diff options
| author |  netblue30 <netblue30@yahoo.com> | 2018-08-26 13:23:28 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2018-08-26 13:23:28 -0400 |
| commit | 95deecf1f3128c2fd6984c6b6f4a8f540441188b (patch) | |
| tree | 3a5572c53e31adc7ab5e3de1d3862563e55f5e65 /src/lib/firejail_user.c | |
| parent | support for local user directories in firecfg (--bindir) (diff) | |
| download | firejail-95deecf1f3128c2fd6984c6b6f4a8f540441188b.tar.gz firejail-95deecf1f3128c2fd6984c6b6f4a8f540441188b.tar.zst firejail-95deecf1f3128c2fd6984c6b6f4a8f540441188b.zip | |
allow system users to run the sandbox
Diffstat (limited to 'src/lib/firejail_user.c')
| -rw-r--r-- | src/lib/firejail_user.c | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/src/lib/firejail_user.c b/src/lib/firejail_user.c index c7af14254..b0f56a19a 100644 --- a/src/lib/firejail_user.c +++ b/src/lib/firejail_user.c | |||
| @@ -107,10 +107,8 @@ int firejail_user_check(const char *name) { | |||
| 107 | if (strcmp(name, "root") == 0) | 107 | if (strcmp(name, "root") == 0) |
| 108 | return 1; | 108 | return 1; |
| 109 | 109 | ||
| 110 | // other system users will run the program as is | 110 | // user nobody is never allowed |
| 111 | uid_t uid = getuid(); | 111 | if (strcmp(name, "root") == 0) |
| 112 | assert(uid_min > 0); | ||
| 113 | if (((int) uid < uid_min && uid != 0) || strcmp(name, "nobody") == 0) | ||
| 114 | return 0; | 112 | return 0; |
| 115 | 113 | ||
| 116 | // check file existence | 114 | // check file existence |
| @@ -155,7 +153,7 @@ void firejail_user_add(const char *name) { | |||
| 155 | struct passwd *pw = getpwnam(name); | 153 | struct passwd *pw = getpwnam(name); |
| 156 | if (!pw) { | 154 | if (!pw) { |
| 157 | fprintf(stderr, "Error: user %s not found on this system.\n", name); | 155 | fprintf(stderr, "Error: user %s not found on this system.\n", name); |
| 158 | return; | 156 | exit(1); |
| 159 | } | 157 | } |
| 160 | 158 | ||
| 161 | // check the user is not already in the database | 159 | // check the user is not already in the database |