diff options
Diffstat (limited to 'src/firejail/ls.c')
| -rw-r--r-- | src/firejail/ls.c | 17 |
1 files changed, 2 insertions, 15 deletions
diff --git a/src/firejail/ls.c b/src/firejail/ls.c index 08cf5f16a..75333fdc2 100644 --- a/src/firejail/ls.c +++ b/src/firejail/ls.c | |||
| @@ -215,21 +215,8 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { | |||
| 215 | // in case the pid is that of a firejail process, use the pid of the first child process | 215 | // in case the pid is that of a firejail process, use the pid of the first child process |
| 216 | pid = switch_to_child(pid); | 216 | pid = switch_to_child(pid); |
| 217 | 217 | ||
| 218 | // now check if the pid belongs to a firejail sandbox | 218 | // exit if no permission to join the sandbox |
| 219 | if (invalid_sandbox(pid)) { | 219 | check_join_permission(pid); |
| 220 | fprintf(stderr, "Error: no valid sandbox\n"); | ||
| 221 | exit(1); | ||
| 222 | } | ||
| 223 | |||
| 224 | // check privileges for non-root users | ||
| 225 | uid_t uid = getuid(); | ||
| 226 | if (uid != 0) { | ||
| 227 | uid_t sandbox_uid = pid_get_uid(pid); | ||
| 228 | if (uid != sandbox_uid) { | ||
| 229 | fprintf(stderr, "Error: permission denied.\n"); | ||
| 230 | exit(1); | ||
| 231 | } | ||
| 232 | } | ||
| 233 | 220 | ||
| 234 | // expand paths | 221 | // expand paths |
| 235 | char *fname1 = expand_path(path1);; | 222 | char *fname1 = expand_path(path1);; |