From d090549e0e24dcc92ff411d4b51ac0df578b9ce4 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Wed, 6 Apr 2016 15:20:33 -0400 Subject: grsecurity fixes --- src/firejail/main.c | 2 ++ test/bandwidth.exp | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100755 test/bandwidth.exp diff --git a/src/firejail/main.c b/src/firejail/main.c index 0b47fd6db..166ca1b89 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -783,7 +783,9 @@ int main(int argc, char **argv) { int parent_sshd = 0; { pid_t ppid = getppid(); + EUID_ROOT(); char *comm = pid_proc_comm(ppid); + EUID_USER(); if (comm) { if (strcmp(comm, "sshd") == 0) parent_sshd = 1; diff --git a/test/bandwidth.exp b/test/bandwidth.exp new file mode 100755 index 000000000..33b351296 --- /dev/null +++ b/test/bandwidth.exp @@ -0,0 +1,62 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --name=test --net=br0\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +sleep 2 + +spawn $env(SHELL) +send -- "firejail --bandwidth=test status\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "qdisc noqueue 0: dev eth0" +} +sleep 1 + +send -- "firejail --bandwidth=test set br0 50 10\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Configuring interface eth0" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "configuring tc ingress" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "configuring tc egress" +} + +send -- "firejail --bandwidth=test status\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "dev eth0" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "rate 80Kbit burst 10Kb" +} +sleep 1 + +send -- "firejail --bandwidth=test clear br0\r" +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "Removing bandwith limits" +} +sleep 1 + +send -- "firejail --bandwidth=test status; pwd\r" +expect { + timeout {puts "TESTING ERROR 8\n";exit} + "rate 80Kbit burst 10Kb" {puts "TESTING ERROR 9\n";exit} + "home" {puts "ok\n"} +} +sleep 1 + +puts "\nall done\n" -- cgit v1.2.3-54-g00ecf