diff options
Diffstat (limited to 'src/firejail/main.c')
| -rw-r--r-- | src/firejail/main.c | 13 |
1 files changed, 4 insertions, 9 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 3f005b547..e100e1f2c 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -499,15 +499,15 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
| 499 | exit(0); | 499 | exit(0); |
| 500 | } | 500 | } |
| 501 | else if (strcmp(argv[i], "--list") == 0) { | 501 | else if (strcmp(argv[i], "--list") == 0) { |
| 502 | int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FIREMON, "--list"); | 502 | int rv = sbox_run(SBOX_ROOT| SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FIREMON, "--list"); |
| 503 | exit(rv); | 503 | exit(rv); |
| 504 | } | 504 | } |
| 505 | else if (strcmp(argv[i], "--tree") == 0) { | 505 | else if (strcmp(argv[i], "--tree") == 0) { |
| 506 | int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FIREMON, "--tree"); | 506 | int rv = sbox_run(SBOX_ROOT | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FIREMON, "--tree"); |
| 507 | exit(rv); | 507 | exit(rv); |
| 508 | } | 508 | } |
| 509 | else if (strcmp(argv[i], "--top") == 0) { | 509 | else if (strcmp(argv[i], "--top") == 0) { |
| 510 | int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP | SBOX_ALLOW_STDIN, | 510 | int rv = sbox_run(SBOX_ROOT | SBOX_CAPS_NONE | SBOX_SECCOMP | SBOX_ALLOW_STDIN, |
| 511 | 2, PATH_FIREMON, "--top"); | 511 | 2, PATH_FIREMON, "--top"); |
| 512 | exit(rv); | 512 | exit(rv); |
| 513 | } | 513 | } |
| @@ -515,12 +515,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
| 515 | else if (strcmp(argv[i], "--netstats") == 0) { | 515 | else if (strcmp(argv[i], "--netstats") == 0) { |
| 516 | if (checkcfg(CFG_NETWORK)) { | 516 | if (checkcfg(CFG_NETWORK)) { |
| 517 | struct stat s; | 517 | struct stat s; |
| 518 | int rv; | 518 | int rv = sbox_run(SBOX_ROOT | SBOX_CAPS_NONE | SBOX_SECCOMP | SBOX_ALLOW_STDIN, |
| 519 | if (stat("/proc/sys/kernel/grsecurity", &s) == 0) | ||
| 520 | rv = sbox_run(SBOX_ROOT | SBOX_CAPS_NONE | SBOX_SECCOMP | SBOX_ALLOW_STDIN, | ||
| 521 | 2, PATH_FIREMON, "--netstats"); | ||
| 522 | else | ||
| 523 | rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP | SBOX_ALLOW_STDIN, | ||
| 524 | 2, PATH_FIREMON, "--netstats"); | 519 | 2, PATH_FIREMON, "--netstats"); |
| 525 | exit(rv); | 520 | exit(rv); |
| 526 | } | 521 | } |