lower privs

author: smitsohu <smitsohu@gmail.com> 2018-05-01 11:33:18 +0200
committer: GitHub <noreply@github.com> 2018-05-01 11:33:18 +0200
commit: 541e7823cc8a769c7b778c2549808d948b1e35a5 (patch)
tree: 1eaec993349587ea91fbac1ae894391d9b194493 /src
parent: conditional compile for debug code in fs.c (diff)
download: firejail-541e7823cc8a769c7b778c2549808d948b1e35a5.tar.gz
firejail-541e7823cc8a769c7b778c2549808d948b1e35a5.tar.zst
firejail-541e7823cc8a769c7b778c2549808d948b1e35a5.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 21fa8e624..d4c7de342 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -37,6 +37,7 @@ static char *dentry[] = {
 #define EMPTY_STRING ("")
 #define MAXBUF 4098
 static char *resolve_downloads(int nowhitelist_flag) {
+        EUID_ASSERT();
        char *fname;
        struct stat s;
@@ -352,6 +353,7 @@ void fs_whitelist(void) {
                errExit("failed allocating memory for nowhitelist entries");
        // verify whitelist files, extract symbolic links, etc.
+        EUID_USER();
        while (entry) {
                int nowhitelist_flag = 0;
@@ -643,6 +645,7 @@ void fs_whitelist(void) {
        assert(nowhitelist);
        free(nowhitelist);
+        EUID_ROOT();
        // /home/user
        if (home_dir) {
                // keep a copy of real home dir in RUN_WHITELIST_HOME_USER_DIR
author	smitsohu <smitsohu@gmail.com>	2018-05-01 11:33:18 +0200
committer	GitHub <noreply@github.com>	2018-05-01 11:33:18 +0200
commit	541e7823cc8a769c7b778c2549808d948b1e35a5 (patch)
tree	1eaec993349587ea91fbac1ae894391d9b194493 /src
parent	conditional compile for debug code in fs.c (diff)
download	firejail-541e7823cc8a769c7b778c2549808d948b1e35a5.tar.gz firejail-541e7823cc8a769c7b778c2549808d948b1e35a5.tar.zst firejail-541e7823cc8a769c7b778c2549808d948b1e35a5.zip