diff options
Diffstat (limited to 'src/firejail/main.c')
| -rw-r--r-- | src/firejail/main.c | 23 |
1 files changed, 1 insertions, 22 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index ed5b4901b..1eda26f99 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -728,8 +728,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
| 728 | #ifdef HAVE_NETWORK | 728 | #ifdef HAVE_NETWORK |
| 729 | else if (strcmp(argv[i], "--netstats") == 0) { | 729 | else if (strcmp(argv[i], "--netstats") == 0) { |
| 730 | if (checkcfg(CFG_NETWORK)) { | 730 | if (checkcfg(CFG_NETWORK)) { |
| 731 | struct stat s; | 731 | if (pid_hidepid()) |
| 732 | if (stat("/proc/sys/kernel/grsecurity", &s) == 0 || pid_hidepid()) | ||
| 733 | sbox_run(SBOX_ROOT | SBOX_CAPS_HIDEPID | SBOX_SECCOMP | SBOX_ALLOW_STDIN, | 732 | sbox_run(SBOX_ROOT | SBOX_CAPS_HIDEPID | SBOX_SECCOMP | SBOX_ALLOW_STDIN, |
| 734 | 2, PATH_FIREMON, "--netstats"); | 733 | 2, PATH_FIREMON, "--netstats"); |
| 735 | else | 734 | else |
| @@ -1747,11 +1746,6 @@ int main(int argc, char **argv, char **envp) { | |||
| 1747 | fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); | 1746 | fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); |
| 1748 | exit(1); | 1747 | exit(1); |
| 1749 | } | 1748 | } |
| 1750 | struct stat s; | ||
| 1751 | if (stat("/proc/sys/kernel/grsecurity", &s) == 0) { | ||
| 1752 | fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n"); | ||
| 1753 | exit(1); | ||
| 1754 | } | ||
| 1755 | arg_overlay = 1; | 1749 | arg_overlay = 1; |
| 1756 | arg_overlay_keep = 1; | 1750 | arg_overlay_keep = 1; |
| 1757 | 1751 | ||
| @@ -1775,11 +1769,6 @@ int main(int argc, char **argv, char **envp) { | |||
| 1775 | fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); | 1769 | fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); |
| 1776 | exit(1); | 1770 | exit(1); |
| 1777 | } | 1771 | } |
| 1778 | struct stat s; | ||
| 1779 | if (stat("/proc/sys/kernel/grsecurity", &s) == 0) { | ||
| 1780 | fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n"); | ||
| 1781 | exit(1); | ||
| 1782 | } | ||
| 1783 | arg_overlay = 1; | 1772 | arg_overlay = 1; |
| 1784 | arg_overlay_keep = 1; | 1773 | arg_overlay_keep = 1; |
| 1785 | arg_overlay_reuse = 1; | 1774 | arg_overlay_reuse = 1; |
| @@ -1811,11 +1800,6 @@ int main(int argc, char **argv, char **envp) { | |||
| 1811 | fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); | 1800 | fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); |
| 1812 | exit(1); | 1801 | exit(1); |
| 1813 | } | 1802 | } |
| 1814 | struct stat s; | ||
| 1815 | if (stat("/proc/sys/kernel/grsecurity", &s) == 0) { | ||
| 1816 | fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n"); | ||
| 1817 | exit(1); | ||
| 1818 | } | ||
| 1819 | arg_overlay = 1; | 1803 | arg_overlay = 1; |
| 1820 | } | 1804 | } |
| 1821 | else | 1805 | else |
| @@ -1954,11 +1938,6 @@ int main(int argc, char **argv, char **envp) { | |||
| 1954 | exit(1); | 1938 | exit(1); |
| 1955 | } | 1939 | } |
| 1956 | 1940 | ||
| 1957 | struct stat s; | ||
| 1958 | if (stat("/proc/sys/kernel/grsecurity", &s) == 0) { | ||
| 1959 | fprintf(stderr, "Error: --chroot option is not available on Grsecurity systems\n"); | ||
| 1960 | exit(1); | ||
| 1961 | } | ||
| 1962 | // extract chroot dirname | 1941 | // extract chroot dirname |
| 1963 | cfg.chrootdir = argv[i] + 9; | 1942 | cfg.chrootdir = argv[i] + 9; |
| 1964 | if (*cfg.chrootdir == '\0') { | 1943 | if (*cfg.chrootdir == '\0') { |