diff options
| author |  rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-05-13 09:11:10 +0200 |
|---|---|---|
| committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-05-14 11:21:28 +0200 |
| commit | 15d79383880e4a6efecd373b344e02a5a895c217 (patch) | |
| tree | c51d87c33c985f735863369072f5735cc141a9a3 | |
| parent | Fix bijiben (diff) | |
| download | firejail-15d79383880e4a6efecd373b344e02a5a895c217.tar.gz firejail-15d79383880e4a6efecd373b344e02a5a895c217.tar.zst firejail-15d79383880e4a6efecd373b344e02a5a895c217.zip | |
Try to fix #2310 -- Can't create run directory without suid-root
| -rw-r--r-- | src/common.mk.in | 7 | ||||
| -rw-r--r-- | src/firejail/main.c | 8 |
2 files changed, 14 insertions, 1 deletions
diff --git a/src/common.mk.in b/src/common.mk.in index b379aef7f..f88da55ac 100644 --- a/src/common.mk.in +++ b/src/common.mk.in | |||
| @@ -23,6 +23,11 @@ HAVE_FIRETUNNEL=@HAVE_FIRETUNNEL@ | |||
| 23 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | 23 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ |
| 24 | HAVE_GCOV=@HAVE_GCOV@ | 24 | HAVE_GCOV=@HAVE_GCOV@ |
| 25 | HAVE_SELINUX=@HAVE_SELINUX@ | 25 | HAVE_SELINUX=@HAVE_SELINUX@ |
| 26 | ifeq (@HAVE_SUID@, yes) | ||
| 27 | HAVE_SUID=-DHAVE_SUID | ||
| 28 | else | ||
| 29 | HAVE_SUID= | ||
| 30 | endif | ||
| 26 | HAVE_DBUSPROXY=@HAVE_DBUSPROXY@ | 31 | HAVE_DBUSPROXY=@HAVE_DBUSPROXY@ |
| 27 | HAVE_USERTMPFS=@HAVE_USERTMPFS@ | 32 | HAVE_USERTMPFS=@HAVE_USERTMPFS@ |
| 28 | HAVE_OUTPUT=@HAVE_OUTPUT@ | 33 | HAVE_OUTPUT=@HAVE_OUTPUT@ |
| @@ -37,7 +42,7 @@ BINOBJS = $(foreach file, $(OBJS), $file) | |||
| 37 | CFLAGS = @CFLAGS@ | 42 | CFLAGS = @CFLAGS@ |
| 38 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) | 43 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) |
| 39 | CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' | 44 | CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' |
| 40 | MANFLAGS = $(HAVE_LTS) $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX) $(HAVE_FORCE_NONEWPRIVS) | 45 | MANFLAGS = $(HAVE_LTS) $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX) $(HAVE_SUID) $(HAVE_FORCE_NONEWPRIVS) |
| 41 | CFLAGS += $(MANFLAGS) | 46 | CFLAGS += $(MANFLAGS) |
| 42 | CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security | 47 | CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security |
| 43 | LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now -lpthread | 48 | LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now -lpthread |
diff --git a/src/firejail/main.c b/src/firejail/main.c index d6de6d997..f5797a2d8 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -982,6 +982,14 @@ int main(int argc, char **argv, char **envp) { | |||
| 982 | int arg_caps_cmdline = 0; // caps requested on command line (used to break out of --chroot) | 982 | int arg_caps_cmdline = 0; // caps requested on command line (used to break out of --chroot) |
| 983 | char **ptr; | 983 | char **ptr; |
| 984 | 984 | ||
| 985 | #ifndef HAVE_SUID | ||
| 986 | if (geteuid() != 0) { | ||
| 987 | fprintf(stderr, "Error: Firejail needs to be SUID.\n"); | ||
| 988 | fprintf(stderr, "Assuming firejail is installed in /usr/bin, execute the following command as root:\n"); | ||
| 989 | fprintf(stderr, " chmod u+s /usr/bin/firejail\n"); | ||
| 990 | } | ||
| 991 | #endif | ||
| 992 | |||
| 985 | // sanitize the umask | 993 | // sanitize the umask |
| 986 | orig_umask = umask(022); | 994 | orig_umask = umask(022); |
| 987 | 995 | ||