diff options
author | netblue30 <netblue30@protonmail.com> | 2021-05-18 09:51:35 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-05-18 09:51:35 -0500 |
commit | 99e2f33457b6d79dbd09773a96f36c642f0c2ff4 (patch) | |
tree | 72d5dcae4273a1e8ed3ef1f896e3ce419784c9e9 /src | |
parent | Merge pull request #4283 from RandomVoid/fix_lutris_profile (diff) | |
parent | Try to fix #2310 -- Can't create run directory without suid-root (diff) | |
download | firejail-99e2f33457b6d79dbd09773a96f36c642f0c2ff4.tar.gz firejail-99e2f33457b6d79dbd09773a96f36c642f0c2ff4.tar.zst firejail-99e2f33457b6d79dbd09773a96f36c642f0c2ff4.zip |
Merge pull request #4273 from rusty-snake/fix-2310
Try to fix #2310 -- Can't create run directory without suid-root
Diffstat (limited to 'src')
-rw-r--r-- | src/common.mk.in | 7 | ||||
-rw-r--r-- | src/firejail/main.c | 8 |
2 files changed, 14 insertions, 1 deletions
diff --git a/src/common.mk.in b/src/common.mk.in index b379aef7f..f88da55ac 100644 --- a/src/common.mk.in +++ b/src/common.mk.in | |||
@@ -23,6 +23,11 @@ HAVE_FIRETUNNEL=@HAVE_FIRETUNNEL@ | |||
23 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | 23 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ |
24 | HAVE_GCOV=@HAVE_GCOV@ | 24 | HAVE_GCOV=@HAVE_GCOV@ |
25 | HAVE_SELINUX=@HAVE_SELINUX@ | 25 | HAVE_SELINUX=@HAVE_SELINUX@ |
26 | ifeq (@HAVE_SUID@, yes) | ||
27 | HAVE_SUID=-DHAVE_SUID | ||
28 | else | ||
29 | HAVE_SUID= | ||
30 | endif | ||
26 | HAVE_DBUSPROXY=@HAVE_DBUSPROXY@ | 31 | HAVE_DBUSPROXY=@HAVE_DBUSPROXY@ |
27 | HAVE_USERTMPFS=@HAVE_USERTMPFS@ | 32 | HAVE_USERTMPFS=@HAVE_USERTMPFS@ |
28 | HAVE_OUTPUT=@HAVE_OUTPUT@ | 33 | HAVE_OUTPUT=@HAVE_OUTPUT@ |
@@ -37,7 +42,7 @@ BINOBJS = $(foreach file, $(OBJS), $file) | |||
37 | CFLAGS = @CFLAGS@ | 42 | CFLAGS = @CFLAGS@ |
38 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) | 43 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) |
39 | CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' | 44 | CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' |
40 | MANFLAGS = $(HAVE_LTS) $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX) $(HAVE_FORCE_NONEWPRIVS) | 45 | MANFLAGS = $(HAVE_LTS) $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX) $(HAVE_SUID) $(HAVE_FORCE_NONEWPRIVS) |
41 | CFLAGS += $(MANFLAGS) | 46 | CFLAGS += $(MANFLAGS) |
42 | CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security | 47 | CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security |
43 | LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now -lpthread | 48 | LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now -lpthread |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 593835843..7cfa58078 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -982,6 +982,14 @@ int main(int argc, char **argv, char **envp) { | |||
982 | int arg_caps_cmdline = 0; // caps requested on command line (used to break out of --chroot) | 982 | int arg_caps_cmdline = 0; // caps requested on command line (used to break out of --chroot) |
983 | char **ptr; | 983 | char **ptr; |
984 | 984 | ||
985 | #ifndef HAVE_SUID | ||
986 | if (geteuid() != 0) { | ||
987 | fprintf(stderr, "Error: Firejail needs to be SUID.\n"); | ||
988 | fprintf(stderr, "Assuming firejail is installed in /usr/bin, execute the following command as root:\n"); | ||
989 | fprintf(stderr, " chmod u+s /usr/bin/firejail\n"); | ||
990 | } | ||
991 | #endif | ||
992 | |||
985 | // sanitize the umask | 993 | // sanitize the umask |
986 | orig_umask = umask(022); | 994 | orig_umask = umask(022); |
987 | 995 | ||