diff options
Diffstat (limited to 'src/firejail/sbox.c')
| -rw-r--r-- | src/firejail/sbox.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c index 933c93b0d..f9c41f661 100644 --- a/src/firejail/sbox.c +++ b/src/firejail/sbox.c | |||
| @@ -203,15 +203,16 @@ static int __attribute__((noreturn)) sbox_do_exec_v(unsigned filtermask, char * | |||
| 203 | } | 203 | } |
| 204 | } | 204 | } |
| 205 | 205 | ||
| 206 | if (filtermask & SBOX_ROOT) { | 206 | if (filtermask & SBOX_USER) |
| 207 | drop_privs(1); | ||
| 208 | else if (filtermask & SBOX_ROOT) { | ||
| 207 | // elevate privileges in order to get grsecurity working | 209 | // elevate privileges in order to get grsecurity working |
| 208 | if (setreuid(0, 0)) | 210 | if (setreuid(0, 0)) |
| 209 | errExit("setreuid"); | 211 | errExit("setreuid"); |
| 210 | if (setregid(0, 0)) | 212 | if (setregid(0, 0)) |
| 211 | errExit("setregid"); | 213 | errExit("setregid"); |
| 212 | } | 214 | } |
| 213 | else if (filtermask & SBOX_USER) | 215 | else assert(0); |
| 214 | drop_privs(1); | ||
| 215 | 216 | ||
| 216 | if (arg[0]) { // get rid of scan-build warning | 217 | if (arg[0]) { // get rid of scan-build warning |
| 217 | int fd = open(arg[0], O_PATH | O_CLOEXEC); | 218 | int fd = open(arg[0], O_PATH | O_CLOEXEC); |