From 10c7565f9d414d745122dac2e441f5e816db7843 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Tue, 5 Apr 2016 13:17:20 -0400
Subject: grsecurity: --caps.print

---
 src/firemon/firemon.c | 9 ++++++++-
 src/firemon/usage.c   | 3 ++-
 2 files changed, 10 insertions(+), 2 deletions(-)

(limited to 'src/firemon')

diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c
index 0e38696ac..9c3558362 100644
--- a/src/firemon/firemon.c
+++ b/src/firemon/firemon.c
@@ -23,7 +23,8 @@
 #include <sys/ioctl.h>
 #include <sys/prctl.h>
 #include <grp.h>
-
+#include <sys/stat.h>
+ 
 
 static int arg_route = 0;
 static int arg_arp = 0;
@@ -111,6 +112,12 @@ int main(int argc, char **argv) {
 	unsigned pid = 0;
 	int i;
 
+	struct stat s;
+	if (getuid() != 0 &&stat("/proc/sys/kernel/grsecurity", &s) == 0) {
+		fprintf(stderr, "Error: on Grsecurity systems only root user can run this program\n");
+		exit(1);
+	}
+	
 	// handle CTRL-C
 	signal (SIGINT, my_handler);
 	signal (SIGTERM, my_handler);
diff --git a/src/firemon/usage.c b/src/firemon/usage.c
index 926e1c89f..74a2a61f0 100644
--- a/src/firemon/usage.c
+++ b/src/firemon/usage.c
@@ -24,7 +24,8 @@ void usage(void) {
 	printf("Usage: firemon [OPTIONS] [PID]\n\n");
 	printf("Monitor processes started in a Firejail sandbox. Without any PID specified,\n");
 	printf("all processes started by Firejail are monitored. Descendants of these processes\n");
-	printf("are also being monitored.\n\n");
+	printf("are also being monitored. On Grsecurity systems only root user\n");
+	printf("can run this program.\n\n");
 	printf("Options:\n");
 	printf("\t--arp - print ARP table for each sandbox.\n\n");
 	printf("\t--caps - print capabilities configuration for each sandbox.\n\n");
-- 
cgit v1.2.3-54-g00ecf