diff options
-rw-r--r-- | src/firejail/env.c | 2 | ||||
-rw-r--r-- | src/firejail/join.c | 5 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 8 |
3 files changed, 12 insertions, 3 deletions
diff --git a/src/firejail/env.c b/src/firejail/env.c index 73d68724e..cc63bd542 100644 --- a/src/firejail/env.c +++ b/src/firejail/env.c | |||
@@ -101,9 +101,7 @@ void env_ibus_load(void) { | |||
101 | *ptr = '\0'; | 101 | *ptr = '\0'; |
102 | if (arg_debug) | 102 | if (arg_debug) |
103 | printf("%s\n", buf); | 103 | printf("%s\n", buf); |
104 | EUID_USER(); | ||
105 | env_store(buf, SETENV); | 104 | env_store(buf, SETENV); |
106 | EUID_ROOT(); | ||
107 | } | 105 | } |
108 | 106 | ||
109 | fclose(fp); | 107 | fclose(fp); |
diff --git a/src/firejail/join.c b/src/firejail/join.c index c303d3fb8..d4a2389c6 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c | |||
@@ -292,6 +292,8 @@ void join(pid_t pid, int argc, char **argv, int index) { | |||
292 | } | 292 | } |
293 | 293 | ||
294 | prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); // kill the child in case the parent died | 294 | prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); // kill the child in case the parent died |
295 | |||
296 | EUID_USER(); | ||
295 | if (chdir("/") < 0) | 297 | if (chdir("/") < 0) |
296 | errExit("chdir"); | 298 | errExit("chdir"); |
297 | if (homedir) { | 299 | if (homedir) { |
@@ -308,6 +310,7 @@ void join(pid_t pid, int argc, char **argv, int index) { | |||
308 | set_cpu_affinity(); | 310 | set_cpu_affinity(); |
309 | 311 | ||
310 | // set caps filter | 312 | // set caps filter |
313 | EUID_ROOT(); | ||
311 | if (apply_caps == 1) // not available for uid 0 | 314 | if (apply_caps == 1) // not available for uid 0 |
312 | caps_set(caps); | 315 | caps_set(caps); |
313 | #ifdef HAVE_SECCOMP | 316 | #ifdef HAVE_SECCOMP |
@@ -347,6 +350,8 @@ void join(pid_t pid, int argc, char **argv, int index) { | |||
347 | } | 350 | } |
348 | 351 | ||
349 | // set environment, add x11 display | 352 | // set environment, add x11 display |
353 | EUID_USER(); | ||
354 | |||
350 | env_defaults(); | 355 | env_defaults(); |
351 | if (display) { | 356 | if (display) { |
352 | char *display_str; | 357 | char *display_str; |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index e0cecda1b..e1959a453 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -669,7 +669,9 @@ int sandbox(void* sandbox_arg) { | |||
669 | // do nothing - there are problems with ibus version 1.5.11 | 669 | // do nothing - there are problems with ibus version 1.5.11 |
670 | } | 670 | } |
671 | else | 671 | else |
672 | EUID_USER(); | ||
672 | env_ibus_load(); | 673 | env_ibus_load(); |
674 | EUID_ROOT(); | ||
673 | 675 | ||
674 | //**************************** | 676 | //**************************** |
675 | // fs pre-processing: | 677 | // fs pre-processing: |
@@ -925,6 +927,8 @@ int sandbox(void* sandbox_arg) { | |||
925 | // set application environment | 927 | // set application environment |
926 | //**************************** | 928 | //**************************** |
927 | prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); // kill the child in case the parent died | 929 | prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); // kill the child in case the parent died |
930 | |||
931 | EUID_USER(); | ||
928 | int cwd = 0; | 932 | int cwd = 0; |
929 | if (cfg.cwd) { | 933 | if (cfg.cwd) { |
930 | if (chdir(cfg.cwd) == 0) | 934 | if (chdir(cfg.cwd) == 0) |
@@ -951,7 +955,7 @@ int sandbox(void* sandbox_arg) { | |||
951 | } | 955 | } |
952 | } | 956 | } |
953 | 957 | ||
954 | 958 | EUID_ROOT(); | |
955 | // set nice | 959 | // set nice |
956 | if (arg_nice) { | 960 | if (arg_nice) { |
957 | errno = 0; | 961 | errno = 0; |
@@ -980,7 +984,9 @@ int sandbox(void* sandbox_arg) { | |||
980 | // set cpu affinity | 984 | // set cpu affinity |
981 | if (cfg.cpus) { | 985 | if (cfg.cpus) { |
982 | save_cpu(); // save cpu affinity mask to CPU_CFG file | 986 | save_cpu(); // save cpu affinity mask to CPU_CFG file |
987 | EUID_USER(); | ||
983 | set_cpu_affinity(); | 988 | set_cpu_affinity(); |
989 | EUID_ROOT(); | ||
984 | } | 990 | } |
985 | 991 | ||
986 | // save cgroup in CGROUP_CFG file | 992 | // save cgroup in CGROUP_CFG file |