From 7bd26cefd0b43c2fa43a60d87ccec134e854f521 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Mon, 2 May 2016 09:08:07 -0400
Subject: don't allow negative values for nice when running as regular user

---
 src/firejail/main.c    | 2 ++
 src/firejail/profile.c | 2 ++
 src/man/firejail.txt   | 3 ++-
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/firejail/main.c b/src/firejail/main.c
index 54b9c05f0..3ba3dd531 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1023,6 +1023,8 @@ int main(int argc, char **argv) {
 			read_cpu_list(argv[i] + 6);
 		else if (strncmp(argv[i], "--nice=", 7) == 0) {
 			cfg.nice = atoi(argv[i] + 7);
+			if (getuid() != 0 &&cfg.nice < 0)
+				cfg.nice = 0;
 			arg_nice = 1;
 		}
 		else if (strncmp(argv[i], "--cgroup=", 9) == 0) {
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index d564cd39c..2b3984a99 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -559,6 +559,8 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 	// nice value
 	if (strncmp(ptr, "nice ", 4) == 0) {
 		cfg.nice = atoi(ptr + 5);
+		if (getuid() != 0 &&cfg.nice < 0)
+			cfg.nice = 0;
 		arg_nice = 1;
 		return 0;
 	}
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 19415a332..6be278063 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -800,12 +800,13 @@ PID  User    RX(KB/s) TX(KB/s) Command
 .TP
 \fB\-\-nice=value
 Set nice value for all processes running inside the sandbox.
+Only root may specify a negative value.
 .br
 
 .br
 Example:
 .br
-$ firejail --nice=-5 firefox
+$ firejail --nice=2 firefox
 
 
 .TP
-- 
cgit v1.2.3-70-g09d2