grsecurity: fix Error fopen:network_get_defaultgw(479): Permission denied

2 files changed, 4 insertions, 1 deletions

diff --git a/src/firejail/main.c b/src/firejail/main.c
index 91e5e9229..0e0ec094c 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -174,7 +174,7 @@ static void init_cfg(int argc, char **argv) {
         cfg.bridge3.devsandbox = "eth3";
         
         // extract user data
-        EUID_ROOT();
+        EUID_ROOT(); // rise permissions for grsecurity
         struct passwd *pw = getpwuid(getuid());
         if (!pw)
                 errExit("getpwuid");
diff --git a/src/firejail/network_main.c b/src/firejail/network_main.c
index 3fb79b9f4..a8ebb3480 100644
--- a/src/firejail/network_main.c
+++ b/src/firejail/network_main.c
@@ -212,7 +212,10 @@ void net_check_cfg(void) {
                 // first network is a mac device
                 else {
                         // get the host default gw
+                        EUID_ROOT();    // rise permissions for grsecurity
+                        // Error fopen:network_get_defaultgw(479): Permission denied
                         uint32_t gw = network_get_defaultgw();
+                        EUID_USER();
                         // check the gateway is network range
                         if (in_netrange(gw, cfg.bridge0.ip, cfg.bridge0.mask))
                                 gw = 0;