diff options
Diffstat (limited to 'src/firejail/protocol.c')
-rw-r--r-- | src/firejail/protocol.c | 17 |
1 files changed, 2 insertions, 15 deletions
diff --git a/src/firejail/protocol.c b/src/firejail/protocol.c index 72d29c671..d3a9e0153 100644 --- a/src/firejail/protocol.c +++ b/src/firejail/protocol.c | |||
@@ -67,21 +67,8 @@ void protocol_print_filter(pid_t pid) { | |||
67 | // in case the pid is that of a firejail process, use the pid of the first child process | 67 | // in case the pid is that of a firejail process, use the pid of the first child process |
68 | pid = switch_to_child(pid); | 68 | pid = switch_to_child(pid); |
69 | 69 | ||
70 | // now check if the pid belongs to a firejail sandbox | 70 | // exit if no permission to join the sandbox |
71 | if (invalid_sandbox(pid)) { | 71 | check_join_permission(pid); |
72 | fprintf(stderr, "Error: no valid sandbox\n"); | ||
73 | exit(1); | ||
74 | } | ||
75 | |||
76 | // check privileges for non-root users | ||
77 | uid_t uid = getuid(); | ||
78 | if (uid != 0) { | ||
79 | uid_t sandbox_uid = pid_get_uid(pid); | ||
80 | if (uid != sandbox_uid) { | ||
81 | fprintf(stderr, "Error: permission denied.\n"); | ||
82 | exit(1); | ||
83 | } | ||
84 | } | ||
85 | 72 | ||
86 | // find the seccomp filter | 73 | // find the seccomp filter |
87 | EUID_ROOT(); | 74 | EUID_ROOT(); |