diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/profile.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 22d6beb56..a917152ff 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -235,6 +235,19 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
235 | else if (strncmp(ptr, "net ", 4) == 0) { | 235 | else if (strncmp(ptr, "net ", 4) == 0) { |
236 | #ifdef HAVE_NETWORK | 236 | #ifdef HAVE_NETWORK |
237 | if (checkcfg(CFG_NETWORK)) { | 237 | if (checkcfg(CFG_NETWORK)) { |
238 | #ifdef HAVE_NETWORK_RESTRICTED | ||
239 | // compile time restricted networking | ||
240 | if (getuid() != 0) { | ||
241 | fprintf(stderr, "Error: only \"net none\" is allowed to non-root users\n"); | ||
242 | exit(1); | ||
243 | } | ||
244 | #endif | ||
245 | // run time restricted networking | ||
246 | if (checkcfg(CFG_RESTRICTED_NETWORK) && getuid() != 0) { | ||
247 | fprintf(stderr, "Error: only \"net none\" is allowed to non-root users\n"); | ||
248 | exit(1); | ||
249 | } | ||
250 | |||
238 | if (strcmp(ptr + 4, "lo") == 0) { | 251 | if (strcmp(ptr + 4, "lo") == 0) { |
239 | fprintf(stderr, "Error: cannot attach to lo device\n"); | 252 | fprintf(stderr, "Error: cannot attach to lo device\n"); |
240 | exit(1); | 253 | exit(1); |