lower some more privs

author: smitsohu <smitsohu@gmail.com> 2018-05-09 11:16:45 +0200
committer: smitsohu <smitsohu@gmail.com> 2018-05-09 11:16:45 +0200
commit: 6dd512ca16d4335f13356b57c0a169d9c5c8e350 (patch)
tree: 432d22c4f47cd9275958f158a444ad4ab3315b6f
parent: don't display firejail --list/--tree/--top processes in firemon stats (diff)
download: firejail-6dd512ca16d4335f13356b57c0a169d9c5c8e350.tar.gz
firejail-6dd512ca16d4335f13356b57c0a169d9c5c8e350.tar.zst
firejail-6dd512ca16d4335f13356b57c0a169d9c5c8e350.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index a765be1b6..b1b30cd5e 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -196,6 +196,7 @@ static void whitelist_path(ProfileEntry *entry) {
        const char *fname;
        char *wfile = NULL;
+        EUID_USER();
        if (entry->home_dir) {
                if (strncmp(path, cfg.homedir, strlen(cfg.homedir)) == 0) {
                        fname = path + strlen(cfg.homedir);
@@ -290,9 +291,12 @@ static void whitelist_path(ProfileEntry *entry) {
                if (arg_debug || arg_debug_whitelists)
                        printf("Whitelisting %s\n", path);
        }
-        else
+        else {
+                EUID_ROOT();
                return;
+        }
+        EUID_ROOT();
        // create the path if necessary
        mkpath(path, s.st_mode);
        fs_logger2("whitelist", path);
author	smitsohu <smitsohu@gmail.com>	2018-05-09 11:16:45 +0200
committer	smitsohu <smitsohu@gmail.com>	2018-05-09 11:16:45 +0200
commit	6dd512ca16d4335f13356b57c0a169d9c5c8e350 (patch)
tree	432d22c4f47cd9275958f158a444ad4ab3315b6f
parent	don't display firejail --list/--tree/--top processes in firemon stats (diff)
download	firejail-6dd512ca16d4335f13356b57c0a169d9c5c8e350.tar.gz firejail-6dd512ca16d4335f13356b57c0a169d9c5c8e350.tar.zst firejail-6dd512ca16d4335f13356b57c0a169d9c5c8e350.zip