diff options
-rw-r--r-- | src/firejail/bandwidth.c | 6 | ||||
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/fs.c | 6 | ||||
-rw-r--r-- | src/firejail/main.c | 18 |
4 files changed, 23 insertions, 8 deletions
diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c index e0be1f06a..61d0acd4a 100644 --- a/src/firejail/bandwidth.c +++ b/src/firejail/bandwidth.c | |||
@@ -125,8 +125,10 @@ void shm_create_firejail_dir(void) { | |||
125 | } | 125 | } |
126 | else { // check /dev/shm/firejail directory belongs to root end exit if doesn't! | 126 | else { // check /dev/shm/firejail directory belongs to root end exit if doesn't! |
127 | if (s.st_uid != 0 || s.st_gid != 0) { | 127 | if (s.st_uid != 0 || s.st_gid != 0) { |
128 | fprintf(stderr, "Error: non-root %s directory, exiting...\n", "/dev/shm/firejail"); | 128 | if (firejail_in_firejail == 0) { |
129 | exit(1); | 129 | fprintf(stderr, "Error: non-root %s directory, exiting...\n", "/dev/shm/firejail"); |
130 | exit(1); | ||
131 | } | ||
130 | } | 132 | } |
131 | } | 133 | } |
132 | } | 134 | } |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 351e9d045..532a4797e 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -151,6 +151,7 @@ extern int arg_scan; // arp-scan all interfaces | |||
151 | extern int parent_to_child_fds[2]; | 151 | extern int parent_to_child_fds[2]; |
152 | extern int child_to_parent_fds[2]; | 152 | extern int child_to_parent_fds[2]; |
153 | extern pid_t sandbox_pid; | 153 | extern pid_t sandbox_pid; |
154 | extern int firejail_in_firejail; | ||
154 | 155 | ||
155 | 156 | ||
156 | 157 | ||
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 6beac3227..ca73ae554 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -44,8 +44,10 @@ void fs_build_firejail_dir(void) { | |||
44 | } | 44 | } |
45 | else { // check /tmp/firejail directory belongs to root end exit if doesn't! | 45 | else { // check /tmp/firejail directory belongs to root end exit if doesn't! |
46 | if (s.st_uid != 0 || s.st_gid != 0) { | 46 | if (s.st_uid != 0 || s.st_gid != 0) { |
47 | fprintf(stderr, "Error: non-root %s directory, exiting...\n", FIREJAIL_DIR); | 47 | if (firejail_in_firejail == 0) { |
48 | exit(1); | 48 | fprintf(stderr, "Error: non-root %s directory, exiting...\n", FIREJAIL_DIR); |
49 | exit(1); | ||
50 | } | ||
49 | } | 51 | } |
50 | } | 52 | } |
51 | } | 53 | } |
diff --git a/src/firejail/main.c b/src/firejail/main.c index aeb85d724..bcff0e41f 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -92,6 +92,7 @@ char *fullargv[MAX_ARGS]; // expanded argv for restricted shell | |||
92 | int fullargc = 0; | 92 | int fullargc = 0; |
93 | static pid_t child = 0; | 93 | static pid_t child = 0; |
94 | pid_t sandbox_pid; | 94 | pid_t sandbox_pid; |
95 | int firejail_in_firejail = 0; // firejail started in a firejail sandbox | ||
95 | 96 | ||
96 | static void myexit(int rv) { | 97 | static void myexit(int rv) { |
97 | logmsg("exiting..."); | 98 | logmsg("exiting..."); |
@@ -127,8 +128,10 @@ static void my_handler(int s){ | |||
127 | static void extract_user_data(void) { | 128 | static void extract_user_data(void) { |
128 | // check suid | 129 | // check suid |
129 | if (geteuid()) { | 130 | if (geteuid()) { |
130 | fprintf(stderr, "Error: the sandbox is not setuid root\n"); | 131 | if (firejail_in_firejail == 0) { |
131 | exit(1); | 132 | fprintf(stderr, "Error: the sandbox is not setuid root\n"); |
133 | exit(1); | ||
134 | } | ||
132 | } | 135 | } |
133 | 136 | ||
134 | struct passwd *pw = getpwuid(getuid()); | 137 | struct passwd *pw = getpwuid(getuid()); |
@@ -400,6 +403,14 @@ int main(int argc, char **argv) { | |||
400 | int arg_cgroup = 0; | 403 | int arg_cgroup = 0; |
401 | int custom_profile = 0; // custom profile loaded | 404 | int custom_profile = 0; // custom profile loaded |
402 | int arg_noprofile = 0; // use generic.profile if none other found/specified | 405 | int arg_noprofile = 0; // use generic.profile if none other found/specified |
406 | |||
407 | // check if we already have a sandbox running | ||
408 | int rv = check_kernel_procs(); | ||
409 | if (rv == 0) | ||
410 | firejail_in_firejail = 1; | ||
411 | |||
412 | |||
413 | |||
403 | 414 | ||
404 | // initialize globals | 415 | // initialize globals |
405 | init_cfg(); | 416 | init_cfg(); |
@@ -998,8 +1009,7 @@ int main(int argc, char **argv) { | |||
998 | } | 1009 | } |
999 | 1010 | ||
1000 | // if a sandbox is already running, start the program directly without sandboxing | 1011 | // if a sandbox is already running, start the program directly without sandboxing |
1001 | int rv = check_kernel_procs(); | 1012 | if (firejail_in_firejail) { |
1002 | if (rv == 0) { | ||
1003 | run_no_sandbox(argc, argv); | 1013 | run_no_sandbox(argc, argv); |
1004 | // it will never get here! | 1014 | // it will never get here! |
1005 | assert(0); | 1015 | assert(0); |