diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 23 | ||||
-rw-r--r-- | src/firejail/profile.c | 15 |
2 files changed, 1 insertions, 37 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index ed5b4901b..1eda26f99 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -728,8 +728,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
728 | #ifdef HAVE_NETWORK | 728 | #ifdef HAVE_NETWORK |
729 | else if (strcmp(argv[i], "--netstats") == 0) { | 729 | else if (strcmp(argv[i], "--netstats") == 0) { |
730 | if (checkcfg(CFG_NETWORK)) { | 730 | if (checkcfg(CFG_NETWORK)) { |
731 | struct stat s; | 731 | if (pid_hidepid()) |
732 | if (stat("/proc/sys/kernel/grsecurity", &s) == 0 || pid_hidepid()) | ||
733 | sbox_run(SBOX_ROOT | SBOX_CAPS_HIDEPID | SBOX_SECCOMP | SBOX_ALLOW_STDIN, | 732 | sbox_run(SBOX_ROOT | SBOX_CAPS_HIDEPID | SBOX_SECCOMP | SBOX_ALLOW_STDIN, |
734 | 2, PATH_FIREMON, "--netstats"); | 733 | 2, PATH_FIREMON, "--netstats"); |
735 | else | 734 | else |
@@ -1747,11 +1746,6 @@ int main(int argc, char **argv, char **envp) { | |||
1747 | fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); | 1746 | fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); |
1748 | exit(1); | 1747 | exit(1); |
1749 | } | 1748 | } |
1750 | struct stat s; | ||
1751 | if (stat("/proc/sys/kernel/grsecurity", &s) == 0) { | ||
1752 | fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n"); | ||
1753 | exit(1); | ||
1754 | } | ||
1755 | arg_overlay = 1; | 1749 | arg_overlay = 1; |
1756 | arg_overlay_keep = 1; | 1750 | arg_overlay_keep = 1; |
1757 | 1751 | ||
@@ -1775,11 +1769,6 @@ int main(int argc, char **argv, char **envp) { | |||
1775 | fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); | 1769 | fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); |
1776 | exit(1); | 1770 | exit(1); |
1777 | } | 1771 | } |
1778 | struct stat s; | ||
1779 | if (stat("/proc/sys/kernel/grsecurity", &s) == 0) { | ||
1780 | fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n"); | ||
1781 | exit(1); | ||
1782 | } | ||
1783 | arg_overlay = 1; | 1772 | arg_overlay = 1; |
1784 | arg_overlay_keep = 1; | 1773 | arg_overlay_keep = 1; |
1785 | arg_overlay_reuse = 1; | 1774 | arg_overlay_reuse = 1; |
@@ -1811,11 +1800,6 @@ int main(int argc, char **argv, char **envp) { | |||
1811 | fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); | 1800 | fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); |
1812 | exit(1); | 1801 | exit(1); |
1813 | } | 1802 | } |
1814 | struct stat s; | ||
1815 | if (stat("/proc/sys/kernel/grsecurity", &s) == 0) { | ||
1816 | fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n"); | ||
1817 | exit(1); | ||
1818 | } | ||
1819 | arg_overlay = 1; | 1803 | arg_overlay = 1; |
1820 | } | 1804 | } |
1821 | else | 1805 | else |
@@ -1954,11 +1938,6 @@ int main(int argc, char **argv, char **envp) { | |||
1954 | exit(1); | 1938 | exit(1); |
1955 | } | 1939 | } |
1956 | 1940 | ||
1957 | struct stat s; | ||
1958 | if (stat("/proc/sys/kernel/grsecurity", &s) == 0) { | ||
1959 | fprintf(stderr, "Error: --chroot option is not available on Grsecurity systems\n"); | ||
1960 | exit(1); | ||
1961 | } | ||
1962 | // extract chroot dirname | 1941 | // extract chroot dirname |
1963 | cfg.chrootdir = argv[i] + 9; | 1942 | cfg.chrootdir = argv[i] + 9; |
1964 | if (*cfg.chrootdir == '\0') { | 1943 | if (*cfg.chrootdir == '\0') { |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 641bb09b1..24964d40d 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -1418,11 +1418,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
1418 | fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); | 1418 | fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); |
1419 | exit(1); | 1419 | exit(1); |
1420 | } | 1420 | } |
1421 | struct stat s; | ||
1422 | if (stat("/proc/sys/kernel/grsecurity", &s) == 0) { | ||
1423 | fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n"); | ||
1424 | exit(1); | ||
1425 | } | ||
1426 | arg_overlay = 1; | 1421 | arg_overlay = 1; |
1427 | arg_overlay_keep = 1; | 1422 | arg_overlay_keep = 1; |
1428 | arg_overlay_reuse = 1; | 1423 | arg_overlay_reuse = 1; |
@@ -1455,11 +1450,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
1455 | fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); | 1450 | fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); |
1456 | exit(1); | 1451 | exit(1); |
1457 | } | 1452 | } |
1458 | struct stat s; | ||
1459 | if (stat("/proc/sys/kernel/grsecurity", &s) == 0) { | ||
1460 | fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n"); | ||
1461 | exit(1); | ||
1462 | } | ||
1463 | arg_overlay = 1; | 1453 | arg_overlay = 1; |
1464 | } | 1454 | } |
1465 | else | 1455 | else |
@@ -1476,11 +1466,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
1476 | fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); | 1466 | fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); |
1477 | exit(1); | 1467 | exit(1); |
1478 | } | 1468 | } |
1479 | struct stat s; | ||
1480 | if (stat("/proc/sys/kernel/grsecurity", &s) == 0) { | ||
1481 | fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n"); | ||
1482 | exit(1); | ||
1483 | } | ||
1484 | arg_overlay = 1; | 1469 | arg_overlay = 1; |
1485 | arg_overlay_keep = 1; | 1470 | arg_overlay_keep = 1; |
1486 | 1471 | ||