From 7b78bf75c7bcf49e91065ff3013f3e8908c3a9ff Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@protonmail.com>
Date: Sat, 19 Jun 2021 10:34:03 -0400
Subject: jailcheck: networking support

---
 src/jailcheck/jailcheck.h |  2 ++
 src/jailcheck/main.c      | 23 +++++++++++++++++++++++
 2 files changed, 25 insertions(+)

(limited to 'src/jailcheck')

diff --git a/src/jailcheck/jailcheck.h b/src/jailcheck/jailcheck.h
index 32be1c978..be3104da3 100644
--- a/src/jailcheck/jailcheck.h
+++ b/src/jailcheck/jailcheck.h
@@ -53,6 +53,8 @@ void apparmor_test(pid_t pid);
 // seccomp.c
 void seccomp_test(pid_t pid);
 
+// network.c
+void network_test(void);
 // utils.c
 char *get_sudo_user(void);
 char *get_homedir(const char *user, uid_t *uid, gid_t *gid);
diff --git a/src/jailcheck/main.c b/src/jailcheck/main.c
index 4d642bf96..812ac5808 100644
--- a/src/jailcheck/main.c
+++ b/src/jailcheck/main.c
@@ -157,6 +157,7 @@ int main(int argc, char **argv) {
 			seccomp_test(pid);
 			fflush(0);
 
+			// filesystem tests
 			pid_t child = fork();
 			if (child == -1)
 				errExit("fork");
@@ -185,6 +186,28 @@ int main(int argc, char **argv) {
 			}
 			int status;
 			wait(&status);
+
+			// network test
+			child = fork();
+			if (child == -1)
+				errExit("fork");
+			if (child == 0) {
+				int rv = join_namespace(pid, "net");
+				if (rv == 0)
+					network_test();
+				else {
+					printf("   Error: I cannot join the process network stack\n");
+					exit(1);
+				}
+
+				// drop privileges in order not to trigger cleanup()
+				if (setgid(user_gid) != 0)
+					errExit("setgid");
+				if (setuid(user_uid) != 0)
+					errExit("setuid");
+				return 0;
+			}
+			wait(&status);
 		}
 	}
 
-- 
cgit v1.2.3-54-g00ecf