diff options
| author |  smitsohu <smitsohu@gmail.com> | 2019-12-23 02:07:33 +0100 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2019-12-23 02:07:33 +0100 |
| commit | 34b39fd486af4e2f586d20fcea275940a5df41e9 (patch) | |
| tree | 50f7281cfc1320c26dfd28b03f57fcadf8f463a9 /src/firejail/protocol.c | |
| parent | move invalid_sandbox function to join module (diff) | |
| download | firejail-34b39fd486af4e2f586d20fcea275940a5df41e9.tar.gz firejail-34b39fd486af4e2f586d20fcea275940a5df41e9.tar.zst firejail-34b39fd486af4e2f586d20fcea275940a5df41e9.zip | |
let join wait if target sandbox is not ready yet
fixes #2139
Diffstat (limited to 'src/firejail/protocol.c')
| -rw-r--r-- | src/firejail/protocol.c | 17 |
1 files changed, 2 insertions, 15 deletions
diff --git a/src/firejail/protocol.c b/src/firejail/protocol.c index 72d29c671..d3a9e0153 100644 --- a/src/firejail/protocol.c +++ b/src/firejail/protocol.c | |||
| @@ -67,21 +67,8 @@ void protocol_print_filter(pid_t pid) { | |||
| 67 | // in case the pid is that of a firejail process, use the pid of the first child process | 67 | // in case the pid is that of a firejail process, use the pid of the first child process |
| 68 | pid = switch_to_child(pid); | 68 | pid = switch_to_child(pid); |
| 69 | 69 | ||
| 70 | // now check if the pid belongs to a firejail sandbox | 70 | // exit if no permission to join the sandbox |
| 71 | if (invalid_sandbox(pid)) { | 71 | check_join_permission(pid); |
| 72 | fprintf(stderr, "Error: no valid sandbox\n"); | ||
| 73 | exit(1); | ||
| 74 | } | ||
| 75 | |||
| 76 | // check privileges for non-root users | ||
| 77 | uid_t uid = getuid(); | ||
| 78 | if (uid != 0) { | ||
| 79 | uid_t sandbox_uid = pid_get_uid(pid); | ||
| 80 | if (uid != sandbox_uid) { | ||
| 81 | fprintf(stderr, "Error: permission denied.\n"); | ||
| 82 | exit(1); | ||
| 83 | } | ||
| 84 | } | ||
| 85 | 72 | ||
| 86 | // find the seccomp filter | 73 | // find the seccomp filter |
| 87 | EUID_ROOT(); | 74 | EUID_ROOT(); |