diff options
Diffstat (limited to 'src/firejail/no_sandbox.c')
-rw-r--r-- | src/firejail/no_sandbox.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c index 05f5abe2a..b37c5abf7 100644 --- a/src/firejail/no_sandbox.c +++ b/src/firejail/no_sandbox.c | |||
@@ -39,12 +39,12 @@ int is_container(const char *str) { | |||
39 | // returns 1 if we are running under LXC | 39 | // returns 1 if we are running under LXC |
40 | int check_namespace_virt(void) { | 40 | int check_namespace_virt(void) { |
41 | EUID_ASSERT(); | 41 | EUID_ASSERT(); |
42 | 42 | ||
43 | // check container environment variable | 43 | // check container environment variable |
44 | char *str = getenv("container"); | 44 | char *str = getenv("container"); |
45 | if (str && is_container(str)) | 45 | if (str && is_container(str)) |
46 | return 1; | 46 | return 1; |
47 | 47 | ||
48 | // check PID 1 container environment variable | 48 | // check PID 1 container environment variable |
49 | EUID_ROOT(); | 49 | EUID_ROOT(); |
50 | FILE *fp = fopen("/proc/1/environ", "r"); | 50 | FILE *fp = fopen("/proc/1/environ", "r"); |
@@ -62,7 +62,7 @@ int check_namespace_virt(void) { | |||
62 | break; | 62 | break; |
63 | } | 63 | } |
64 | buf[i] = '\0'; | 64 | buf[i] = '\0'; |
65 | 65 | ||
66 | // check env var name | 66 | // check env var name |
67 | if (strncmp(buf, "container=", 10) == 0) { | 67 | if (strncmp(buf, "container=", 10) == 0) { |
68 | // found it | 68 | // found it |
@@ -74,10 +74,10 @@ int check_namespace_virt(void) { | |||
74 | } | 74 | } |
75 | // printf("i %d c %d, buf #%s#\n", i, c, buf); | 75 | // printf("i %d c %d, buf #%s#\n", i, c, buf); |
76 | } | 76 | } |
77 | 77 | ||
78 | fclose(fp); | 78 | fclose(fp); |
79 | } | 79 | } |
80 | 80 | ||
81 | EUID_USER(); | 81 | EUID_USER(); |
82 | return 0; | 82 | return 0; |
83 | } | 83 | } |
@@ -104,7 +104,7 @@ int check_kernel_procs(void) { | |||
104 | 104 | ||
105 | // look at the first 10 processes | 105 | // look at the first 10 processes |
106 | // if a kernel process is found, return 1 | 106 | // if a kernel process is found, return 1 |
107 | for (i = 1; i <= 10; i++) { | 107 | for (i = 1; i <= 10; i++) { |
108 | struct stat s; | 108 | struct stat s; |
109 | char *fname; | 109 | char *fname; |
110 | if (asprintf(&fname, "/proc/%d/comm", i) == -1) | 110 | if (asprintf(&fname, "/proc/%d/comm", i) == -1) |
@@ -113,7 +113,7 @@ int check_kernel_procs(void) { | |||
113 | free(fname); | 113 | free(fname); |
114 | continue; | 114 | continue; |
115 | } | 115 | } |
116 | 116 | ||
117 | // open file | 117 | // open file |
118 | /* coverity[toctou] */ | 118 | /* coverity[toctou] */ |
119 | FILE *fp = fopen(fname, "r"); | 119 | FILE *fp = fopen(fname, "r"); |
@@ -122,7 +122,7 @@ int check_kernel_procs(void) { | |||
122 | free(fname); | 122 | free(fname); |
123 | continue; | 123 | continue; |
124 | } | 124 | } |
125 | 125 | ||
126 | // read file | 126 | // read file |
127 | char buf[100]; | 127 | char buf[100]; |
128 | if (fgets(buf, 10, fp) == NULL) { | 128 | if (fgets(buf, 10, fp) == NULL) { |
@@ -135,7 +135,7 @@ int check_kernel_procs(void) { | |||
135 | char *ptr; | 135 | char *ptr; |
136 | if ((ptr = strchr(buf, '\n')) != NULL) | 136 | if ((ptr = strchr(buf, '\n')) != NULL) |
137 | *ptr = '\0'; | 137 | *ptr = '\0'; |
138 | 138 | ||
139 | // check process name against the kernel list | 139 | // check process name against the kernel list |
140 | int j = 0; | 140 | int j = 0; |
141 | while (kern_proc[j] != NULL) { | 141 | while (kern_proc[j] != NULL) { |
@@ -148,7 +148,7 @@ int check_kernel_procs(void) { | |||
148 | } | 148 | } |
149 | j++; | 149 | j++; |
150 | } | 150 | } |
151 | 151 | ||
152 | fclose(fp); | 152 | fclose(fp); |
153 | free(fname); | 153 | free(fname); |
154 | } | 154 | } |