diff options
author | netblue30 <netblue30@yahoo.com> | 2018-09-15 11:27:48 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-09-15 11:27:48 -0400 |
commit | b1d2966d180297c271e54e8c9fe83b2a65aeb0e7 (patch) | |
tree | 726082dc41a05d454c97ef4b27e747eb8ccdd98b /src | |
parent | add start-tor-browser.desktop profile (diff) | |
download | firejail-b1d2966d180297c271e54e8c9fe83b2a65aeb0e7.tar.gz firejail-b1d2966d180297c271e54e8c9fe83b2a65aeb0e7.tar.zst firejail-b1d2966d180297c271e54e8c9fe83b2a65aeb0e7.zip |
fix --bandwidth, --cpu.print
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/bandwidth.c | 10 | ||||
-rw-r--r-- | src/firejail/cpu.c | 11 |
2 files changed, 12 insertions, 9 deletions
diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c index d7764682a..d0487d49a 100644 --- a/src/firejail/bandwidth.c +++ b/src/firejail/bandwidth.c | |||
@@ -338,6 +338,16 @@ void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, in | |||
338 | exit(1); | 338 | exit(1); |
339 | } | 339 | } |
340 | 340 | ||
341 | // check privileges for non-root users | ||
342 | uid_t uid = getuid(); | ||
343 | if (uid != 0) { | ||
344 | uid_t sandbox_uid = pid_get_uid(pid); | ||
345 | if (uid != sandbox_uid) { | ||
346 | fprintf(stderr, "Error: permission is denied to join a sandbox created by a different user.\n"); | ||
347 | exit(1); | ||
348 | } | ||
349 | } | ||
350 | |||
341 | EUID_ROOT(); | 351 | EUID_ROOT(); |
342 | if (join_namespace(child, "net")) { | 352 | if (join_namespace(child, "net")) { |
343 | fprintf(stderr, "Error: cannot join the network namespace\n"); | 353 | fprintf(stderr, "Error: cannot join the network namespace\n"); |
diff --git a/src/firejail/cpu.c b/src/firejail/cpu.c index a92562e67..e2517ddd7 100644 --- a/src/firejail/cpu.c +++ b/src/firejail/cpu.c | |||
@@ -162,6 +162,7 @@ static void print_cpu(int pid) { | |||
162 | free(file); | 162 | free(file); |
163 | } | 163 | } |
164 | 164 | ||
165 | // allow any user to run --cpu.print | ||
165 | void cpu_print_filter(pid_t pid) { | 166 | void cpu_print_filter(pid_t pid) { |
166 | EUID_ASSERT(); | 167 | EUID_ASSERT(); |
167 | 168 | ||
@@ -174,15 +175,7 @@ void cpu_print_filter(pid_t pid) { | |||
174 | exit(1); | 175 | exit(1); |
175 | } | 176 | } |
176 | 177 | ||
177 | // check privileges for non-root users | 178 | |
178 | uid_t uid = getuid(); | ||
179 | if (uid != 0) { | ||
180 | uid_t sandbox_uid = pid_get_uid(pid); | ||
181 | if (uid != sandbox_uid) { | ||
182 | fprintf(stderr, "Error: permission denied.\n"); | ||
183 | exit(1); | ||
184 | } | ||
185 | } | ||
186 | 179 | ||
187 | print_cpu(pid); | 180 | print_cpu(pid); |
188 | exit(0); | 181 | exit(0); |