudit')
-rw-r--r-- | src/faudit/Makefile.in | 1 | ||||
-rw-r--r-- | src/faudit/caps.c | 13 | ||||
-rw-r--r-- | src/faudit/dbus.c | 13 | ||||
-rw-r--r-- | src/faudit/dev.c | 6 | ||||
-rw-r--r-- | src/faudit/files.c | 12 | ||||
-rw-r--r-- | src/faudit/main.c | 18 | ||||
-rw-r--r-- | src/faudit/network.c | 16 | ||||
-rw-r--r-- | src/faudit/pid.c | 12 | ||||
-rw-r--r-- | src/faudit/seccomp.c | 20 | ||||
-rw-r--r-- | src/faudit/syscall.c | 6 | ||||
-rw-r--r-- | src/faudit/x11.c | 4 |
11 files changed, 58 insertions, 63 deletions
diff --git a/src/faudit/Makefile.in b/src/faudit/Makefile.in index 995a0bf49..ec36ca80c 100644 --- a/src/faudit/Makefile.in +++ b/src/faudit/Makefile.in | |||
@@ -22,4 +22,3 @@ clean:; rm -f *.o faudit | |||
22 | 22 | ||
23 | distclean: clean | 23 | distclean: clean |
24 | rm -fr Makefile | 24 | rm -fr Makefile |
25 | |||
diff --git a/src/faudit/caps.c b/src/faudit/caps.c index b200c6792..d4a98676c 100644 --- a/src/faudit/caps.c +++ b/src/faudit/caps.c | |||
@@ -26,7 +26,7 @@ static int extract_caps(uint64_t *val) { | |||
26 | FILE *fp = fopen("/proc/self/status", "r"); | 26 | FILE *fp = fopen("/proc/self/status", "r"); |
27 | if (!fp) | 27 | if (!fp) |
28 | return 1; | 28 | return 1; |
29 | 29 | ||
30 | char buf[MAXBUF]; | 30 | char buf[MAXBUF]; |
31 | while (fgets(buf, MAXBUF, fp)) { | 31 | while (fgets(buf, MAXBUF, fp)) { |
32 | if (strncmp(buf, "CapBnd:\t", 8) == 0) { | 32 | if (strncmp(buf, "CapBnd:\t", 8) == 0) { |
@@ -47,7 +47,7 @@ static int extract_caps(uint64_t *val) { | |||
47 | static int check_capability(uint64_t map, int cap) { | 47 | static int check_capability(uint64_t map, int cap) { |
48 | int i; | 48 | int i; |
49 | uint64_t mask = 1ULL; | 49 | uint64_t mask = 1ULL; |
50 | 50 | ||
51 | for (i = 0; i < 64; i++, mask <<= 1) { | 51 | for (i = 0; i < 64; i++, mask <<= 1) { |
52 | if ((i == cap) && (mask & map)) | 52 | if ((i == cap) && (mask & map)) |
53 | return 1; | 53 | return 1; |
@@ -58,22 +58,21 @@ static int check_capability(uint64_t map, int cap) { | |||
58 | 58 | ||
59 | void caps_test(void) { | 59 | void caps_test(void) { |
60 | uint64_t caps_val; | 60 | uint64_t caps_val; |
61 | 61 | ||
62 | if (extract_caps(&caps_val)) { | 62 | if (extract_caps(&caps_val)) { |
63 | printf("SKIP: cannot extract capabilities on this platform.\n"); | 63 | printf("SKIP: cannot extract capabilities on this platform.\n"); |
64 | return; | 64 | return; |
65 | } | 65 | } |
66 | 66 | ||
67 | if (caps_val) { | 67 | if (caps_val) { |
68 | printf("BAD: the capability map is %llx, it should be all zero. ", (unsigned long long) caps_val); | 68 | printf("BAD: the capability map is %llx, it should be all zero. ", (unsigned long long) caps_val); |
69 | printf("Use \"firejail --caps.drop=all\" to fix it.\n"); | 69 | printf("Use \"firejail --caps.drop=all\" to fix it.\n"); |
70 | 70 | ||
71 | if (check_capability(caps_val, CAP_SYS_ADMIN)) | 71 | if (check_capability(caps_val, CAP_SYS_ADMIN)) |
72 | printf("UGLY: CAP_SYS_ADMIN is enabled.\n"); | 72 | printf("UGLY: CAP_SYS_ADMIN is enabled.\n"); |
73 | if (check_capability(caps_val, CAP_SYS_BOOT)) | 73 | if (check_capability(caps_val, CAP_SYS_BOOT)) |
74 | printf("UGLY: CAP_SYS_BOOT is enabled.\n"); | 74 | printf("UGLY: CAP_SYS_BOOT is enabled.\n"); |
75 | } | 75 | } |
76 | else | 76 | else |
77 | printf("GOOD: all capabilities are disabled.\n"); | 77 | printf("GOOD: all capabilities are disabled.\n"); |
78 | } | 78 | } |
79 | |||
diff --git a/src/faudit/dbus.c b/src/faudit/dbus.c index 1b1fbb817..54300c9b8 100644 --- a/src/faudit/dbus.c +++ b/src/faudit/dbus.c | |||
@@ -28,7 +28,7 @@ int check_unix(const char *sockfile) { | |||
28 | 28 | ||
29 | // open socket | 29 | // open socket |
30 | int sock = socket(AF_UNIX, SOCK_STREAM, 0); | 30 | int sock = socket(AF_UNIX, SOCK_STREAM, 0); |
31 | if (sock == -1) | 31 | if (sock == -1) |
32 | return rv; | 32 | return rv; |
33 | 33 | ||
34 | // connect | 34 | // connect |
@@ -41,7 +41,7 @@ int check_unix(const char *sockfile) { | |||
41 | remote.sun_path[0] = '\0'; | 41 | remote.sun_path[0] = '\0'; |
42 | if (connect(sock, (struct sockaddr *)&remote, len) == 0) | 42 | if (connect(sock, (struct sockaddr *)&remote, len) == 0) |
43 | rv = 0; | 43 | rv = 0; |
44 | 44 | ||
45 | close(sock); | 45 | close(sock); |
46 | return rv; | 46 | return rv; |
47 | } | 47 | } |
@@ -60,7 +60,7 @@ void dbus_test(void) { | |||
60 | *sockfile = '@'; | 60 | *sockfile = '@'; |
61 | char *ptr = strchr(sockfile, ','); | 61 | char *ptr = strchr(sockfile, ','); |
62 | if (ptr) | 62 | if (ptr) |
63 | *ptr = '\0'; | 63 | *ptr = '\0'; |
64 | rv = check_unix(sockfile); | 64 | rv = check_unix(sockfile); |
65 | *sockfile = '@'; | 65 | *sockfile = '@'; |
66 | if (rv == 0) | 66 | if (rv == 0) |
@@ -83,13 +83,10 @@ void dbus_test(void) { | |||
83 | printf("UGLY: session bus configured for TCP communication.\n"); | 83 | printf("UGLY: session bus configured for TCP communication.\n"); |
84 | else | 84 | else |
85 | printf("GOOD: cannot find a D-Bus socket\n"); | 85 | printf("GOOD: cannot find a D-Bus socket\n"); |
86 | 86 | ||
87 | 87 | ||
88 | free(bus); | 88 | free(bus); |
89 | } | 89 | } |
90 | else | 90 | else |
91 | printf("GOOD: DBUS_SESSION_BUS_ADDRESS environment variable not configured."); | 91 | printf("GOOD: DBUS_SESSION_BUS_ADDRESS environment variable not configured."); |
92 | } | 92 | } |
93 | |||
94 | |||
95 | |||
diff --git a/src/faudit/dev.c b/src/faudit/dev.c index 74adbca9c..6bafaf93e 100644 --- a/src/faudit/dev.c +++ b/src/faudit/dev.c | |||
@@ -26,19 +26,19 @@ void dev_test(void) { | |||
26 | fprintf(stderr, "Error: cannot open /dev directory\n"); | 26 | fprintf(stderr, "Error: cannot open /dev directory\n"); |
27 | return; | 27 | return; |
28 | } | 28 | } |
29 | 29 | ||
30 | struct dirent *entry; | 30 | struct dirent *entry; |
31 | printf("INFO: files visible in /dev directory: "); | 31 | printf("INFO: files visible in /dev directory: "); |
32 | int cnt = 0; | 32 | int cnt = 0; |
33 | while ((entry = readdir(dir)) != NULL) { | 33 | while ((entry = readdir(dir)) != NULL) { |
34 | if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0) | 34 | if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0) |
35 | continue; | 35 | continue; |
36 | 36 | ||
37 | printf("%s, ", entry->d_name); | 37 | printf("%s, ", entry->d_name); |
38 | cnt++; | 38 | cnt++; |
39 | } | 39 | } |
40 | printf("\n"); | 40 | printf("\n"); |
41 | 41 | ||
42 | if (cnt > 20) | 42 | if (cnt > 20) |
43 | printf("MAYBE: /dev directory seems to be fully populated. Use --private-dev or --whitelist to restrict the access.\n"); | 43 | printf("MAYBE: /dev directory seems to be fully populated. Use --private-dev or --whitelist to restrict the access.\n"); |
44 | else | 44 | else |
diff --git a/src/faudit/files.c b/src/faudit/files.c index 46256f5f0..aa5b3aafb 100644 --- a/src/faudit/files.c +++ b/src/faudit/files.c | |||
@@ -26,7 +26,7 @@ static char *homedir = NULL; | |||
26 | 26 | ||
27 | static void check_home_file(const char *name) { | 27 | static void check_home_file(const char *name) { |
28 | assert(homedir); | 28 | assert(homedir); |
29 | 29 | ||
30 | char *fname; | 30 | char *fname; |
31 | if (asprintf(&fname, "%s/%s", homedir, name) == -1) | 31 | if (asprintf(&fname, "%s/%s", homedir, name) == -1) |
32 | errExit("asprintf"); | 32 | errExit("asprintf"); |
@@ -37,7 +37,7 @@ static void check_home_file(const char *name) { | |||
37 | } | 37 | } |
38 | else | 38 | else |
39 | printf("GOOD: I cannot access files in %s directory.\n", fname); | 39 | printf("GOOD: I cannot access files in %s directory.\n", fname); |
40 | 40 | ||
41 | free(fname); | 41 | free(fname); |
42 | } | 42 | } |
43 | 43 | ||
@@ -47,14 +47,14 @@ void files_test(void) { | |||
47 | fprintf(stderr, "Error: cannot retrieve user account information\n"); | 47 | fprintf(stderr, "Error: cannot retrieve user account information\n"); |
48 | return; | 48 | return; |
49 | } | 49 | } |
50 | 50 | ||
51 | username = strdup(pw->pw_name); | 51 | username = strdup(pw->pw_name); |
52 | if (!username) | 52 | if (!username) |
53 | errExit("strdup"); | 53 | errExit("strdup"); |
54 | homedir = strdup(pw->pw_dir); | 54 | homedir = strdup(pw->pw_dir); |
55 | if (!homedir) | 55 | if (!homedir) |
56 | errExit("strdup"); | 56 | errExit("strdup"); |
57 | 57 | ||
58 | // check access to .ssh directory | 58 | // check access to .ssh directory |
59 | check_home_file(".ssh"); | 59 | check_home_file(".ssh"); |
60 | 60 | ||
@@ -66,10 +66,10 @@ void files_test(void) { | |||
66 | 66 | ||
67 | // check access to Chromium browser directory | 67 | // check access to Chromium browser directory |
68 | check_home_file(".config/chromium"); | 68 | check_home_file(".config/chromium"); |
69 | 69 | ||
70 | // check access to Debian Icedove directory | 70 | // check access to Debian Icedove directory |
71 | check_home_file(".icedove"); | 71 | check_home_file(".icedove"); |
72 | 72 | ||
73 | // check access to Thunderbird directory | 73 | // check access to Thunderbird directory |
74 | check_home_file(".thunderbird"); | 74 | check_home_file(".thunderbird"); |
75 | } | 75 | } |
diff --git a/src/faudit/main.c b/src/faudit/main.c index 2572bf332..8ab0de5a6 100644 --- a/src/faudit/main.c +++ b/src/faudit/main.c | |||
@@ -24,19 +24,19 @@ int main(int argc, char **argv) { | |||
24 | // make test-arguments helper | 24 | // make test-arguments helper |
25 | if (getenv("FIREJAIL_TEST_ARGUMENTS")) { | 25 | if (getenv("FIREJAIL_TEST_ARGUMENTS")) { |
26 | printf("Arguments:\n"); | 26 | printf("Arguments:\n"); |
27 | 27 | ||
28 | int i; | 28 | int i; |
29 | for (i = 0; i < argc; i++) { | 29 | for (i = 0; i < argc; i++) { |
30 | printf("#%s#\n", argv[i]); | 30 | printf("#%s#\n", argv[i]); |
31 | } | 31 | } |
32 | 32 | ||
33 | return 0; | 33 | return 0; |
34 | } | 34 | } |
35 | 35 | ||
36 | 36 | ||
37 | if (argc != 1) { | 37 | if (argc != 1) { |
38 | int i; | 38 | int i; |
39 | 39 | ||
40 | for (i = 1; i < argc; i++) { | 40 | for (i = 1; i < argc; i++) { |
41 | if (strcmp(argv[i], "syscall")) { | 41 | if (strcmp(argv[i], "syscall")) { |
42 | syscall_helper(argc, argv); | 42 | syscall_helper(argc, argv); |
@@ -56,16 +56,16 @@ int main(int argc, char **argv) { | |||
56 | errExit("strdup"); | 56 | errExit("strdup"); |
57 | } | 57 | } |
58 | printf("INFO: starting %s.\n", prog); | 58 | printf("INFO: starting %s.\n", prog); |
59 | 59 | ||
60 | 60 | ||
61 | // check pid namespace | 61 | // check pid namespace |
62 | pid_test(); | 62 | pid_test(); |
63 | printf("\n"); | 63 | printf("\n"); |
64 | 64 | ||
65 | // check seccomp | 65 | // check seccomp |
66 | seccomp_test(); | 66 | seccomp_test(); |
67 | printf("\n"); | 67 | printf("\n"); |
68 | 68 | ||
69 | // check capabilities | 69 | // check capabilities |
70 | caps_test(); | 70 | caps_test(); |
71 | printf("\n"); | 71 | printf("\n"); |
@@ -73,11 +73,11 @@ int main(int argc, char **argv) { | |||
73 | // check some well-known problematic files and directories | 73 | // check some well-known problematic files and directories |
74 | files_test(); | 74 | files_test(); |
75 | printf("\n"); | 75 | printf("\n"); |
76 | 76 | ||
77 | // network | 77 | // network |
78 | network_test(); | 78 | network_test(); |
79 | printf("\n"); | 79 | printf("\n"); |
80 | 80 | ||
81 | // dbus | 81 | // dbus |
82 | dbus_test(); | 82 | dbus_test(); |
83 | printf("\n"); | 83 | printf("\n"); |
diff --git a/src/faudit/network.c b/src/faudit/network.c index 67c11e835..797c15ba8 100644 --- a/src/faudit/network.c +++ b/src/faudit/network.c | |||
@@ -35,15 +35,15 @@ static void check_ssh(void) { | |||
35 | struct sockaddr_in server; | 35 | struct sockaddr_in server; |
36 | server.sin_addr.s_addr = inet_addr("127.0.0.1"); | 36 | server.sin_addr.s_addr = inet_addr("127.0.0.1"); |
37 | server.sin_family = AF_INET; | 37 | server.sin_family = AF_INET; |
38 | server.sin_port = htons(22); | 38 | server.sin_port = htons(22); |
39 | 39 | ||
40 | if (connect(sock , (struct sockaddr *)&server , sizeof(server)) < 0) | 40 | if (connect(sock , (struct sockaddr *)&server , sizeof(server)) < 0) |
41 | printf("GOOD: SSH server not available on localhost.\n"); | 41 | printf("GOOD: SSH server not available on localhost.\n"); |
42 | else { | 42 | else { |
43 | printf("MAYBE: an SSH server is accessible on localhost. "); | 43 | printf("MAYBE: an SSH server is accessible on localhost. "); |
44 | printf("It could be a good idea to create a new network namespace using \"--net=none\" or \"--net=eth0\".\n"); | 44 | printf("It could be a good idea to create a new network namespace using \"--net=none\" or \"--net=eth0\".\n"); |
45 | } | 45 | } |
46 | 46 | ||
47 | close(sock); | 47 | close(sock); |
48 | } | 48 | } |
49 | 49 | ||
@@ -59,15 +59,15 @@ static void check_http(void) { | |||
59 | struct sockaddr_in server; | 59 | struct sockaddr_in server; |
60 | server.sin_addr.s_addr = inet_addr("127.0.0.1"); | 60 | server.sin_addr.s_addr = inet_addr("127.0.0.1"); |
61 | server.sin_family = AF_INET; | 61 | server.sin_family = AF_INET; |
62 | server.sin_port = htons(80); | 62 | server.sin_port = htons(80); |
63 | 63 | ||
64 | if (connect(sock , (struct sockaddr *)&server , sizeof(server)) < 0) | 64 | if (connect(sock , (struct sockaddr *)&server , sizeof(server)) < 0) |
65 | printf("GOOD: HTTP server not available on localhost.\n"); | 65 | printf("GOOD: HTTP server not available on localhost.\n"); |
66 | else { | 66 | else { |
67 | printf("MAYBE: an HTTP server is accessible on localhost. "); | 67 | printf("MAYBE: an HTTP server is accessible on localhost. "); |
68 | printf("It could be a good idea to create a new network namespace using \"--net=none\" or \"--net=eth0\".\n"); | 68 | printf("It could be a good idea to create a new network namespace using \"--net=none\" or \"--net=eth0\".\n"); |
69 | } | 69 | } |
70 | 70 | ||
71 | close(sock); | 71 | close(sock); |
72 | } | 72 | } |
73 | 73 | ||
@@ -88,12 +88,12 @@ void check_netlink(void) { | |||
88 | close(sock); | 88 | close(sock); |
89 | return; | 89 | return; |
90 | } | 90 | } |
91 | 91 | ||
92 | close(sock); | 92 | close(sock); |
93 | printf("MAYBE: I can connect to netlink socket. Network utilities such as iproute2 will work fine in the sandbox. "); | 93 | printf("MAYBE: I can connect to netlink socket. Network utilities such as iproute2 will work fine in the sandbox. "); |
94 | printf("You can use \"--protocol\" to disable the socket.\n"); | 94 | printf("You can use \"--protocol\" to disable the socket.\n"); |
95 | } | 95 | } |
96 | 96 | ||
97 | void network_test(void) { | 97 | void network_test(void) { |
98 | check_ssh(); | 98 | check_ssh(); |
99 | check_http(); | 99 | check_http(); |
diff --git a/src/faudit/pid.c b/src/faudit/pid.c index 34f6d1691..0aa2ddd44 100644 --- a/src/faudit/pid.c +++ b/src/faudit/pid.c | |||
@@ -32,7 +32,7 @@ void pid_test(void) { | |||
32 | 32 | ||
33 | // look at the first 10 processes | 33 | // look at the first 10 processes |
34 | int not_visible = 1; | 34 | int not_visible = 1; |
35 | for (i = 1; i <= 10; i++) { | 35 | for (i = 1; i <= 10; i++) { |
36 | struct stat s; | 36 | struct stat s; |
37 | char *fname; | 37 | char *fname; |
38 | if (asprintf(&fname, "/proc/%d/comm", i) == -1) | 38 | if (asprintf(&fname, "/proc/%d/comm", i) == -1) |
@@ -41,7 +41,7 @@ void pid_test(void) { | |||
41 | free(fname); | 41 | free(fname); |
42 | continue; | 42 | continue; |
43 | } | 43 | } |
44 | 44 | ||
45 | // open file | 45 | // open file |
46 | /* coverity[toctou] */ | 46 | /* coverity[toctou] */ |
47 | FILE *fp = fopen(fname, "r"); | 47 | FILE *fp = fopen(fname, "r"); |
@@ -49,7 +49,7 @@ void pid_test(void) { | |||
49 | free(fname); | 49 | free(fname); |
50 | continue; | 50 | continue; |
51 | } | 51 | } |
52 | 52 | ||
53 | // read file | 53 | // read file |
54 | char buf[100]; | 54 | char buf[100]; |
55 | if (fgets(buf, 10, fp) == NULL) { | 55 | if (fgets(buf, 10, fp) == NULL) { |
@@ -63,7 +63,7 @@ void pid_test(void) { | |||
63 | char *ptr; | 63 | char *ptr; |
64 | if ((ptr = strchr(buf, '\n')) != NULL) | 64 | if ((ptr = strchr(buf, '\n')) != NULL) |
65 | *ptr = '\0'; | 65 | *ptr = '\0'; |
66 | 66 | ||
67 | // check process name against the kernel list | 67 | // check process name against the kernel list |
68 | int j = 0; | 68 | int j = 0; |
69 | while (kern_proc[j] != NULL) { | 69 | while (kern_proc[j] != NULL) { |
@@ -76,7 +76,7 @@ void pid_test(void) { | |||
76 | } | 76 | } |
77 | j++; | 77 | j++; |
78 | } | 78 | } |
79 | 79 | ||
80 | fclose(fp); | 80 | fclose(fp); |
81 | free(fname); | 81 | free(fname); |
82 | } | 82 | } |
@@ -86,7 +86,7 @@ void pid_test(void) { | |||
86 | printf("BAD: Process %d is not running in a PID namespace.\n", pid); | 86 | printf("BAD: Process %d is not running in a PID namespace.\n", pid); |
87 | else | 87 | else |
88 | printf("GOOD: process %d is running in a PID namespace.\n", pid); | 88 | printf("GOOD: process %d is running in a PID namespace.\n", pid); |
89 | 89 | ||
90 | // try to guess the type of container/sandbox | 90 | // try to guess the type of container/sandbox |
91 | char *str = getenv("container"); | 91 | char *str = getenv("container"); |
92 | if (str) | 92 | if (str) |
diff --git a/src/faudit/seccomp.c b/src/faudit/seccomp.c index 1c188aa45..2e9665fd9 100644 --- a/src/faudit/seccomp.c +++ b/src/faudit/seccomp.c | |||
@@ -24,7 +24,7 @@ static int extract_seccomp(int *val) { | |||
24 | FILE *fp = fopen("/proc/self/status", "r"); | 24 | FILE *fp = fopen("/proc/self/status", "r"); |
25 | if (!fp) | 25 | if (!fp) |
26 | return 1; | 26 | return 1; |
27 | 27 | ||
28 | char buf[MAXBUF]; | 28 | char buf[MAXBUF]; |
29 | while (fgets(buf, MAXBUF, fp)) { | 29 | while (fgets(buf, MAXBUF, fp)) { |
30 | if (strncmp(buf, "Seccomp:\t", 8) == 0) { | 30 | if (strncmp(buf, "Seccomp:\t", 8) == 0) { |
@@ -44,12 +44,12 @@ static int extract_seccomp(int *val) { | |||
44 | void seccomp_test(void) { | 44 | void seccomp_test(void) { |
45 | int seccomp_status; | 45 | int seccomp_status; |
46 | int rv = extract_seccomp(&seccomp_status); | 46 | int rv = extract_seccomp(&seccomp_status); |
47 | 47 | ||
48 | if (rv) { | 48 | if (rv) { |
49 | printf("INFO: cannot extract seccomp configuration on this platform.\n"); | 49 | printf("INFO: cannot extract seccomp configuration on this platform.\n"); |
50 | return; | 50 | return; |
51 | } | 51 | } |
52 | 52 | ||
53 | if (seccomp_status == 0) { | 53 | if (seccomp_status == 0) { |
54 | printf("BAD: seccomp disabled. Use \"firejail --seccomp\" to enable it.\n"); | 54 | printf("BAD: seccomp disabled. Use \"firejail --seccomp\" to enable it.\n"); |
55 | } | 55 | } |
@@ -67,10 +67,10 @@ void seccomp_test(void) { | |||
67 | 67 | ||
68 | printf("ptrace... "); fflush(0); | 68 | printf("ptrace... "); fflush(0); |
69 | syscall_run("ptrace"); | 69 | syscall_run("ptrace"); |
70 | 70 | ||
71 | printf("swapon... "); fflush(0); | 71 | printf("swapon... "); fflush(0); |
72 | syscall_run("swapon"); | 72 | syscall_run("swapon"); |
73 | 73 | ||
74 | printf("swapoff... "); fflush(0); | 74 | printf("swapoff... "); fflush(0); |
75 | syscall_run("swapoff"); | 75 | syscall_run("swapoff"); |
76 | 76 | ||
@@ -79,20 +79,20 @@ void seccomp_test(void) { | |||
79 | 79 | ||
80 | printf("delete_module... "); fflush(0); | 80 | printf("delete_module... "); fflush(0); |
81 | syscall_run("delete_module"); | 81 | syscall_run("delete_module"); |
82 | 82 | ||
83 | printf("chroot... "); fflush(0); | 83 | printf("chroot... "); fflush(0); |
84 | syscall_run("chroot"); | 84 | syscall_run("chroot"); |
85 | 85 | ||
86 | printf("pivot_root... "); fflush(0); | 86 | printf("pivot_root... "); fflush(0); |
87 | syscall_run("pivot_root"); | 87 | syscall_run("pivot_root"); |
88 | 88 | ||
89 | #if defined(__i386__) || defined(__x86_64__) | 89 | #if defined(__i386__) || defined(__x86_64__) |
90 | printf("iopl... "); fflush(0); | 90 | printf("iopl... "); fflush(0); |
91 | syscall_run("iopl"); | 91 | syscall_run("iopl"); |
92 | 92 | ||
93 | printf("ioperm... "); fflush(0); | 93 | printf("ioperm... "); fflush(0); |
94 | syscall_run("ioperm"); | 94 | syscall_run("ioperm"); |
95 | #endif | 95 | #endif |
96 | printf("\n"); | 96 | printf("\n"); |
97 | } | 97 | } |
98 | else | 98 | else |
diff --git a/src/faudit/syscall.c b/src/faudit/syscall.c index 40b1ecc84..2925a6c30 100644 --- a/src/faudit/syscall.c +++ b/src/faudit/syscall.c | |||
@@ -33,7 +33,7 @@ extern int pivot_root(const char *new_root, const char *put_old); | |||
33 | 33 | ||
34 | void syscall_helper(int argc, char **argv) { | 34 | void syscall_helper(int argc, char **argv) { |
35 | (void) argc; | 35 | (void) argc; |
36 | 36 | ||
37 | if (strcmp(argv[2], "mount") == 0) { | 37 | if (strcmp(argv[2], "mount") == 0) { |
38 | int rv = mount(NULL, NULL, NULL, 0, NULL); | 38 | int rv = mount(NULL, NULL, NULL, 0, NULL); |
39 | (void) rv; | 39 | (void) rv; |
@@ -87,7 +87,7 @@ void syscall_helper(int argc, char **argv) { | |||
87 | 87 | ||
88 | void syscall_run(const char *name) { | 88 | void syscall_run(const char *name) { |
89 | assert(prog); | 89 | assert(prog); |
90 | 90 | ||
91 | pid_t child = fork(); | 91 | pid_t child = fork(); |
92 | if (child < 0) | 92 | if (child < 0) |
93 | errExit("fork"); | 93 | errExit("fork"); |
@@ -96,7 +96,7 @@ void syscall_run(const char *name) { | |||
96 | perror("execl"); | 96 | perror("execl"); |
97 | _exit(1); | 97 | _exit(1); |
98 | } | 98 | } |
99 | 99 | ||
100 | // wait for the child to finish | 100 | // wait for the child to finish |
101 | waitpid(child, NULL, 0); | 101 | waitpid(child, NULL, 0); |
102 | } | 102 | } |
diff --git a/src/faudit/x11.c b/src/faudit/x11.c index 4cf1511a5..f0cc0eed4 100644 --- a/src/faudit/x11.c +++ b/src/faudit/x11.c | |||
@@ -29,7 +29,7 @@ void x11_test(void) { | |||
29 | 29 | ||
30 | if (check_unix("@/tmp/.X11-unix/X0") == 0) | 30 | if (check_unix("@/tmp/.X11-unix/X0") == 0) |
31 | printf("MAYBE: X11 socket @/tmp/.X11-unix/X0 is available\n"); | 31 | printf("MAYBE: X11 socket @/tmp/.X11-unix/X0 is available\n"); |
32 | 32 | ||
33 | // check all unix sockets in /tmp/.X11-unix directory | 33 | // check all unix sockets in /tmp/.X11-unix directory |
34 | DIR *dir; | 34 | DIR *dir; |
35 | if (!(dir = opendir("/tmp/.X11-unix"))) { | 35 | if (!(dir = opendir("/tmp/.X11-unix"))) { |
@@ -39,7 +39,7 @@ void x11_test(void) { | |||
39 | ; | 39 | ; |
40 | } | 40 | } |
41 | } | 41 | } |
42 | 42 | ||
43 | if (dir == NULL) | 43 | if (dir == NULL) |
44 | printf("GOOD: cannot open /tmp/.X11-unix directory\n"); | 44 | printf("GOOD: cannot open /tmp/.X11-unix directory\n"); |
45 | else { | 45 | else { |