--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package firejail
firejail 0.9.44.4-1 contains fixes for 3 CVEs compared to the
version in stretch (CVE-2017-5180, CVE-2017-5206, CVE-2017-5207).
Please lower the migration time for it.
Kind regards,
Reiner
unblock firejail/0.9.44.4-1
diff -Nru firejail-0.9.44.2/configure firejail-0.9.44.4/configure
--- firejail-0.9.44.2/configure 2016-12-02 14:18:09.000000000 +0100
+++ firejail-0.9.44.4/configure 2017-01-07 13:58:37.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for firejail 0.9.44.2.
+# Generated by GNU Autoconf 2.69 for firejail 0.9.44.4.
#
# Report bugs to <netblu...@yahoo.com>.
#
@@ -580,8 +580,8 @@
# Identity of this package.
PACKAGE_NAME='firejail'
PACKAGE_TARNAME='firejail'
-PACKAGE_VERSION='0.9.44.2'
-PACKAGE_STRING='firejail 0.9.44.2'
+PACKAGE_VERSION='0.9.44.4'
+PACKAGE_STRING='firejail 0.9.44.4'
PACKAGE_BUGREPORT='netblu...@yahoo.com'
PACKAGE_URL='http://firejail.wordpress.com'
@@ -1259,7 +1259,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures firejail 0.9.44.2 to adapt to many kinds of systems.
+\`configure' configures firejail 0.9.44.4 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1320,7 +1320,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of firejail 0.9.44.2:";;
+ short | recursive ) echo "Configuration of firejail 0.9.44.4:";;
esac
cat <<\_ACEOF
@@ -1424,7 +1424,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-firejail configure 0.9.44.2
+firejail configure 0.9.44.4
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1726,7 +1726,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by firejail $as_me 0.9.44.2, which was
+It was created by firejail $as_me 0.9.44.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -4303,7 +4303,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by firejail $as_me 0.9.44.2, which was
+This file was extended by firejail $as_me 0.9.44.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -4357,7 +4357,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-firejail config.status 0.9.44.2
+firejail config.status 0.9.44.4
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -Nru firejail-0.9.44.2/configure.ac firejail-0.9.44.4/configure.ac
--- firejail-0.9.44.2/configure.ac 2016-12-02 14:17:36.000000000 +0100
+++ firejail-0.9.44.4/configure.ac 2017-01-07 13:57:38.000000000 +0100
@@ -1,5 +1,5 @@
AC_PREREQ([2.68])
-AC_INIT(firejail, 0.9.44.2, netblu...@yahoo.com, ,
http://firejail.wordpress.com)
+AC_INIT(firejail, 0.9.44.4, netblu...@yahoo.com, ,
http://firejail.wordpress.com)
AC_CONFIG_SRCDIR([src/firejail/main.c])
#AC_CONFIG_HEADERS([config.h])
diff -Nru firejail-0.9.44.2/debian/changelog firejail-0.9.44.4/debian/changelog
--- firejail-0.9.44.2/debian/changelog 2016-12-04 21:44:08.000000000 +0100
+++ firejail-0.9.44.4/debian/changelog 2017-01-07 20:24:40.000000000 +0100
@@ -1,3 +1,24 @@
+firejail (0.9.44.4-1) unstable; urgency=high
+
+ * New upstream release.
+ - Security fixes for: CVE-2017-5180, CVE-2017-5206, CVE-2017-5207
+ (Closes: #850528, #850558)
+ * Drop patches applied upstream.
+
+ -- Reiner Herrmann <rei...@reiner-h.de> Sat, 07 Jan 2017 20:24:40 +0100
+
+firejail (0.9.44.2-3) unstable; urgency=high
+
+ * Add followup fix for CVE-2017-5180 (Closes: #850160).
+
+ -- Reiner Herrmann <rei...@reiner-h.de> Fri, 06 Jan 2017 13:44:25 +0100
+
+firejail (0.9.44.2-2) unstable; urgency=high
+
+ * Add upstream fix for CVE-2017-5180 (Closes: #850160).
+
+ -- Reiner Herrmann <rei...@reiner-h.de> Wed, 04 Jan 2017 23:56:30 +0100
+
firejail (0.9.44.2-1) unstable; urgency=medium
* New upstream release.
diff -Nru firejail-0.9.44.2/platform/rpm/old-mkrpm.sh
firejail-0.9.44.4/platform/rpm/old-mkrpm.sh
--- firejail-0.9.44.2/platform/rpm/old-mkrpm.sh 2016-12-03 20:14:29.000000000
+0100
+++ firejail-0.9.44.4/platform/rpm/old-mkrpm.sh 2017-01-07 17:43:11.000000000
+0100
@@ -1,5 +1,5 @@
#!/bin/bash
-VERSION="0.9.44.2"
+VERSION="0.9.44.4"
rm -fr ~/rpmbuild
rm -f firejail-$VERSION-1.x86_64.rpm
@@ -458,6 +458,9 @@
chmod u+s /usr/bin/firejail
%changelog
+* Sat Jan 7 2017 netblue30 <netblu...@yahoo.com> 0.9.44.4-1
+ - security release
+
* Sat Dec 3 2016 netblue30 <netblu...@yahoo.com> 0.9.44.2-1
- bugfix release
diff -Nru firejail-0.9.44.2/RELNOTES firejail-0.9.44.4/RELNOTES
--- firejail-0.9.44.2/RELNOTES 2016-12-04 14:08:49.000000000 +0100
+++ firejail-0.9.44.4/RELNOTES 2017-01-07 17:52:27.000000000 +0100
@@ -1,7 +1,15 @@
+firejail (0.9.44.4) baseline; urgency=low
+ * security: --bandwidth root shell found by Martin Carpenter
+ * security: disabled --allow-debuggers when running on kernel
+ versions prior to 4.8; a kernel bug in ptrace system call
+ allows a full bypass of seccomp filter; problem reported by Lizzie Dixon
+ * security: root exploit found by Sebastian Krahmer (CVE-2017-5180)
+ -- netblue30 <netblu...@yahoo.com> Sat, 7 Jan 2017 10:00:00 -0500
+
firejail (0.9.44.2) baseline; urgency=low
- * security: overwrite /etc/resolv.conf found by Martin Carpenter
+ * security: overwrite /etc/resolv.conf found by Martin Carpenter
(CVE-2016-10118)
* secuirty: TOCTOU exploit for --get and --put found by Daniel Hodson
- * security: invalid environment exploit found by Martin Carpenter
+ * security: invalid environment exploit found by Martin Carpenter
(CVE-2016-10122)
* security: several security enhancements
* bugfix: crashing VLC by pressing Ctrl-O
* bugfix: use user configured icons in KDE
@@ -17,7 +25,7 @@
-- netblue30 <netblu...@yahoo.com> Fri, 2 Dec 2016 08:00:00 -0500
firejail (0.9.44) baseline; urgency=low
- * CVE-2016-7545 submitted by Aleksey Manevich
+ * CVE-2016-9016 submitted by Aleksey Manevich
* modifs: removed man firejail-config
* modifs: --private-tmp whitelists /tmp/.X11-unix directory
* modifs: Nvidia drivers added to --private-dev
@@ -124,6 +132,29 @@
* bugfixes
-- netblue30 <netblu...@yahoo.com> Sun, 29 May 2016 08:00:00 -0500
+firejail (0.9.38.8) baseline; urgency=low
+ * security: root exploit found by Sebastian Krahmer (CVE-2017-5180)
+ -- netblue30 <netblu...@yahoo.com> Sat, 7 Jan 2017 10:00:00 -0500
+
+firejail (0.9.38.6) baseline; urgency=low
+ * security: overwrite /etc/resolv.conf found by Martin Carpenter
(CVE-2016-10118)
+ * bugfix: crashing VLC by pressing Ctrl-O
+ -- netblue30 <netblu...@yahoo.com> Fri, 16 Dec 2016 10:00:00 -0500
+
+firejail (0.9.38.4) baseline; urgency=low
+ * CVE-2016-7545 submitted by Aleksey Manevich
+ * bugfixes
+ -- netblue30 <netblu...@yahoo.com> Mon, 10 Oct 2016 10:00:00 -0500
+
+firejail (0.9.38.2) baseline; urgency=low
+ * security: --whitelist deleted files, submitted by Vasya Novikov
+ * security: disable x32 ABI, submitted by Jann Horn
+ * security: tighten --chroot, submitted by Jann Horn
+ * security: terminal sandbox escape, submitted by Stephan Sokolow
+ * feature: clean local overlay storage directory (--overlay-clean)
+ * bugfixes
+ -- netblue30 <netblu...@yahoo.com> Tue, 23 Aug 2016 10:00:00 -0500
+
firejail (0.9.38) baseline; urgency=low
* IPv6 support (--ip6 and --netfilter6)
* --join command enhancement (--join-network, --join-filesystem)
@@ -134,11 +165,12 @@
* added KMail, Seamonkey, Telegram, Mathematica, uGet,
* and mupen64plus profiles
* --chroot in user mode allowed only if seccomp support is available
- * in current Linux kernel
+ * in current Linux kernel (CVE-2016-10123)
* deprecated --private-home feature
* the first protocol list installed takes precedence
- * --tmpfs option allowed only running as root
+ * --tmpfs option allowed only running as root (CVE-2016-10117)
* added --private-tmp option
+ * weak permissions (CVE-2016-10119, CVE-2016-10120, CVE-2016-10121)
* bugfixes
-- netblue30 <netblu...@yahoo.com> Tue, 2 Feb 2016 10:00:00 -0500
diff -Nru firejail-0.9.44.2/src/firejail/bandwidth.c
firejail-0.9.44.4/src/firejail/bandwidth.c
--- firejail-0.9.44.2/src/firejail/bandwidth.c 2016-11-08 02:42:06.000000000
+0100
+++ firejail-0.9.44.4/src/firejail/bandwidth.c 2017-01-07 04:53:55.000000000
+0100
@@ -450,15 +450,8 @@
if (setregid(0, 0))
errExit("setregid");
- if (!cfg.shell)
- cfg.shell = guess_shell();
- if (!cfg.shell) {
- fprintf(stderr, "Error: no POSIX shell found, please use
--shell command line option\n");
- exit(1);
- }
-
char *arg[4];
- arg[0] = cfg.shell;
+ arg[0] = "/bin/sh";
arg[1] = "-c";
arg[2] = cmd;
arg[3] = NULL;
diff -Nru firejail-0.9.44.2/src/firejail/firejail.h
firejail-0.9.44.4/src/firejail/firejail.h
--- firejail-0.9.44.2/src/firejail/firejail.h 2016-11-02 16:08:15.000000000
+0100
+++ firejail-0.9.44.4/src/firejail/firejail.h 2017-01-07 04:52:35.000000000
+0100
@@ -463,6 +463,7 @@
uid_t get_group_id(const char *group);
int remove_directory(const char *path);
void flush_stdin(void);
+int set_perms(const char *fname, uid_t uid, gid_t gid, mode_t mode);
// fs_var.c
void fs_var_log(void); // mounting /var/log
diff -Nru firejail-0.9.44.2/src/firejail/fs_home.c
firejail-0.9.44.4/src/firejail/fs_home.c
--- firejail-0.9.44.2/src/firejail/fs_home.c 2016-11-02 16:08:15.000000000
+0100
+++ firejail-0.9.44.4/src/firejail/fs_home.c 2017-01-07 04:52:35.000000000
+0100
@@ -108,6 +108,14 @@
char *src;
char *dest = RUN_XAUTHORITY_FILE;
+ // create an empty file
+ FILE *fp = fopen(dest, "w");
+ if (fp) {
+ fprintf(fp, "\n");
+ SET_PERMS_STREAM(fp, getuid(), getgid(), 0600);
+ fclose(fp);
+ }
+
if (asprintf(&src, "%s/.Xauthority", cfg.homedir) == -1)
errExit("asprintf");
@@ -117,12 +125,25 @@
fprintf(stderr, "Warning: invalid .Xauthority file\n");
return 0;
}
-
- int rv = copy_file(src, dest, -1, -1, 0600);
- if (rv) {
- fprintf(stderr, "Warning: cannot transfer .Xauthority
in private home directory\n");
- return 0;
+
+ pid_t child = fork();
+ if (child < 0)
+ errExit("fork");
+ if (child == 0) {
+ // drop privileges
+ drop_privs(0);
+
+ // copy, set permissions and ownership
+ int rv = copy_file(src, dest, getuid(), getgid(), 0600);
+ if (rv)
+ fprintf(stderr, "Warning: cannot transfer
.Xauthority in private home directory\n");
+ else {
+ fs_logger2("clone", dest);
+ }
+ _exit(0);
}
+ // wait for the child to finish
+ waitpid(child, NULL, 0);
return 1; // file copied
}
@@ -135,6 +156,14 @@
char *src;
char *dest = RUN_ASOUNDRC_FILE;
+ // create an empty file
+ FILE *fp = fopen(dest, "w");
+ if (fp) {
+ fprintf(fp, "\n");
+ SET_PERMS_STREAM(fp, getuid(), getgid(), 0644);
+ fclose(fp);
+ }
+
if (asprintf(&src, "%s/.asoundrc", cfg.homedir) == -1)
errExit("asprintf");
@@ -142,6 +171,7 @@
if (stat(src, &s) == 0) {
if (is_link(src)) {
// make sure the real path of the file is inside the
home directory
+ /* coverity[toctou] */
char* rp = realpath(src, NULL);
if (!rp) {
fprintf(stderr, "Error: Cannot access %s\n",
src);
@@ -154,11 +184,24 @@
free(rp);
}
- int rv = copy_file(src, dest, -1, -1, -0644);
- if (rv) {
- fprintf(stderr, "Warning: cannot transfer .asoundrc in
private home directory\n");
- return 0;
+ pid_t child = fork();
+ if (child < 0)
+ errExit("fork");
+ if (child == 0) {
+ // drop privileges
+ drop_privs(0);
+
+ // copy, set permissions and ownership
+ int rv = copy_file(src, dest, getuid(), getgid(), 0644);
+ if (rv)
+ fprintf(stderr, "Warning: cannot transfer
.asoundrc in private home directory\n");
+ else {
+ fs_logger2("clone", dest);
+ }
+ _exit(0);
}
+ // wait for the child to finish
+ waitpid(child, NULL, 0);
return 1; // file copied
}
@@ -171,13 +214,31 @@
char *dest;
if (asprintf(&dest, "%s/.Xauthority", cfg.homedir) == -1)
errExit("asprintf");
- // copy, set permissions and ownership
- int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
- if (rv)
- fprintf(stderr, "Warning: cannot transfer .Xauthority in
private home directory\n");
- else {
- fs_logger2("clone", dest);
+
+ // if destination is a symbolic link, exit the sandbox!!!
+ if (is_link(dest)) {
+ fprintf(stderr, "Error: %s is a symbolic link\n", dest);
+ exit(1);
+ }
+
+ pid_t child = fork();
+ if (child < 0)
+ errExit("fork");
+ if (child == 0) {
+ // drop privileges
+ drop_privs(0);
+
+ // copy, set permissions and ownership
+ int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR |
S_IWUSR);
+ if (rv)
+ fprintf(stderr, "Warning: cannot transfer .Xauthority
in private home directory\n");
+ else {
+ fs_logger2("clone", dest);
+ }
+ _exit(0);
}
+ // wait for the child to finish
+ waitpid(child, NULL, 0);
// delete the temporary file
unlink(src);
@@ -189,18 +250,37 @@
char *dest;
if (asprintf(&dest, "%s/.asoundrc", cfg.homedir) == -1)
errExit("asprintf");
- // copy, set permissions and ownership
- int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
- if (rv)
- fprintf(stderr, "Warning: cannot transfer .asoundrc in private
home directory\n");
- else {
- fs_logger2("clone", dest);
+
+ // if destination is a symbolic link, exit the sandbox!!!
+ if (is_link(dest)) {
+ fprintf(stderr, "Error: %s is a symbolic link\n", dest);
+ exit(1);
+ }
+
+ pid_t child = fork();
+ if (child < 0)
+ errExit("fork");
+ if (child == 0) {
+ // drop privileges
+ drop_privs(0);
+
+ // copy, set permissions and ownership
+ int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR |
S_IWUSR);
+ if (rv)
+ fprintf(stderr, "Warning: cannot transfer .asoundrc in
private home directory\n");
+ else {
+ fs_logger2("clone", dest);
+ }
+ _exit(0);
}
+ // wait for the child to finish
+ waitpid(child, NULL, 0);
// delete the temporary file
unlink(src);
}
+
// private mode (--private=homedir):
// mount homedir on top of /home/user,
// tmpfs on top of /root in nonroot mode,
diff -Nru firejail-0.9.44.2/src/firejail/main.c
firejail-0.9.44.4/src/firejail/main.c
--- firejail-0.9.44.2/src/firejail/main.c 2016-11-12 14:44:32.000000000
+0100
+++ firejail-0.9.44.4/src/firejail/main.c 2017-01-07 04:52:35.000000000
+0100
@@ -35,6 +35,7 @@
#include <signal.h>
#include <time.h>
#include <net/if.h>
+#include <sys/utsname.h>
#if 0
#include <sys/times.h>
@@ -802,6 +803,24 @@
// detect --allow-debuggers
for (i = 1; i < argc; i++) {
if (strcmp(argv[i], "--allow-debuggers") == 0) {
+ // check kernel version
+ struct utsname u;
+ int rv = uname(&u);
+ if (rv != 0)
+ errExit("uname");
+ int major;
+ int minor;
+ if (2 != sscanf(u.release, "%d.%d", &major, &minor)) {
+ fprintf(stderr, "Error: cannot extract Linux
kernel version: %s\n", u.version);
+ exit(1);
+ }
+ if (major < 4 || (major == 4 && minor < 8)) {
+ fprintf(stderr, "Error: --allow-debuggers is
disabled on Linux kernels prior to 4.8. "
+ "A bug in ptrace call allows a full
bypass of the seccomp filter. "
+ "Your current kernel version is
%d.%d.\n", major, minor);
+ exit(1);
+ }
+
arg_allow_debuggers = 1;
break;
}
diff -Nru firejail-0.9.44.2/src/firejail/pulseaudio.c
firejail-0.9.44.4/src/firejail/pulseaudio.c
--- firejail-0.9.44.2/src/firejail/pulseaudio.c 2016-11-02 16:08:15.000000000
+0100
+++ firejail-0.9.44.4/src/firejail/pulseaudio.c 2017-01-07 04:52:35.000000000
+0100
@@ -1,4 +1,4 @@
-/*
+ /*
* Copyright (C) 2014-2016 Firejail Authors
*
* This file is part of firejail project
@@ -22,6 +22,7 @@
#include <sys/stat.h>
#include <sys/mount.h>
#include <dirent.h>
+#include <sys/wait.h>
static void disable_file(const char *path, const char *file) {
assert(file);
@@ -125,34 +126,67 @@
SET_PERMS_STREAM(fp, getuid(), getgid(), 0644);
fclose(fp);
+
// create ~/.config/pulse directory if not present
char *dir1;
if (asprintf(&dir1, "%s/.config", cfg.homedir) == -1)
errExit("asprintf");
if (stat(dir1, &s) == -1) {
- int rv = mkdir(dir1, 0755);
- if (rv == 0) {
- rv = chown(dir1, getuid(), getgid());
- (void) rv;
- rv = chmod(dir1, 0755);
- (void) rv;
+ pid_t child = fork();
+ if (child < 0)
+ errExit("fork");
+ if (child == 0) {
+ // drop privileges
+ drop_privs(0);
+
+ int rv = mkdir(dir1, 0755);
+ if (rv == 0) {
+ if (set_perms(dir1, getuid(), getgid(), 0755))
+ {;} // do nothing
+ }
+ _exit(0);
+ }
+ // wait for the child to finish
+ waitpid(child, NULL, 0);
+ }
+ else {
+ // make sure the directory is owned by the user
+ if (s.st_uid != getuid()) {
+ fprintf(stderr, "Error: user .config directory is not
owned by the current user\n");
+ exit(1);
}
}
free(dir1);
+
if (asprintf(&dir1, "%s/.config/pulse", cfg.homedir) == -1)
errExit("asprintf");
if (stat(dir1, &s) == -1) {
- int rv = mkdir(dir1, 0700);
- if (rv == 0) {
- rv = chown(dir1, getuid(), getgid());
- (void) rv;
- rv = chmod(dir1, 0700);
- (void) rv;
+ pid_t child = fork();
+ if (child < 0)
+ errExit("fork");
+ if (child == 0) {
+ // drop privileges
+ drop_privs(0);
+
+ int rv = mkdir(dir1, 0700);
+ if (rv == 0) {
+ if (set_perms(dir1, getuid(), getgid(), 0700))
+ {;} // do nothing
+ }
+ _exit(0);
+ }
+ // wait for the child to finish
+ waitpid(child, NULL, 0);
+ }
+ else {
+ // make sure the directory is owned by the user
+ if (s.st_uid != getuid()) {
+ fprintf(stderr, "Error: user .config/pulse directory is
not owned by the current user\n");
+ exit(1);
}
}
free(dir1);
-
// if we have ~/.config/pulse mount the new directory, else set
environment variable
char *homeusercfg;
if (asprintf(&homeusercfg, "%s/.config/pulse", cfg.homedir) == -1)
diff -Nru firejail-0.9.44.2/src/firejail/util.c
firejail-0.9.44.4/src/firejail/util.c
--- firejail-0.9.44.2/src/firejail/util.c 2016-11-02 16:08:15.000000000
+0100
+++ firejail-0.9.44.4/src/firejail/util.c 2017-01-07 04:52:35.000000000
+0100
@@ -689,4 +689,14 @@
}
}
}
+// return 1 if error
+int set_perms(const char *fname, uid_t uid, gid_t gid, mode_t mode) {
+ assert(fname);
+ if (chmod(fname, mode) == -1)
+ return 1;
+ if (chown(fname, uid, gid) == -1)
+ return 1;
+ return 0;
+}
+
diff -Nru firejail-0.9.44.2/src/man/firejail.txt
firejail-0.9.44.4/src/man/firejail.txt
--- firejail-0.9.44.2/src/man/firejail.txt 2016-11-02 19:36:03.000000000
+0100
+++ firejail-0.9.44.4/src/man/firejail.txt 2017-01-07 04:52:35.000000000
+0100
@@ -76,7 +76,9 @@
Signal the end of options and disables further option processing.
.TP
\fB\-\-allow-debuggers
-Allow tools such as strace and gdb inside the sandbox.
+Allow tools such as strace and gdb inside the sandbox. This option is only
available
+when running on Linux kernels 4.8 or newer - a kernel bug in ptrace system
call allows a full
+bypass of the seccomp filter.
.br
.br
diff -Nru firejail-0.9.44.2/test/environment/environment.sh
firejail-0.9.44.4/test/environment/environment.sh
--- firejail-0.9.44.2/test/environment/environment.sh 2016-11-02
16:06:37.000000000 +0100
+++ firejail-0.9.44.4/test/environment/environment.sh 2017-01-07
15:18:33.000000000 +0100
@@ -82,12 +82,12 @@
echo "TESTING: quiet (test/environment/quiet.exp)"
./quiet.exp
-which strace
-if [ "$?" -eq 0 ];
-then
- echo "TESTING: --allow-debuggers
(test/environment/allow-debuggers.exp)"
- ./allow-debuggers.exp
-else
- echo "TESTING SKIP: strace not found"
-fi
+#which strace
+#if [ "$?" -eq 0 ];
+#then
+# echo "TESTING: --allow-debuggers
(test/environment/allow-debuggers.exp)"
+# ./allow-debuggers.exp
+#else
+# echo "TESTING SKIP: strace not found"
+#fi
--- End Message ---
