diff options
Diffstat (limited to 'src/firejail/main.c')
-rw-r--r-- | src/firejail/main.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index aeb85d724..bcff0e41f 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -92,6 +92,7 @@ char *fullargv[MAX_ARGS]; // expanded argv for restricted shell | |||
92 | int fullargc = 0; | 92 | int fullargc = 0; |
93 | static pid_t child = 0; | 93 | static pid_t child = 0; |
94 | pid_t sandbox_pid; | 94 | pid_t sandbox_pid; |
95 | int firejail_in_firejail = 0; // firejail started in a firejail sandbox | ||
95 | 96 | ||
96 | static void myexit(int rv) { | 97 | static void myexit(int rv) { |
97 | logmsg("exiting..."); | 98 | logmsg("exiting..."); |
@@ -127,8 +128,10 @@ static void my_handler(int s){ | |||
127 | static void extract_user_data(void) { | 128 | static void extract_user_data(void) { |
128 | // check suid | 129 | // check suid |
129 | if (geteuid()) { | 130 | if (geteuid()) { |
130 | fprintf(stderr, "Error: the sandbox is not setuid root\n"); | 131 | if (firejail_in_firejail == 0) { |
131 | exit(1); | 132 | fprintf(stderr, "Error: the sandbox is not setuid root\n"); |
133 | exit(1); | ||
134 | } | ||
132 | } | 135 | } |
133 | 136 | ||
134 | struct passwd *pw = getpwuid(getuid()); | 137 | struct passwd *pw = getpwuid(getuid()); |
@@ -400,6 +403,14 @@ int main(int argc, char **argv) { | |||
400 | int arg_cgroup = 0; | 403 | int arg_cgroup = 0; |
401 | int custom_profile = 0; // custom profile loaded | 404 | int custom_profile = 0; // custom profile loaded |
402 | int arg_noprofile = 0; // use generic.profile if none other found/specified | 405 | int arg_noprofile = 0; // use generic.profile if none other found/specified |
406 | |||
407 | // check if we already have a sandbox running | ||
408 | int rv = check_kernel_procs(); | ||
409 | if (rv == 0) | ||
410 | firejail_in_firejail = 1; | ||
411 | |||
412 | |||
413 | |||
403 | 414 | ||
404 | // initialize globals | 415 | // initialize globals |
405 | init_cfg(); | 416 | init_cfg(); |
@@ -998,8 +1009,7 @@ int main(int argc, char **argv) { | |||
998 | } | 1009 | } |
999 | 1010 | ||
1000 | // if a sandbox is already running, start the program directly without sandboxing | 1011 | // if a sandbox is already running, start the program directly without sandboxing |
1001 | int rv = check_kernel_procs(); | 1012 | if (firejail_in_firejail) { |
1002 | if (rv == 0) { | ||
1003 | run_no_sandbox(argc, argv); | 1013 | run_no_sandbox(argc, argv); |
1004 | // it will never get here! | 1014 | // it will never get here! |
1005 | assert(0); | 1015 | assert(0); |