diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-05-02 09:08:07 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-05-02 09:08:07 -0400 |
| commit | 7bd26cefd0b43c2fa43a60d87ccec134e854f521 (patch) | |
| tree | 70cf0acc60a06504690f5393106a4c05d1fc3ed6 /src | |
| parent | cleanup (diff) | |
| download | firejail-7bd26cefd0b43c2fa43a60d87ccec134e854f521.tar.gz firejail-7bd26cefd0b43c2fa43a60d87ccec134e854f521.tar.zst firejail-7bd26cefd0b43c2fa43a60d87ccec134e854f521.zip | |
don't allow negative values for nice when running as regular user
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/main.c | 2 | ||||
| -rw-r--r-- | src/firejail/profile.c | 2 | ||||
| -rw-r--r-- | src/man/firejail.txt | 3 |
3 files changed, 6 insertions, 1 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 54b9c05f0..3ba3dd531 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -1023,6 +1023,8 @@ int main(int argc, char **argv) { | |||
| 1023 | read_cpu_list(argv[i] + 6); | 1023 | read_cpu_list(argv[i] + 6); |
| 1024 | else if (strncmp(argv[i], "--nice=", 7) == 0) { | 1024 | else if (strncmp(argv[i], "--nice=", 7) == 0) { |
| 1025 | cfg.nice = atoi(argv[i] + 7); | 1025 | cfg.nice = atoi(argv[i] + 7); |
| 1026 | if (getuid() != 0 &&cfg.nice < 0) | ||
| 1027 | cfg.nice = 0; | ||
| 1026 | arg_nice = 1; | 1028 | arg_nice = 1; |
| 1027 | } | 1029 | } |
| 1028 | else if (strncmp(argv[i], "--cgroup=", 9) == 0) { | 1030 | else if (strncmp(argv[i], "--cgroup=", 9) == 0) { |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index d564cd39c..2b3984a99 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -559,6 +559,8 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
| 559 | // nice value | 559 | // nice value |
| 560 | if (strncmp(ptr, "nice ", 4) == 0) { | 560 | if (strncmp(ptr, "nice ", 4) == 0) { |
| 561 | cfg.nice = atoi(ptr + 5); | 561 | cfg.nice = atoi(ptr + 5); |
| 562 | if (getuid() != 0 &&cfg.nice < 0) | ||
| 563 | cfg.nice = 0; | ||
| 562 | arg_nice = 1; | 564 | arg_nice = 1; |
| 563 | return 0; | 565 | return 0; |
| 564 | } | 566 | } |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 19415a332..6be278063 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
| @@ -800,12 +800,13 @@ PID User RX(KB/s) TX(KB/s) Command | |||
| 800 | .TP | 800 | .TP |
| 801 | \fB\-\-nice=value | 801 | \fB\-\-nice=value |
| 802 | Set nice value for all processes running inside the sandbox. | 802 | Set nice value for all processes running inside the sandbox. |
| 803 | Only root may specify a negative value. | ||
| 803 | .br | 804 | .br |
| 804 | 805 | ||
| 805 | .br | 806 | .br |
| 806 | Example: | 807 | Example: |
| 807 | .br | 808 | .br |
| 808 | $ firejail --nice=-5 firefox | 809 | $ firejail --nice=2 firefox |
| 809 | 810 | ||
| 810 | 811 | ||
| 811 | .TP | 812 | .TP |