centos8 user namespace fix

2 files changed, 7 insertions, 3 deletions

diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index d43e1dac1..c51dcf927 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -643,14 +643,15 @@ int sandbox(void* sandbox_arg) {
         if (arg_noroot) {
                 int rv = unshare(CLONE_NEWUSER);
                 if (rv == -1) {
-                        fprintf(stderr, "Error: cannot mount a new user namespace\n");
+                        fprintf(stderr, "Warning: cannot mount a new user namespace, going forward without it\n");
                         perror("unshare");
                         drop_privs(arg_nogroups);
+                        arg_noroot = 0;
                 }
         }
         else
                 drop_privs(arg_nogroups);
-        
+        
         // notify parent that new user namespace has been created so a proper
         // UID/GID map can be setup
         notify_other(child_to_parent_fds[1]);
diff --git a/src/firejail/util.c b/src/firejail/util.c
index c62f4285c..04b564370 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -513,6 +513,9 @@ void wait_for_other(int fd) {
                 fprintf(stderr, "Error: cannot establish communication with the parent, exiting...\n");
                 exit(1);
         }
+        if (strcmp(childstr, "arg_noroot=0") == 0)
+                arg_noroot = 0;
+
         fclose(stream);
 }
 
@@ -523,7 +526,7 @@ void notify_other(int fd) {
         if (newfd == -1)
                 errExit("dup");
         stream = fdopen(newfd, "w");
-        fprintf(stream, "%u\n", getpid());
+        fprintf(stream, "arg_noroot=%d\n", arg_noroot);
         fflush(stream);
         fclose(stream);
 }