diff options
Diffstat (limited to 'src/firejail/bandwidth.c')
-rw-r--r-- | src/firejail/bandwidth.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c index d7764682a..d0487d49a 100644 --- a/src/firejail/bandwidth.c +++ b/src/firejail/bandwidth.c | |||
@@ -338,6 +338,16 @@ void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, in | |||
338 | exit(1); | 338 | exit(1); |
339 | } | 339 | } |
340 | 340 | ||
341 | // check privileges for non-root users | ||
342 | uid_t uid = getuid(); | ||
343 | if (uid != 0) { | ||
344 | uid_t sandbox_uid = pid_get_uid(pid); | ||
345 | if (uid != sandbox_uid) { | ||
346 | fprintf(stderr, "Error: permission is denied to join a sandbox created by a different user.\n"); | ||
347 | exit(1); | ||
348 | } | ||
349 | } | ||
350 | |||
341 | EUID_ROOT(); | 351 | EUID_ROOT(); |
342 | if (join_namespace(child, "net")) { | 352 | if (join_namespace(child, "net")) { |
343 | fprintf(stderr, "Error: cannot join the network namespace\n"); | 353 | fprintf(stderr, "Error: cannot join the network namespace\n"); |