diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 2 | ||||
-rw-r--r-- | src/firejail/no_sandbox.c | 6 |
2 files changed, 6 insertions, 2 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 24efae814..477c6ac7d 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -701,7 +701,9 @@ int main(int argc, char **argv) { | |||
701 | run_symlink(argc, argv); | 701 | run_symlink(argc, argv); |
702 | 702 | ||
703 | // check if we already have a sandbox running | 703 | // check if we already have a sandbox running |
704 | EUID_ROOT(); | ||
704 | int rv = check_kernel_procs(); | 705 | int rv = check_kernel_procs(); |
706 | EUID_USER(); | ||
705 | if (rv == 0) { | 707 | if (rv == 0) { |
706 | // if --force option is passed to the program, disregard the existing sandbox | 708 | // if --force option is passed to the program, disregard the existing sandbox |
707 | int found = 0; | 709 | int found = 0; |
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c index 9f9ace527..a9242f035 100644 --- a/src/firejail/no_sandbox.c +++ b/src/firejail/no_sandbox.c | |||
@@ -26,8 +26,10 @@ | |||
26 | // check process space for kernel processes | 26 | // check process space for kernel processes |
27 | // return 1 if found, 0 if not found | 27 | // return 1 if found, 0 if not found |
28 | int check_kernel_procs(void) { | 28 | int check_kernel_procs(void) { |
29 | EUID_ASSERT(); | 29 | // we run this function with EUID set in order to detect grsecurity |
30 | 30 | // only user processes are available in /proc when running grsecurity | |
31 | // EUID_ASSERT(); | ||
32 | |||
31 | char *kern_proc[] = { | 33 | char *kern_proc[] = { |
32 | "kthreadd", | 34 | "kthreadd", |
33 | "ksoftirqd", | 35 | "ksoftirqd", |