diff options
Diffstat (limited to 'src/lib/firejail_user.c')
| -rw-r--r-- | src/lib/firejail_user.c | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/src/lib/firejail_user.c b/src/lib/firejail_user.c index c7af14254..b0f56a19a 100644 --- a/src/lib/firejail_user.c +++ b/src/lib/firejail_user.c | |||
| @@ -107,10 +107,8 @@ int firejail_user_check(const char *name) { | |||
| 107 | if (strcmp(name, "root") == 0) | 107 | if (strcmp(name, "root") == 0) |
| 108 | return 1; | 108 | return 1; |
| 109 | 109 | ||
| 110 | // other system users will run the program as is | 110 | // user nobody is never allowed |
| 111 | uid_t uid = getuid(); | 111 | if (strcmp(name, "root") == 0) |
| 112 | assert(uid_min > 0); | ||
| 113 | if (((int) uid < uid_min && uid != 0) || strcmp(name, "nobody") == 0) | ||
| 114 | return 0; | 112 | return 0; |
| 115 | 113 | ||
| 116 | // check file existence | 114 | // check file existence |
| @@ -155,7 +153,7 @@ void firejail_user_add(const char *name) { | |||
| 155 | struct passwd *pw = getpwnam(name); | 153 | struct passwd *pw = getpwnam(name); |
| 156 | if (!pw) { | 154 | if (!pw) { |
| 157 | fprintf(stderr, "Error: user %s not found on this system.\n", name); | 155 | fprintf(stderr, "Error: user %s not found on this system.\n", name); |
| 158 | return; | 156 | exit(1); |
| 159 | } | 157 | } |
| 160 | 158 | ||
| 161 | // check the user is not already in the database | 159 | // check the user is not already in the database |