diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 8 | ||||
-rw-r--r-- | src/man/firejail.txt | 4 |
2 files changed, 10 insertions, 2 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index f3b656e2e..e1f19dd14 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -409,6 +409,10 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
409 | #ifdef HAVE_NETWORK | 409 | #ifdef HAVE_NETWORK |
410 | else if (strcmp(argv[i], "--nettrace") == 0) { | 410 | else if (strcmp(argv[i], "--nettrace") == 0) { |
411 | if (checkcfg(CFG_NETWORK)) { | 411 | if (checkcfg(CFG_NETWORK)) { |
412 | if (getuid() != 0) { | ||
413 | fprintf(stderr, "Error: --nettrace is only available to root user\n"); | ||
414 | exit(1); | ||
415 | } | ||
412 | netfilter_trace(0); | 416 | netfilter_trace(0); |
413 | } | 417 | } |
414 | else | 418 | else |
@@ -417,6 +421,10 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
417 | } | 421 | } |
418 | else if (strncmp(argv[i], "--nettrace=", 11) == 0) { | 422 | else if (strncmp(argv[i], "--nettrace=", 11) == 0) { |
419 | if (checkcfg(CFG_NETWORK)) { | 423 | if (checkcfg(CFG_NETWORK)) { |
424 | if (getuid() != 0) { | ||
425 | fprintf(stderr, "Error: --nettrace is only available to root user\n"); | ||
426 | exit(1); | ||
427 | } | ||
420 | pid_t pid = require_pid(argv[i] + 11); | 428 | pid_t pid = require_pid(argv[i] + 11); |
421 | netfilter_trace(pid); | 429 | netfilter_trace(pid); |
422 | } | 430 | } |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index f78b75346..5f352c843 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1528,7 +1528,7 @@ PID User RX(KB/s) TX(KB/s) Command | |||
1528 | .TP | 1528 | .TP |
1529 | \fB\-\-nettrace[=name|pid] | 1529 | \fB\-\-nettrace[=name|pid] |
1530 | Monitor TCP and UDP traffic coming into the sandbox specified by name or pid. Only networked sandboxes | 1530 | Monitor TCP and UDP traffic coming into the sandbox specified by name or pid. Only networked sandboxes |
1531 | created with \-\-net are supported. | 1531 | created with \-\-net are supported. This option is only available when running the sandbox as root. |
1532 | .br | 1532 | .br |
1533 | 1533 | ||
1534 | .br | 1534 | .br |
@@ -1536,7 +1536,7 @@ Without a name/pid, Firejail will monitor the main system network namespace. | |||
1536 | .br | 1536 | .br |
1537 | 1537 | ||
1538 | .br | 1538 | .br |
1539 | $ firejail --nettrace=browser | 1539 | $ sudo firejail --nettrace=browser |
1540 | .br | 1540 | .br |
1541 | 1541 | ||
1542 | .br | 1542 | .br |