aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/firejail/checkcfg.c2
-rw-r--r--src/firejail/main.c7
-rw-r--r--src/firejail/sandbox.c2
3 files changed, 8 insertions, 3 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index 4fdbe1897..3ea8caf5b 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -47,7 +47,7 @@ int checkcfg(int val) {
47 47
48 FILE *fp = fopen(fname, "r"); 48 FILE *fp = fopen(fname, "r");
49 if (!fp) { 49 if (!fp) {
50 fprintf(stderr, "Error: Firejail configuration file %s not found\n", fname); 50 fprintf(stderr, "Warning: Firejail configuration file %s not found\n", fname);
51 exit(1); 51 exit(1);
52 } 52 }
53 53
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 2f4a78d4b..cda9e788e 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -806,7 +806,7 @@ int main(int argc, char **argv) {
806 } 806 }
807 } 807 }
808 808
809 // is this a login shell, or a command passed by sshd insert command line options from /etc/firejail/login.users 809 // is this a login shell, or a command passed by sshd, insert command line options from /etc/firejail/login.users
810 if (*argv[0] == '-' || parent_sshd) { 810 if (*argv[0] == '-' || parent_sshd) {
811 fullargc = restricted_shell(cfg.username); 811 fullargc = restricted_shell(cfg.username);
812 if (fullargc) { 812 if (fullargc) {
@@ -825,6 +825,11 @@ int main(int argc, char **argv) {
825 check_user(argc, argv); // the function will not return if --user option was found 825 check_user(argc, argv); // the function will not return if --user option was found
826 } 826 }
827 827
828
829 // check for force-nonewprivs in /etc/firejail/firejail.config file
830 if (!option_force && checkcfg(CFG_FORCE_NONEWPRIVS))
831 arg_nonewprivs = 1;
832
828 // parse arguments 833 // parse arguments
829 for (i = 1; i < argc; i++) { 834 for (i = 1; i < argc; i++) {
830 run_cmd_and_exit(i, argc, argv); // will exit if the command is recognized 835 run_cmd_and_exit(i, argc, argv); // will exit if the command is recognized
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 6133a610d..843c1efe5 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -750,7 +750,7 @@ int sandbox(void* sandbox_arg) {
750 //**************************************** 750 //****************************************
751 // Set NO_NEW_PRIVS if desired 751 // Set NO_NEW_PRIVS if desired
752 //**************************************** 752 //****************************************
753 if (arg_nonewprivs || checkcfg(CFG_FORCE_NONEWPRIVS)) { 753 if (arg_nonewprivs) {
754 int no_new_privs = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); 754 int no_new_privs = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
755 755
756 if(no_new_privs != 0) 756 if(no_new_privs != 0)
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-08-21 04:25:15 +0000