aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--configure.ac3
-rw-r--r--src/firejail/main.c6
2 files changed, 9 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac
index f9d0a3f65..f39b0d780 100644
--- a/configure.ac
+++ b/configure.ac
@@ -38,6 +38,9 @@ AC_ARG_ENABLE([network],
38 AS_HELP_STRING([--disable-network], [disable network])) 38 AS_HELP_STRING([--disable-network], [disable network]))
39AS_IF([test "x$enable_network" != "xno"], [ 39AS_IF([test "x$enable_network" != "xno"], [
40 HAVE_NETWORK="-DHAVE_NETWORK" 40 HAVE_NETWORK="-DHAVE_NETWORK"
41 AS_IF([test "x$enable_network" = "xrestricted"], [
42 HAVE_NETWORK="$HAVE_NETWORK -DHAVE_NETWORK_RESTRICTED"
43 ])
41 AC_SUBST(HAVE_NETWORK) 44 AC_SUBST(HAVE_NETWORK)
42]) 45])
43 46
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 2a5ded984..be3dbd324 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1090,6 +1090,12 @@ int main(int argc, char **argv) {
1090 cfg.interface3.configured = 0; 1090 cfg.interface3.configured = 0;
1091 continue; 1091 continue;
1092 } 1092 }
1093#ifdef HAVE_NETWORK_RESTRICTED
1094 if (getuid() != 0) {
1095 fprintf(stderr, "Error: only --net=none is allowed to non-root users\n");
1096 exit(1);
1097 }
1098#endif
1093 if (strcmp(argv[i] + 6, "lo") == 0) { 1099 if (strcmp(argv[i] + 6, "lo") == 0) {
1094 fprintf(stderr, "Error: cannot attach to lo device\n"); 1100 fprintf(stderr, "Error: cannot attach to lo device\n");
1095 exit(1); 1101 exit(1);
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-08 11:01:33 +0000