x11 fix

author: netblue30 <netblue30@yahoo.com> 2016-03-18 21:43:10 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-03-18 21:43:10 -0400
commit: a43d86b9904052ccbe33a8a3c62dadee2b755e87 (patch)
tree: 496e6d753da7cc6658e15762e6dc81dd5a29af7b
parent: run time networking support (diff)
download: firejail-a43d86b9904052ccbe33a8a3c62dadee2b755e87.tar.gz
firejail-a43d86b9904052ccbe33a8a3c62dadee2b755e87.tar.zst
firejail-a43d86b9904052ccbe33a8a3c62dadee2b755e87.zip
2 files changed, 14 insertions, 7 deletions
diff --git a/src/firejail/x11.c b/src/firejail/x11.c
index 8c781c67a..a7bd9fd29 100644
--- a/src/firejail/x11.c
+++ b/src/firejail/x11.c
@@ -127,6 +127,13 @@ void x11_start(int argc, char **argv) {
        pid_t client = 0;
        pid_t server = 0;
        
+        // unfortunately, xpra does a number of wired things when started by root user!!!
+        if (getuid() == 0) {
+                fprintf(stderr, "Error: this feature is not available when running as root\n");
+                exit(1);
+        }
        // check xpra
        if (x11_check_xpra() == 0) {
                fprintf(stderr, "\nError: Xpra program was not found in /usr/bin directory, please install it:\n");
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index fead4eaf5..b72296387 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1516,7 +1516,7 @@ $ firejail "\-\-whitelist=/home/username/My Virtual Machines"
 Start a new X11 server using Xpra (http://xpra.org) and attach the sandbox to this server.
 Xpra is a persistent remote display server and client for forwarding X11 applications and desktop screens.
 The regular X11 server (display 0) is not visible in the sandbox. This prevents screenshot and keylogger
-applications started in the sandbox from accessing display 0.
+applications started in the sandbox from accessing display 0. This feature is not available when running as root. 
 .br
 .br
@@ -1535,29 +1535,29 @@ Example:
 $ firejail \-\-zsh
 .SH FILE TRANSFER
-These features allow the user to inspect the file system container of an existing sandbox
+These features allow the user to inspect the filesystem container of an existing sandbox
-and transfer files from the container to the host file system.
+and transfer files from the container to the host filesystem.
 .TP
 \fB\-\-get=name filename
 Retrieve the container file and store it on the host in the current working directory.
-The container is spececified by name (\-\-name option). Full path is needed for filename.
+The container is specified by name (\-\-name option). Full path is needed for filename.
 .TP
 \fB\-\-get=pid filename
 Retrieve the container file and store it on the host in the current working directory.
-The container is spececified by process ID. Full path is needed for filename.
+The container is specified by process ID. Full path is needed for filename.
 .TP
 \fB\-\-ls=name dir_or_filename
 List container files.
-The container is spececified by name (\-\-name option).
+The container is specified by name (\-\-name option).
 Full path is needed for dir_or_filename.
 .TP
 \fB\-\-ls=pid dir_or_filename
 List container files.
-The container is spececified by process ID.
+The container is specified by process ID.
 Full path is needed for dir_or_filename.
 .TP
author	netblue30 <netblue30@yahoo.com>	2016-03-18 21:43:10 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-03-18 21:43:10 -0400
commit	a43d86b9904052ccbe33a8a3c62dadee2b755e87 (patch)
tree	496e6d753da7cc6658e15762e6dc81dd5a29af7b
parent	run time networking support (diff)
download	firejail-a43d86b9904052ccbe33a8a3c62dadee2b755e87.tar.gz firejail-a43d86b9904052ccbe33a8a3c62dadee2b755e87.tar.zst firejail-a43d86b9904052ccbe33a8a3c62dadee2b755e87.zip