From 15d79383880e4a6efecd373b344e02a5a895c217 Mon Sep 17 00:00:00 2001
From: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Date: Thu, 13 May 2021 09:11:10 +0200
Subject: Try to fix #2310 -- Can't create run directory without suid-root

---
 src/common.mk.in    | 7 ++++++-
 src/firejail/main.c | 8 ++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/common.mk.in b/src/common.mk.in
index b379aef7f..f88da55ac 100644
--- a/src/common.mk.in
+++ b/src/common.mk.in
@@ -23,6 +23,11 @@ HAVE_FIRETUNNEL=@HAVE_FIRETUNNEL@
 HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@
 HAVE_GCOV=@HAVE_GCOV@
 HAVE_SELINUX=@HAVE_SELINUX@
+ifeq (@HAVE_SUID@, yes)
+HAVE_SUID=-DHAVE_SUID
+else
+HAVE_SUID=
+endif
 HAVE_DBUSPROXY=@HAVE_DBUSPROXY@
 HAVE_USERTMPFS=@HAVE_USERTMPFS@
 HAVE_OUTPUT=@HAVE_OUTPUT@
@@ -37,7 +42,7 @@ BINOBJS =  $(foreach file, $(OBJS), $file)
 CFLAGS = @CFLAGS@
 CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV)
 CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"'
-MANFLAGS = $(HAVE_LTS) $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX) $(HAVE_FORCE_NONEWPRIVS)
+MANFLAGS = $(HAVE_LTS) $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX) $(HAVE_SUID) $(HAVE_FORCE_NONEWPRIVS)
 CFLAGS += $(MANFLAGS)
 CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security
 LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now -lpthread
diff --git a/src/firejail/main.c b/src/firejail/main.c
index d6de6d997..f5797a2d8 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -982,6 +982,14 @@ int main(int argc, char **argv, char **envp) {
 	int arg_caps_cmdline = 0; 	// caps requested on command line (used to break out of --chroot)
 	char **ptr;
 
+#ifndef HAVE_SUID
+	if (geteuid() != 0) {
+		fprintf(stderr, "Error: Firejail needs to be SUID.\n");
+		fprintf(stderr, "Assuming firejail is installed in /usr/bin, execute the following command as root:\n");
+		fprintf(stderr, "  chmod u+s /usr/bin/firejail\n");
+	}
+#endif
+
 	// sanitize the umask
 	orig_umask = umask(022);
 
-- 
cgit v1.2.3-54-g00ecf