diff options
Diffstat (limited to 'src/lib/firejail_user.c')
| -rw-r--r-- | src/lib/firejail_user.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/firejail_user.c b/src/lib/firejail_user.c index 5d92aa133..09a4da0e7 100644 --- a/src/lib/firejail_user.c +++ b/src/lib/firejail_user.c | |||
| @@ -28,6 +28,7 @@ | |||
| 28 | #include "../include/common.h" | 28 | #include "../include/common.h" |
| 29 | #include <sys/types.h> | 29 | #include <sys/types.h> |
| 30 | #include <pwd.h> | 30 | #include <pwd.h> |
| 31 | #include "../../uids.h" | ||
| 31 | 32 | ||
| 32 | #define MAXBUF 4098 | 33 | #define MAXBUF 4098 |
| 33 | static inline char *get_fname(void) { | 34 | static inline char *get_fname(void) { |
| @@ -41,10 +42,14 @@ static inline char *get_fname(void) { | |||
| 41 | int firejail_user_check(const char *name) { | 42 | int firejail_user_check(const char *name) { |
| 42 | assert(name); | 43 | assert(name); |
| 43 | 44 | ||
| 44 | // root allowed by default | 45 | // root is allowed to run firejail by default |
| 45 | if (strcmp(name, "root") == 0) | 46 | if (strcmp(name, "root") == 0) |
| 46 | return 1; | 47 | return 1; |
| 47 | 48 | ||
| 49 | // other system users will run the program as is | ||
| 50 | if (getuid() < UID_MIN || strcmp(name, "nobody") == 0) | ||
| 51 | return 0; | ||
| 52 | |||
| 48 | // check file existence | 53 | // check file existence |
| 49 | char *fname = get_fname(); | 54 | char *fname = get_fname(); |
| 50 | if (access(fname, F_OK)) { | 55 | if (access(fname, F_OK)) { |