github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-21 14:56:05 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 1

merge #1100 from zackw: x11=xorg testing

Browse source
This commit is contained in:
netblue30 2017-02-17 10:08:12 -05:00
parent da20ab3c5e
commit ae7c2f508b
4 changed files with 10 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/firejail/x11.c
View file

@ -625,7 +625,6 @@ void x11_start(int argc, char **argv) {
exit(0);
}
}
#endif
// Porting notes:
@ -642,6 +641,11 @@ void x11_start(int argc, char **argv) {
// directory, we need to make sure /usr/bin/xauth executable is the real thing, and not
// something picked up on $PATH.
//
// 3. If for any reason xauth command fails, we exit the sandbox. On Debian 8 this happens
// when using a network namespace. Somehow, xauth tries to connect to the abstract socket,
// and it failes because of the network namespace - it should try to connect to the regular
// Unix socket! If we ignore the fail condition, the program will be started on X server without
// the security extension loaded.
void x11_xorg(void) {
#ifdef HAVE_X11
@ -690,7 +694,7 @@ void x11_xorg(void) {
#ifdef HAVE_GCOV
__gcov_flush();
#endif
execlp("/usr/bin/xauth", "/usr/bin/xauth", "-f", tmpfname,
execlp("/usr/bin/xauth", "/usr/bin/xauth", "-v", "-f", tmpfname,
"generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL);
_exit(127);
@ -719,7 +723,7 @@ void x11_xorg(void) {
// ensure the file has the correct permissions and move it
// into the correct location.
if (stat(tmpfname, &s) == -1) {
fprintf(stderr, "Error: .Xauthority file was mpt created\n");
fprintf(stderr, "Error: .Xauthority file was not created\n");
exit(1);
}
if (set_perms(tmpfname, getuid(), getgid(), 0600))

2
test/apps-x11-xorg/firefox.exp
View file

@ -7,7 +7,7 @@ set timeout 10
spawn $env(SHELL)
match_max 100000
send -- "firejail --name=test --x11=xorg firefox -no-remote www.gentoo.org\r"
send -- "firejail --name=test --x11=xorg --ignore=net --ignore=netfilter --ignore=iprange firefox -no-remote www.gentoo.org\r"
sleep 10
spawn $env(SHELL)

2
test/apps-x11-xorg/icedove.exp
View file

@ -7,7 +7,7 @@ set timeout 10
spawn $env(SHELL)
match_max 100000
send -- "firejail --name=test --x11=xorg icedove\r"
send -- "firejail --name=test --x11=xorg --ignore=net --ignore=netfilter --ignore=iprange icedove\r"
sleep 10
spawn $env(SHELL)

2
test/apps-x11-xorg/transmission-gtk.exp
View file

@ -7,7 +7,7 @@ set timeout 10
spawn $env(SHELL)
match_max 100000
send -- "firejail --name=test --x11=xorg transmission-gtk\r"
send -- "firejail --name=test --x11=xorg --ignore=net --ignore=netfilter --ignore=iprange transmission-gtk\r"
sleep 10
spawn $env(SHELL)