diff options
author | netblue30 <netblue30@yahoo.com> | 2016-02-24 07:56:09 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-02-24 07:56:09 -0500 |
commit | 4305351fc79f47a69ac57bd73266b89272802a71 (patch) | |
tree | f5db18bc6d6349898a03a25bfb63e975acec42f3 /src | |
parent | Merge pull request #317 from yumkam/fixup-ipv6-doc (diff) | |
parent | Add compile-time option to restrict --net= to root only (diff) | |
download | firejail-4305351fc79f47a69ac57bd73266b89272802a71.tar.gz firejail-4305351fc79f47a69ac57bd73266b89272802a71.tar.zst firejail-4305351fc79f47a69ac57bd73266b89272802a71.zip |
Merge pull request #319 from yumkam/network-restricted
Add compile-time option to restrict --net= to root only
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 2a5ded984..be3dbd324 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1090,6 +1090,12 @@ int main(int argc, char **argv) { | |||
1090 | cfg.interface3.configured = 0; | 1090 | cfg.interface3.configured = 0; |
1091 | continue; | 1091 | continue; |
1092 | } | 1092 | } |
1093 | #ifdef HAVE_NETWORK_RESTRICTED | ||
1094 | if (getuid() != 0) { | ||
1095 | fprintf(stderr, "Error: only --net=none is allowed to non-root users\n"); | ||
1096 | exit(1); | ||
1097 | } | ||
1098 | #endif | ||
1093 | if (strcmp(argv[i] + 6, "lo") == 0) { | 1099 | if (strcmp(argv[i] + 6, "lo") == 0) { |
1094 | fprintf(stderr, "Error: cannot attach to lo device\n"); | 1100 | fprintf(stderr, "Error: cannot attach to lo device\n"); |
1095 | exit(1); | 1101 | exit(1); |