Merge pull request #1918 from smitsohu/whitelist

priv tweak
author: netblue30 <netblue30@yahoo.com> 2018-05-01 07:27:07 -0500
committer: GitHub <noreply@github.com> 2018-05-01 07:27:07 -0500
commit: 6763667433dd6dc76f082ab1cb1306ba6d104de3 (patch)
tree: aeb6795fcfdf90edfd2679fb0f99747ce994b987
parent: remove ping from firecfg configuration until we fix #1912 (diff)
parent: lower privs (diff)
download: firejail-6763667433dd6dc76f082ab1cb1306ba6d104de3.tar.gz
firejail-6763667433dd6dc76f082ab1cb1306ba6d104de3.tar.zst
firejail-6763667433dd6dc76f082ab1cb1306ba6d104de3.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 2b63d949d..60bb0f6ed 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -37,6 +37,7 @@ static char *dentry[] = {
 #define EMPTY_STRING ("")
 #define MAXBUF 4098
 static char *resolve_downloads(int nowhitelist_flag) {
+        EUID_ASSERT();
        char *fname;
        struct stat s;
@@ -362,6 +363,7 @@ void fs_whitelist(void) {
                errExit("failed allocating memory for nowhitelist entries");
        // verify whitelist files, extract symbolic links, etc.
+        EUID_USER();
        while (entry) {
                int nowhitelist_flag = 0;
@@ -653,6 +655,7 @@ void fs_whitelist(void) {
        assert(nowhitelist);
        free(nowhitelist);
+        EUID_ROOT();
        // /home/user
        if (home_dir) {
                // keep a copy of real home dir in RUN_WHITELIST_HOME_USER_DIR
author	netblue30 <netblue30@yahoo.com>	2018-05-01 07:27:07 -0500
committer	GitHub <noreply@github.com>	2018-05-01 07:27:07 -0500
commit	6763667433dd6dc76f082ab1cb1306ba6d104de3 (patch)
tree	aeb6795fcfdf90edfd2679fb0f99747ce994b987
parent	remove ping from firecfg configuration until we fix #1912 (diff)
parent	lower privs (diff)
download	firejail-6763667433dd6dc76f082ab1cb1306ba6d104de3.tar.gz firejail-6763667433dd6dc76f082ab1cb1306ba6d104de3.tar.zst firejail-6763667433dd6dc76f082ab1cb1306ba6d104de3.zip