diff options
author | smitsohu <smitsohu@gmail.com> | 2019-12-23 02:07:33 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2019-12-23 02:07:33 +0100 |
commit | 34b39fd486af4e2f586d20fcea275940a5df41e9 (patch) | |
tree | 50f7281cfc1320c26dfd28b03f57fcadf8f463a9 /src/firejail/network_main.c | |
parent | move invalid_sandbox function to join module (diff) | |
download | firejail-34b39fd486af4e2f586d20fcea275940a5df41e9.tar.gz firejail-34b39fd486af4e2f586d20fcea275940a5df41e9.tar.zst firejail-34b39fd486af4e2f586d20fcea275940a5df41e9.zip |
let join wait if target sandbox is not ready yet
fixes #2139
Diffstat (limited to 'src/firejail/network_main.c')
-rw-r--r-- | src/firejail/network_main.c | 17 |
1 files changed, 2 insertions, 15 deletions
diff --git a/src/firejail/network_main.c b/src/firejail/network_main.c index 6a199469a..6800bde8d 100644 --- a/src/firejail/network_main.c +++ b/src/firejail/network_main.c | |||
@@ -272,21 +272,8 @@ void net_dns_print(pid_t pid) { | |||
272 | // in case the pid is that of a firejail process, use the pid of the first child process | 272 | // in case the pid is that of a firejail process, use the pid of the first child process |
273 | pid = switch_to_child(pid); | 273 | pid = switch_to_child(pid); |
274 | 274 | ||
275 | // now check if the pid belongs to a firejail sandbox | 275 | // exit if no permission to join the sandbox |
276 | if (invalid_sandbox(pid)) { | 276 | check_join_permission(pid); |
277 | fprintf(stderr, "Error: no valid sandbox\n"); | ||
278 | exit(1); | ||
279 | } | ||
280 | |||
281 | // check privileges for non-root users | ||
282 | uid_t uid = getuid(); | ||
283 | if (uid != 0) { | ||
284 | uid_t sandbox_uid = pid_get_uid(pid); | ||
285 | if (uid != sandbox_uid) { | ||
286 | fprintf(stderr, "Error: permission denied.\n"); | ||
287 | exit(1); | ||
288 | } | ||
289 | } | ||
290 | 277 | ||
291 | EUID_ROOT(); | 278 | EUID_ROOT(); |
292 | if (join_namespace(pid, "mnt")) | 279 | if (join_namespace(pid, "mnt")) |