diff options
Diffstat (limited to 'src/firejail/join.c')
| -rw-r--r-- | src/firejail/join.c | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/src/firejail/join.c b/src/firejail/join.c index 12ee4a9a0..c303d3fb8 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c | |||
| @@ -314,12 +314,11 @@ void join(pid_t pid, int argc, char **argv, int index) { | |||
| 314 | // read cfg.protocol from file | 314 | // read cfg.protocol from file |
| 315 | if (getuid() != 0) | 315 | if (getuid() != 0) |
| 316 | protocol_filter_load(RUN_PROTOCOL_CFG); | 316 | protocol_filter_load(RUN_PROTOCOL_CFG); |
| 317 | if (cfg.protocol) { // not available for uid 0 | 317 | if (cfg.protocol) // not available for uid 0 |
| 318 | seccomp_load(RUN_SECCOMP_PROTOCOL); // install filter | 318 | seccomp_load(RUN_SECCOMP_PROTOCOL); // install filter |
| 319 | } | ||
| 320 | 319 | ||
| 321 | // set seccomp filter | 320 | // set seccomp filter |
| 322 | if (apply_seccomp == 1) // not available for uid 0 | 321 | if (apply_seccomp == 1) // not available for uid 0 |
| 323 | seccomp_load(RUN_SECCOMP_CFG); | 322 | seccomp_load(RUN_SECCOMP_CFG); |
| 324 | #endif | 323 | #endif |
| 325 | 324 | ||
| @@ -335,9 +334,6 @@ void join(pid_t pid, int argc, char **argv, int index) { | |||
| 335 | if (apply_caps == 1) // not available for uid 0 | 334 | if (apply_caps == 1) // not available for uid 0 |
| 336 | caps_set(caps); | 335 | caps_set(caps); |
| 337 | } | 336 | } |
| 338 | else | ||
| 339 | drop_privs(arg_nogroups); // nogroups not available for uid 0 | ||
| 340 | |||
| 341 | 337 | ||
| 342 | // set nice | 338 | // set nice |
| 343 | if (arg_nice) { | 339 | if (arg_nice) { |
| @@ -385,6 +381,7 @@ void join(pid_t pid, int argc, char **argv, int index) { | |||
| 385 | } | 381 | } |
| 386 | } | 382 | } |
| 387 | 383 | ||
| 384 | drop_privs(arg_nogroups); | ||
| 388 | start_application(0); | 385 | start_application(0); |
| 389 | 386 | ||
| 390 | // it will never get here!!! | 387 | // it will never get here!!! |