From b1d2966d180297c271e54e8c9fe83b2a65aeb0e7 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Sat, 15 Sep 2018 11:27:48 -0400
Subject: fix --bandwidth, --cpu.print

---
 src/firejail/bandwidth.c | 10 ++++++++++
 src/firejail/cpu.c       | 11 ++---------
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c
index d7764682a..d0487d49a 100644
--- a/src/firejail/bandwidth.c
+++ b/src/firejail/bandwidth.c
@@ -338,6 +338,16 @@ void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, in
 		exit(1);
 	}
 
+	// check privileges for non-root users
+	uid_t uid = getuid();
+	if (uid != 0) {
+		uid_t sandbox_uid = pid_get_uid(pid);
+		if (uid != sandbox_uid) {
+			fprintf(stderr, "Error: permission is denied to join a sandbox created by a different user.\n");
+			exit(1);
+		}
+	}
+
 	EUID_ROOT();
 	if (join_namespace(child, "net")) {
 		fprintf(stderr, "Error: cannot join the network namespace\n");
diff --git a/src/firejail/cpu.c b/src/firejail/cpu.c
index a92562e67..e2517ddd7 100644
--- a/src/firejail/cpu.c
+++ b/src/firejail/cpu.c
@@ -162,6 +162,7 @@ static void print_cpu(int pid) {
 	free(file);
 }
 
+// allow any user to run --cpu.print
 void cpu_print_filter(pid_t pid) {
 	EUID_ASSERT();
 
@@ -174,15 +175,7 @@ void cpu_print_filter(pid_t pid) {
 		exit(1);
 	}
 
-	// check privileges for non-root users
-	uid_t uid = getuid();
-	if (uid != 0) {
-		uid_t sandbox_uid = pid_get_uid(pid);
-		if (uid != sandbox_uid) {
-			fprintf(stderr, "Error: permission denied.\n");
-			exit(1);
-		}
-	}
+
 
 	print_cpu(pid);
 	exit(0);
-- 
cgit v1.2.3-54-g00ecf