diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/run_symlink.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/firejail/run_symlink.c b/src/firejail/run_symlink.c index 7369e15f3..5d59afad4 100644 --- a/src/firejail/run_symlink.c +++ b/src/firejail/run_symlink.c | |||
@@ -30,11 +30,10 @@ void run_symlink(int argc, char **argv) { | |||
30 | program += 1; | 30 | program += 1; |
31 | else | 31 | else |
32 | program = argv[0]; | 32 | program = argv[0]; |
33 | if (strcmp(program, "firejail") == 0) | 33 | if (strcmp(program, "firejail") == 0) // this is a regular "firejail program" sandbox starting |
34 | return; | 34 | return; |
35 | 35 | ||
36 | // find the real program | 36 | // find the real program by looking in PATH |
37 | // probably the first entry returend by "which -a" is a symlink - use the second entry! | ||
38 | char *p = getenv("PATH"); | 37 | char *p = getenv("PATH"); |
39 | if (!p) { | 38 | if (!p) { |
40 | fprintf(stderr, "Error: PATH environment variable not set\n"); | 39 | fprintf(stderr, "Error: PATH environment variable not set\n"); |
@@ -84,6 +83,12 @@ void run_symlink(int argc, char **argv) { | |||
84 | 83 | ||
85 | free(selfpath); | 84 | free(selfpath); |
86 | 85 | ||
86 | // desktop integration is not supported for root user; instead, the original program is started | ||
87 | if (getuid() == 0) { | ||
88 | argv[0] = program; | ||
89 | execv(program, argv); | ||
90 | exit(1); | ||
91 | } | ||
87 | 92 | ||
88 | // start the argv[0] program in a new sandbox | 93 | // start the argv[0] program in a new sandbox |
89 | // drop privileges | 94 | // drop privileges |