diff options
-rw-r--r-- | src/firejail/main.c | 8 | ||||
-rw-r--r-- | src/firejail/profile.c | 8 | ||||
-rw-r--r-- | src/firejail/usage.c | 6 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 6 | ||||
-rw-r--r-- | src/man/firejail.txt | 4 |
5 files changed, 6 insertions, 26 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 59f500e3a..a540d468b 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1285,10 +1285,6 @@ int main(int argc, char **argv) { | |||
1285 | } | 1285 | } |
1286 | #endif | 1286 | #endif |
1287 | else if (strcmp(argv[i], "--writable-etc") == 0) { | 1287 | else if (strcmp(argv[i], "--writable-etc") == 0) { |
1288 | if (getuid() != 0) { | ||
1289 | fprintf(stderr, "Error: --writable-etc is available only for root user\n"); | ||
1290 | exit(1); | ||
1291 | } | ||
1292 | if (cfg.etc_private_keep) { | 1288 | if (cfg.etc_private_keep) { |
1293 | fprintf(stderr, "Error: --private-etc and --writable-etc are mutually exclusive\n"); | 1289 | fprintf(stderr, "Error: --private-etc and --writable-etc are mutually exclusive\n"); |
1294 | exit(1); | 1290 | exit(1); |
@@ -1296,10 +1292,6 @@ int main(int argc, char **argv) { | |||
1296 | arg_writable_etc = 1; | 1292 | arg_writable_etc = 1; |
1297 | } | 1293 | } |
1298 | else if (strcmp(argv[i], "--writable-var") == 0) { | 1294 | else if (strcmp(argv[i], "--writable-var") == 0) { |
1299 | if (getuid() != 0) { | ||
1300 | fprintf(stderr, "Error: --writable-var is available only for root user\n"); | ||
1301 | exit(1); | ||
1302 | } | ||
1303 | arg_writable_var = 1; | 1295 | arg_writable_var = 1; |
1304 | } | 1296 | } |
1305 | else if (strcmp(argv[i], "--private") == 0) | 1297 | else if (strcmp(argv[i], "--private") == 0) |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 095e5eecc..3bf294e00 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -573,10 +573,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
573 | 573 | ||
574 | // writable-etc | 574 | // writable-etc |
575 | if (strcmp(ptr, "writable-etc") == 0) { | 575 | if (strcmp(ptr, "writable-etc") == 0) { |
576 | if (getuid() != 0) { | ||
577 | fprintf(stderr, "Error: writable-etc is available only for root user\n"); | ||
578 | exit(1); | ||
579 | } | ||
580 | if (cfg.etc_private_keep) { | 576 | if (cfg.etc_private_keep) { |
581 | fprintf(stderr, "Error: private-etc and writable-etc are mutually exclusive\n"); | 577 | fprintf(stderr, "Error: private-etc and writable-etc are mutually exclusive\n"); |
582 | exit(1); | 578 | exit(1); |
@@ -587,10 +583,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
587 | 583 | ||
588 | // writable-var | 584 | // writable-var |
589 | if (strcmp(ptr, "writable-var") == 0) { | 585 | if (strcmp(ptr, "writable-var") == 0) { |
590 | if (getuid() != 0) { | ||
591 | fprintf(stderr, "Error: writable-var is available only for root user\n"); | ||
592 | exit(1); | ||
593 | } | ||
594 | arg_writable_var = 1; | 586 | arg_writable_var = 1; |
595 | return 0; | 587 | return 0; |
596 | } | 588 | } |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 8c738a0fc..ef02c0d72 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -248,10 +248,8 @@ void usage(void) { | |||
248 | printf(" --version - print program version and exit.\n\n"); | 248 | printf(" --version - print program version and exit.\n\n"); |
249 | printf(" --whitelist=dirname_or_filename - whitelist directory or file.\n\n"); | 249 | printf(" --whitelist=dirname_or_filename - whitelist directory or file.\n\n"); |
250 | 250 | ||
251 | printf(" --writable-etc - /etc directory is mounted read-write. This option is\n"); | 251 | printf(" --writable-etc - /etc directory is mounted read-write.\n\n"); |
252 | printf("\tavailable only when running the sandbox as root user.\n\n"); | 252 | printf(" --writable-var - /var directory is mounted read-write.\n\n"); |
253 | printf(" --writable-var - /var directory is mounted read-write. This option is\n"); | ||
254 | printf("\tavailable only when running the sandbox as root user.\n\n"); | ||
255 | 253 | ||
256 | printf(" --x11 - enable X11 server. The software checks first if Xpra is installed,\n"); | 254 | printf(" --x11 - enable X11 server. The software checks first if Xpra is installed,\n"); |
257 | printf("\tthen it checks if Xephyr is installed.\n\n"); | 255 | printf("\tthen it checks if Xephyr is installed.\n\n"); |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 8f9eedbd3..4d1de76f5 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -194,12 +194,10 @@ The modifications to file_or_directory are persistent, everything else is discar | |||
194 | when the sandbox is closed. | 194 | when the sandbox is closed. |
195 | .TP | 195 | .TP |
196 | \fBwritable-etc | 196 | \fBwritable-etc |
197 | Mount /etc directory read-write. This option is available only | 197 | Mount /etc directory read-write. |
198 | when running the sandbox as root user. | ||
199 | .TP | 198 | .TP |
200 | \fBwritable-var | 199 | \fBwritable-var |
201 | Mount /var directory read-write. This option is available only | 200 | Mount /var directory read-write. |
202 | when running the sandbox as root user. | ||
203 | .SH Security filters | 201 | .SH Security filters |
204 | The following security filters are currently implemented: | 202 | The following security filters are currently implemented: |
205 | 203 | ||
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 807b3e39e..29a84f71e 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1480,7 +1480,7 @@ $ firejail "\-\-whitelist=/home/username/My Virtual Machines" | |||
1480 | 1480 | ||
1481 | .TP | 1481 | .TP |
1482 | \fB\-\-writable-etc | 1482 | \fB\-\-writable-etc |
1483 | Mount /etc directory read-write. This option is available only when running the sandbox as root user. | 1483 | Mount /etc directory read-write. |
1484 | .br | 1484 | .br |
1485 | 1485 | ||
1486 | .br | 1486 | .br |
@@ -1490,7 +1490,7 @@ $ sudo firejail --writable-etc | |||
1490 | 1490 | ||
1491 | .TP | 1491 | .TP |
1492 | \fB\-\-writable-var | 1492 | \fB\-\-writable-var |
1493 | Mount /var directory read-write. This option is available only when running the sandbox as root user. | 1493 | Mount /var directory read-write. |
1494 | .br | 1494 | .br |
1495 | 1495 | ||
1496 | .br | 1496 | .br |