forked from netblue30/firejail
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
allow user access to /sys/fs (--noblacklist=/sys/fs)
- Loading branch information
netblue30
committed
Oct 17, 2016
1 parent
f88f8c6
commit bb6c744
Showing
6 changed files
with
63 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
#! /bin/sh | ||
# Guess values for system-dependent variables and create Makefiles. | ||
# Generated by GNU Autoconf 2.69 for firejail 0.9.44~rc1. | ||
# Generated by GNU Autoconf 2.69 for firejail 0.9.44~rc2. | ||
# | ||
# Report bugs to <[email protected]>. | ||
# | ||
|
@@ -580,8 +580,8 @@ MAKEFLAGS= | |
# Identity of this package. | ||
PACKAGE_NAME='firejail' | ||
PACKAGE_TARNAME='firejail' | ||
PACKAGE_VERSION='0.9.44~rc1' | ||
PACKAGE_STRING='firejail 0.9.44~rc1' | ||
PACKAGE_VERSION='0.9.44~rc2' | ||
PACKAGE_STRING='firejail 0.9.44~rc2' | ||
PACKAGE_BUGREPORT='[email protected]' | ||
PACKAGE_URL='http:https://firejail.wordpress.com' | ||
|
||
|
@@ -1259,7 +1259,7 @@ if test "$ac_init_help" = "long"; then | |
# Omit some internal or obsolete options to make the list less imposing. | ||
# This message is too long to be a string in the A/UX 3.1 sh. | ||
cat <<_ACEOF | ||
\`configure' configures firejail 0.9.44~rc1 to adapt to many kinds of systems. | ||
\`configure' configures firejail 0.9.44~rc2 to adapt to many kinds of systems. | ||
Usage: $0 [OPTION]... [VAR=VALUE]... | ||
|
@@ -1320,7 +1320,7 @@ fi | |
|
||
if test -n "$ac_init_help"; then | ||
case $ac_init_help in | ||
short | recursive ) echo "Configuration of firejail 0.9.44~rc1:";; | ||
short | recursive ) echo "Configuration of firejail 0.9.44~rc2:";; | ||
esac | ||
cat <<\_ACEOF | ||
|
@@ -1424,7 +1424,7 @@ fi | |
test -n "$ac_init_help" && exit $ac_status | ||
if $ac_init_version; then | ||
cat <<\_ACEOF | ||
firejail configure 0.9.44~rc1 | ||
firejail configure 0.9.44~rc2 | ||
generated by GNU Autoconf 2.69 | ||
Copyright (C) 2012 Free Software Foundation, Inc. | ||
|
@@ -1726,7 +1726,7 @@ cat >config.log <<_ACEOF | |
This file contains any messages produced by compilers while | ||
running configure, to aid debugging if configure makes a mistake. | ||
It was created by firejail $as_me 0.9.44~rc1, which was | ||
It was created by firejail $as_me 0.9.44~rc2, which was | ||
generated by GNU Autoconf 2.69. Invocation command line was | ||
$ $0 $@ | ||
|
@@ -4303,7 +4303,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | |
# report actual input values of CONFIG_FILES etc. instead of their | ||
# values after options handling. | ||
ac_log=" | ||
This file was extended by firejail $as_me 0.9.44~rc1, which was | ||
This file was extended by firejail $as_me 0.9.44~rc2, which was | ||
generated by GNU Autoconf 2.69. Invocation command line was | ||
CONFIG_FILES = $CONFIG_FILES | ||
|
@@ -4357,7 +4357,7 @@ _ACEOF | |
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | ||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" | ||
ac_cs_version="\\ | ||
firejail config.status 0.9.44~rc1 | ||
firejail config.status 0.9.44~rc2 | ||
configured by $0, generated by GNU Autoconf 2.69, | ||
with options \\"\$ac_cs_config\\" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
AC_PREREQ([2.68]) | ||
AC_INIT(firejail, 0.9.44~rc1, [email protected], , http:https://firejail.wordpress.com) | ||
AC_INIT(firejail, 0.9.44~rc2, [email protected], , http:https://firejail.wordpress.com) | ||
AC_CONFIG_SRCDIR([src/firejail/main.c]) | ||
#AC_CONFIG_HEADERS([config.h]) | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
#!/usr/bin/expect -f | ||
# This file is part of Firejail project | ||
# Copyright (C) 2014-2016 Firejail Authors | ||
# License GPL v2 | ||
|
||
set timeout 10 | ||
spawn $env(SHELL) | ||
match_max 100000 | ||
|
||
send -- "firejail\r" | ||
expect { | ||
timeout {puts "TESTING ERROR 1\n";exit} | ||
"Child process initialized" | ||
} | ||
sleep 1 | ||
|
||
send -- "ls /sys/fs\r" | ||
expect { | ||
timeout {puts "TESTING ERROR 2\n";exit} | ||
"Permission denied" | ||
} | ||
after 100 | ||
|
||
send -- "exit\r" | ||
sleep 1 | ||
|
||
send -- "firejail --noblacklist=/sys/fs\r" | ||
expect { | ||
timeout {puts "TESTING ERROR 1\n";exit} | ||
"Child process initialized" | ||
} | ||
sleep 1 | ||
|
||
send -- "ls /sys/fs\r" | ||
expect { | ||
timeout {puts "TESTING ERROR 2\n";exit} | ||
"cgroup" | ||
} | ||
after 100 | ||
send -- "exit\r" | ||
after 100 | ||
|
||
puts "\nall done\n" | ||
|