Merge pull request #319 from yumkam/network-restricted

Add compile-time option to restrict --net= to root only
author: netblue30 <netblue30@yahoo.com> 2016-02-24 07:56:09 -0500
committer: netblue30 <netblue30@yahoo.com> 2016-02-24 07:56:09 -0500
commit: 4305351fc79f47a69ac57bd73266b89272802a71 (patch)
tree: f5db18bc6d6349898a03a25bfb63e975acec42f3 /src
parent: Merge pull request #317 from yumkam/fixup-ipv6-doc (diff)
parent: Add compile-time option to restrict --net= to root only (diff)
download: firejail-4305351fc79f47a69ac57bd73266b89272802a71.tar.gz
firejail-4305351fc79f47a69ac57bd73266b89272802a71.tar.zst
firejail-4305351fc79f47a69ac57bd73266b89272802a71.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 2a5ded984..be3dbd324 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1090,6 +1090,12 @@ int main(int argc, char **argv) {
                                cfg.interface3.configured = 0;
                                continue;
                        }
+#ifdef HAVE_NETWORK_RESTRICTED
+                        if (getuid() != 0) {
+                                fprintf(stderr, "Error: only --net=none is allowed to non-root users\n");
+                                exit(1);
+                        }
+#endif
                        if (strcmp(argv[i] + 6, "lo") == 0) {
                                fprintf(stderr, "Error: cannot attach to lo device\n");
                                exit(1);
author	netblue30 <netblue30@yahoo.com>	2016-02-24 07:56:09 -0500
committer	netblue30 <netblue30@yahoo.com>	2016-02-24 07:56:09 -0500
commit	4305351fc79f47a69ac57bd73266b89272802a71 (patch)
tree	f5db18bc6d6349898a03a25bfb63e975acec42f3 /src
parent	Merge pull request #317 from yumkam/fixup-ipv6-doc (diff)
parent	Add compile-time option to restrict --net= to root only (diff)
download	firejail-4305351fc79f47a69ac57bd73266b89272802a71.tar.gz firejail-4305351fc79f47a69ac57bd73266b89272802a71.tar.zst firejail-4305351fc79f47a69ac57bd73266b89272802a71.zip