diff options
| author |  smitsohu <smitsohu@gmail.com> | 2019-07-22 14:29:27 +0200 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2019-07-22 14:29:27 +0200 |
| commit | b9fe3cca6a0921d35d919f234e3f9faf7910ce3f (patch) | |
| tree | b5b87d89a764d72c77ba5a5d4110f2dc774a6f09 | |
| parent | merges (diff) | |
| download | firejail-b9fe3cca6a0921d35d919f234e3f9faf7910ce3f.tar.gz firejail-b9fe3cca6a0921d35d919f234e3f9faf7910ce3f.tar.zst firejail-b9fe3cca6a0921d35d919f234e3f9faf7910ce3f.zip | |
fix verbosity for non-authorized user
users not in firejail.users should only see the error,
not the symlink warning. Also exposes less code to non-
authorized users.
| -rw-r--r-- | etc/firejail.config | 2 | ||||
| -rw-r--r-- | src/firejail/main.c | 28 |
2 files changed, 15 insertions, 15 deletions
diff --git a/etc/firejail.config b/etc/firejail.config index 4c0cb2a41..1f80cedee 100644 --- a/etc/firejail.config +++ b/etc/firejail.config | |||
| @@ -2,7 +2,7 @@ | |||
| 2 | # keyword-argument pairs, one per line. Most features are enabled by default. | 2 | # keyword-argument pairs, one per line. Most features are enabled by default. |
| 3 | # Use 'yes' or 'no' as configuration values. | 3 | # Use 'yes' or 'no' as configuration values. |
| 4 | 4 | ||
| 5 | # Allow symbolic links in path of user home directories, default disabled. | 5 | # Resolve symbolic links in path of user home directories, default disabled. |
| 6 | # homedir-symlink no | 6 | # homedir-symlink no |
| 7 | 7 | ||
| 8 | # Enable AppArmor functionality, default enabled. | 8 | # Enable AppArmor functionality, default enabled. |
diff --git a/src/firejail/main.c b/src/firejail/main.c index d1c41c58a..f5785ff50 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -302,29 +302,29 @@ static void init_cfg(int argc, char **argv) { | |||
| 302 | if (!cfg.username) | 302 | if (!cfg.username) |
| 303 | errExit("strdup"); | 303 | errExit("strdup"); |
| 304 | 304 | ||
| 305 | // build home directory name | 305 | // check user database |
| 306 | if (pw->pw_dir == NULL) { | 306 | if (!firejail_user_check(cfg.username)) { |
| 307 | fprintf(stderr, "Error: user %s doesn't have a user directory assigned\n", cfg.username); | 307 | fprintf(stderr, "Error: the user is not allowed to use Firejail.\n" |
| 308 | "Please add the user in %s/firejail.users file,\n" | ||
| 309 | "either by running \"sudo firecfg\", or by editing the file directly.\n" | ||
| 310 | "See \"man firejail-users\" for more details.\n\n", SYSCONFDIR); | ||
| 311 | |||
| 312 | // attempt to run the program as is | ||
| 313 | run_symlink(argc, argv, 1); | ||
| 308 | exit(1); | 314 | exit(1); |
| 309 | } | 315 | } |
| 310 | build_cfg_homedir(pw->pw_dir); | ||
| 311 | assert(cfg.homedir); | ||
| 312 | 316 | ||
| 313 | cfg.cwd = getcwd(NULL, 0); | 317 | cfg.cwd = getcwd(NULL, 0); |
| 314 | if (!cfg.cwd && errno != ENOENT) | 318 | if (!cfg.cwd && errno != ENOENT) |
| 315 | errExit("getcwd"); | 319 | errExit("getcwd"); |
| 316 | 320 | ||
| 317 | // check user database | 321 | // build home directory name |
| 318 | if (!firejail_user_check(cfg.username)) { | 322 | if (pw->pw_dir == NULL) { |
| 319 | fprintf(stderr, "Error: the user is not allowed to use Firejail. " | 323 | fprintf(stderr, "Error: user %s doesn't have a user directory assigned\n", cfg.username); |
| 320 | "Please add the user in %s/firejail.users file, " | ||
| 321 | "either by running \"sudo firecfg\", or by editing the file directly.\n" | ||
| 322 | "See \"man firejail-users\" for more details.\n", SYSCONFDIR); | ||
| 323 | |||
| 324 | // attempt to run the program as is | ||
| 325 | run_symlink(argc, argv, 1); | ||
| 326 | exit(1); | 324 | exit(1); |
| 327 | } | 325 | } |
| 326 | build_cfg_homedir(pw->pw_dir); | ||
| 327 | assert(cfg.homedir); | ||
| 328 | 328 | ||
| 329 | // initialize random number generator | 329 | // initialize random number generator |
| 330 | sandbox_pid = getpid(); | 330 | sandbox_pid = getpid(); |