fixed join/shutdown problem, moving browsers and mail clients to a --shell=none default in profile files

author: netblue30 <netblue30@yahoo.com> 2015-10-19 14:46:24 -0400
committer: netblue30 <netblue30@yahoo.com> 2015-10-19 14:46:24 -0400
commit: 0021c29f7f25a5020091182c690407a753f933e4 (patch)
tree: 3f3eb4172c96cc6f92ddfa636053d19c7e55f1ab /src/firejail/shutdown.c
parent: testing (diff)
download: firejail-0021c29f7f25a5020091182c690407a753f933e4.tar.gz
firejail-0021c29f7f25a5020091182c690407a753f933e4.tar.zst
firejail-0021c29f7f25a5020091182c690407a753f933e4.zip
1 files changed, 2 insertions, 7 deletions
diff --git a/src/firejail/shutdown.c b/src/firejail/shutdown.c
index f37869bd0..649f86800 100644
--- a/src/firejail/shutdown.c
+++ b/src/firejail/shutdown.c
@@ -60,13 +60,8 @@ void shut(pid_t pid) {
        // check privileges for non-root users
        uid_t uid = getuid();
        if (uid != 0) {
-                struct stat s;
+                uid_t sandbox_uid = pid_get_uid(pid);
-                char *dir;
+                if (uid != sandbox_uid) {
-                if (asprintf(&dir, "/proc/%u/ns", pid) == -1)
-                        errExit("asprintf");
-                if (stat(dir, &s) < 0)
-                        errExit("stat");
-                if (s.st_uid != uid) {
                        fprintf(stderr, "Error: permission is denied to shutdown a sandbox created by a different user.\n");
                        exit(1);
                }
author	netblue30 <netblue30@yahoo.com>	2015-10-19 14:46:24 -0400
committer	netblue30 <netblue30@yahoo.com>	2015-10-19 14:46:24 -0400
commit	0021c29f7f25a5020091182c690407a753f933e4 (patch)
tree	3f3eb4172c96cc6f92ddfa636053d19c7e55f1ab /src/firejail/shutdown.c
parent	testing (diff)
download	firejail-0021c29f7f25a5020091182c690407a753f933e4.tar.gz firejail-0021c29f7f25a5020091182c690407a753f933e4.tar.zst firejail-0021c29f7f25a5020091182c690407a753f933e4.zip