From 93a42ba22071befc6e2a9f37666b4c51e2314213 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Mon, 4 Apr 2016 08:36:16 -0400
Subject: grsecurity fix: check existing sandbox with euid set

---
 src/firejail/main.c       | 2 ++
 src/firejail/no_sandbox.c | 6 ++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/firejail/main.c b/src/firejail/main.c
index 24efae814..477c6ac7d 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -701,7 +701,9 @@ int main(int argc, char **argv) {
 		run_symlink(argc, argv);
 
 	// check if we already have a sandbox running
+	EUID_ROOT();
 	int rv = check_kernel_procs();
+	EUID_USER();
 	if (rv == 0) {
 		// if --force option is passed to the program, disregard the existing sandbox
 		int found = 0;
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c
index 9f9ace527..a9242f035 100644
--- a/src/firejail/no_sandbox.c
+++ b/src/firejail/no_sandbox.c
@@ -26,8 +26,10 @@
 // check process space for kernel processes
 // return 1 if found, 0 if not found
 int check_kernel_procs(void) {
-	EUID_ASSERT();
-	
+	// we run this function with EUID set in order to detect grsecurity
+	// only user processes are available in /proc when running grsecurity
+	// EUID_ASSERT();
+
 	char *kern_proc[] = {
 		"kthreadd",
 		"ksoftirqd",
-- 
cgit v1.2.3-54-g00ecf