diff options
Diffstat (limited to 'src/firejail/util.c')
| -rw-r--r-- | src/firejail/util.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/src/firejail/util.c b/src/firejail/util.c index b8643ff60..edd08bb41 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
| @@ -981,7 +981,7 @@ int remove_overlay_directory(void) { | |||
| 981 | int fd = safer_openat(-1, path, O_PATH|O_NOFOLLOW|O_CLOEXEC); | 981 | int fd = safer_openat(-1, path, O_PATH|O_NOFOLLOW|O_CLOEXEC); |
| 982 | if (fd == -1) { | 982 | if (fd == -1) { |
| 983 | fprintf(stderr, "Error: cannot open %s\n", path); | 983 | fprintf(stderr, "Error: cannot open %s\n", path); |
| 984 | _exit(1); | 984 | exit(1); |
| 985 | } | 985 | } |
| 986 | struct stat s; | 986 | struct stat s; |
| 987 | if (fstat(fd, &s) == -1) | 987 | if (fstat(fd, &s) == -1) |
| @@ -991,11 +991,11 @@ int remove_overlay_directory(void) { | |||
| 991 | fprintf(stderr, "Error: %s is a symbolic link\n", path); | 991 | fprintf(stderr, "Error: %s is a symbolic link\n", path); |
| 992 | else | 992 | else |
| 993 | fprintf(stderr, "Error: %s is not a directory\n", path); | 993 | fprintf(stderr, "Error: %s is not a directory\n", path); |
| 994 | _exit(1); | 994 | exit(1); |
| 995 | } | 995 | } |
| 996 | if (s.st_uid != getuid()) { | 996 | if (s.st_uid != getuid()) { |
| 997 | fprintf(stderr, "Error: %s is not owned by the current user\n", path); | 997 | fprintf(stderr, "Error: %s is not owned by the current user\n", path); |
| 998 | _exit(1); | 998 | exit(1); |
| 999 | } | 999 | } |
| 1000 | // chdir to ~/.firejail | 1000 | // chdir to ~/.firejail |
| 1001 | if (fchdir(fd) == -1) | 1001 | if (fchdir(fd) == -1) |
| @@ -1187,7 +1187,6 @@ unsigned extract_timeout(const char *str) { | |||
| 1187 | 1187 | ||
| 1188 | void disable_file_or_dir(const char *fname) { | 1188 | void disable_file_or_dir(const char *fname) { |
| 1189 | assert(fname); | 1189 | assert(fname); |
| 1190 | assert(geteuid() == 0); | ||
| 1191 | 1190 | ||
| 1192 | EUID_USER(); | 1191 | EUID_USER(); |
| 1193 | int fd = open(fname, O_PATH|O_CLOEXEC); | 1192 | int fd = open(fname, O_PATH|O_CLOEXEC); |
| @@ -1207,7 +1206,7 @@ void disable_file_or_dir(const char *fname) { | |||
| 1207 | printf("blacklist %s\n", fname); | 1206 | printf("blacklist %s\n", fname); |
| 1208 | if (S_ISDIR(s.st_mode)) { | 1207 | if (S_ISDIR(s.st_mode)) { |
| 1209 | if (bind_mount_path_to_fd(RUN_RO_DIR, fd) < 0) | 1208 | if (bind_mount_path_to_fd(RUN_RO_DIR, fd) < 0) |
| 1210 | errExit("disable directory"); | 1209 | errExit("disable directory"); |
| 1211 | } | 1210 | } |
| 1212 | else { | 1211 | else { |
| 1213 | if (bind_mount_path_to_fd(RUN_RO_FILE, fd) < 0) | 1212 | if (bind_mount_path_to_fd(RUN_RO_FILE, fd) < 0) |