From a137cfb715fab07a2e21cf2a0770d1afcd2e2119 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sun, 12 Jun 2016 11:58:59 -0400 Subject: fixes --- README | 2 ++ src/firejail/fs.c | 6 ------ test/dist-compile/compile.sh | 45 ++++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 45 insertions(+), 8 deletions(-) diff --git a/README b/README index 05c9408ec..0f825fd8e 100644 --- a/README +++ b/README @@ -25,6 +25,8 @@ Reiner Herrmann (https://github.com/reinerh) - clang-analyzer fixes - Debian reproducible build - unit testing framework +geg2048 (https://github.com/geg2048) + - kwallet profile fixes Simon Peter (https://github.com/probonopd) - set $APPIMAGE and $APPDIR environment variables maces (https://github.com/maces) diff --git a/src/firejail/fs.c b/src/firejail/fs.c index acc03e412..7811fd2a2 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c @@ -725,8 +725,6 @@ void fs_basic_fs(void) { // firejail sandboxes (firejail --force) if (getuid() != 0) disable_firejail_config(); - else - fprintf(stderr, "Warning: masking /etc/firejail disabled when starting the sandbox as root\n"); if (getuid() == 0) fs_rdwr(); @@ -964,8 +962,6 @@ void fs_overlayfs(void) { // firejail sandboxes (firejail --force) if (getuid() != 0) disable_firejail_config(); - else - fprintf(stderr, "Warning: masking /etc/firejail disabled when starting the sandbox as root\n"); // cleanup and exit free(option); @@ -1101,8 +1097,6 @@ void fs_chroot(const char *rootdir) { // firejail sandboxes (firejail --force) if (getuid() != 0) disable_firejail_config(); - else - fprintf(stderr, "Warning: masking /etc/firejail disabled when starting the sandbox as root\n"); } #endif diff --git a/test/dist-compile/compile.sh b/test/dist-compile/compile.sh index 64c99133a..2d055c1bd 100755 --- a/test/dist-compile/compile.sh +++ b/test/dist-compile/compile.sh @@ -9,7 +9,8 @@ arr[6]="TEST 6: compile network disabled" arr[7]="TEST 7: compile X11 disabled" arr[8]="TEST 8: compile network restricted" arr[9]="TEST 9: compile file transfer disabled" - +arr[10]="TEST 10: compile disable whitelist" +arr[11]="TEST 11: compile disable global config" # remove previous reports and output file cleanup() { @@ -213,7 +214,7 @@ print_title "${arr[9]}" # seccomp cd firejail make distclean -./configure --prefix=/usr --enable-network=restricted --enable-fatal-warnings 2>&1 | tee ../output-configure +./configure --prefix=/usr --disable-file-transfer --enable-fatal-warnings 2>&1 | tee ../output-configure make -j4 2>&1 | tee ../output-make cd .. grep Warning output-configure output-make > ./report-test9 @@ -222,6 +223,44 @@ cp output-configure oc9 cp output-make om9 rm output-configure output-make +#***************************************************************** +# TEST 10 +#***************************************************************** +# - disable whitelist +# - check compilation +#***************************************************************** +print_title "${arr[10]}" +# seccomp +cd firejail +make distclean +./configure --prefix=/usr --disable-whitelist --enable-fatal-warnings 2>&1 | tee ../output-configure +make -j4 2>&1 | tee ../output-make +cd .. +grep Warning output-configure output-make > ./report-test10 +grep Error output-configure output-make >> ./report-test10 +cp output-configure oc10 +cp output-make om10 +rm output-configure output-make + +#***************************************************************** +# TEST 11 +#***************************************************************** +# - disable global config +# - check compilation +#***************************************************************** +print_title "${arr[11]}" +# seccomp +cd firejail +make distclean +./configure --prefix=/usr --disable-globalcfg --enable-fatal-warnings 2>&1 | tee ../output-configure +make -j4 2>&1 | tee ../output-make +cd .. +grep Warning output-configure output-make > ./report-test11 +grep Error output-configure output-make >> ./report-test11 +cp output-configure oc11 +cp output-make om11 +rm output-configure output-make + #***************************************************************** # PRINT REPORTS @@ -246,3 +285,5 @@ echo ${arr[6]} echo ${arr[7]} echo ${arr[8]} echo ${arr[9]} +echo ${arr[10]} +echo ${arr[11]} -- cgit v1.2.3-54-g00ecf