diff options
| author |  netblue30 <netblue30@yahoo.com> | 2018-08-27 10:32:25 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2018-08-27 10:32:25 -0400 |
| commit | f133160e35f9edea8e8d075a74774aa470be01de (patch) | |
| tree | 7af28d9ac24bcc4d1f776a3a1cfd8e4757f7572a /src/lib | |
| parent | remove --cgroup (diff) | |
| download | firejail-f133160e35f9edea8e8d075a74774aa470be01de.tar.gz firejail-f133160e35f9edea8e8d075a74774aa470be01de.tar.zst firejail-f133160e35f9edea8e8d075a74774aa470be01de.zip | |
mainline merge
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/firejail_user.c | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/src/lib/firejail_user.c b/src/lib/firejail_user.c index c7af14254..b0f56a19a 100644 --- a/src/lib/firejail_user.c +++ b/src/lib/firejail_user.c | |||
| @@ -107,10 +107,8 @@ int firejail_user_check(const char *name) { | |||
| 107 | if (strcmp(name, "root") == 0) | 107 | if (strcmp(name, "root") == 0) |
| 108 | return 1; | 108 | return 1; |
| 109 | 109 | ||
| 110 | // other system users will run the program as is | 110 | // user nobody is never allowed |
| 111 | uid_t uid = getuid(); | 111 | if (strcmp(name, "root") == 0) |
| 112 | assert(uid_min > 0); | ||
| 113 | if (((int) uid < uid_min && uid != 0) || strcmp(name, "nobody") == 0) | ||
| 114 | return 0; | 112 | return 0; |
| 115 | 113 | ||
| 116 | // check file existence | 114 | // check file existence |
| @@ -155,7 +153,7 @@ void firejail_user_add(const char *name) { | |||
| 155 | struct passwd *pw = getpwnam(name); | 153 | struct passwd *pw = getpwnam(name); |
| 156 | if (!pw) { | 154 | if (!pw) { |
| 157 | fprintf(stderr, "Error: user %s not found on this system.\n", name); | 155 | fprintf(stderr, "Error: user %s not found on this system.\n", name); |
| 158 | return; | 156 | exit(1); |
| 159 | } | 157 | } |
| 160 | 158 | ||
| 161 | // check the user is not already in the database | 159 | // check the user is not already in the database |