diff options
Diffstat (limited to 'src/firejail/util.c')
-rw-r--r-- | src/firejail/util.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/src/firejail/util.c b/src/firejail/util.c index b8643ff60..edd08bb41 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -981,7 +981,7 @@ int remove_overlay_directory(void) { | |||
981 | int fd = safer_openat(-1, path, O_PATH|O_NOFOLLOW|O_CLOEXEC); | 981 | int fd = safer_openat(-1, path, O_PATH|O_NOFOLLOW|O_CLOEXEC); |
982 | if (fd == -1) { | 982 | if (fd == -1) { |
983 | fprintf(stderr, "Error: cannot open %s\n", path); | 983 | fprintf(stderr, "Error: cannot open %s\n", path); |
984 | _exit(1); | 984 | exit(1); |
985 | } | 985 | } |
986 | struct stat s; | 986 | struct stat s; |
987 | if (fstat(fd, &s) == -1) | 987 | if (fstat(fd, &s) == -1) |
@@ -991,11 +991,11 @@ int remove_overlay_directory(void) { | |||
991 | fprintf(stderr, "Error: %s is a symbolic link\n", path); | 991 | fprintf(stderr, "Error: %s is a symbolic link\n", path); |
992 | else | 992 | else |
993 | fprintf(stderr, "Error: %s is not a directory\n", path); | 993 | fprintf(stderr, "Error: %s is not a directory\n", path); |
994 | _exit(1); | 994 | exit(1); |
995 | } | 995 | } |
996 | if (s.st_uid != getuid()) { | 996 | if (s.st_uid != getuid()) { |
997 | fprintf(stderr, "Error: %s is not owned by the current user\n", path); | 997 | fprintf(stderr, "Error: %s is not owned by the current user\n", path); |
998 | _exit(1); | 998 | exit(1); |
999 | } | 999 | } |
1000 | // chdir to ~/.firejail | 1000 | // chdir to ~/.firejail |
1001 | if (fchdir(fd) == -1) | 1001 | if (fchdir(fd) == -1) |
@@ -1187,7 +1187,6 @@ unsigned extract_timeout(const char *str) { | |||
1187 | 1187 | ||
1188 | void disable_file_or_dir(const char *fname) { | 1188 | void disable_file_or_dir(const char *fname) { |
1189 | assert(fname); | 1189 | assert(fname); |
1190 | assert(geteuid() == 0); | ||
1191 | 1190 | ||
1192 | EUID_USER(); | 1191 | EUID_USER(); |
1193 | int fd = open(fname, O_PATH|O_CLOEXEC); | 1192 | int fd = open(fname, O_PATH|O_CLOEXEC); |
@@ -1207,7 +1206,7 @@ void disable_file_or_dir(const char *fname) { | |||
1207 | printf("blacklist %s\n", fname); | 1206 | printf("blacklist %s\n", fname); |
1208 | if (S_ISDIR(s.st_mode)) { | 1207 | if (S_ISDIR(s.st_mode)) { |
1209 | if (bind_mount_path_to_fd(RUN_RO_DIR, fd) < 0) | 1208 | if (bind_mount_path_to_fd(RUN_RO_DIR, fd) < 0) |
1210 | errExit("disable directory"); | 1209 | errExit("disable directory"); |
1211 | } | 1210 | } |
1212 | else { | 1211 | else { |
1213 | if (bind_mount_path_to_fd(RUN_RO_FILE, fd) < 0) | 1212 | if (bind_mount_path_to_fd(RUN_RO_FILE, fd) < 0) |