github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-21 06:45:29 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 1

Merge pull request #776 from manevich/x11

Browse source 
small --x11=block fixes
This commit is contained in:
netblue30 2016-09-14 09:16:24 -04:00 committed by GitHub
commit 5fe9540312
1 changed files with 8 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/firejail/x11.c
View file

@ -54,7 +54,11 @@ static int x11_check_xephyr(void) {
// check for X11 abstract sockets
static int x11_abstract_sockets_present(void) {
char *path;
EUID_ROOT(); // grsecurity fix
FILE *fp = fopen("/proc/net/unix", "r");
EUID_USER();
if (!fp)
errExit("fopen");
@ -594,9 +598,10 @@ void x11_block(void) {
if ((!arg_nonetwork && !cfg.bridge0.configured && !cfg.interface0.configured)
&& x11_abstract_sockets_present()) {
fprintf(stderr, "ERROR: --x11=block specified, but abstract X11 socket still accessible.\n"
"Additional setup required. To block abstract X11 socket you need either:\n"
" * use network namespace (--net=none, --net=...)\n"
" * add \"-nolisten local\" to xserver options (eg. /etc/X11/xinit/xserverrc)\n");
"Additional setup required. To block abstract X11 socket you can either:\n"
" * use network namespace in firejail (--net=none, --net=...)\n"
" * add \"-nolisten local\" to xserver options\n"
" (eg. to your display manager config, or /etc/X11/xinit/xserverrc)\n");
exit(1);
}