From 95deecf1f3128c2fd6984c6b6f4a8f540441188b Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Sun, 26 Aug 2018 13:23:28 -0400
Subject: allow system users to run the sandbox

---
 src/lib/firejail_user.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

(limited to 'src/lib/firejail_user.c')

diff --git a/src/lib/firejail_user.c b/src/lib/firejail_user.c
index c7af14254..b0f56a19a 100644
--- a/src/lib/firejail_user.c
+++ b/src/lib/firejail_user.c
@@ -107,10 +107,8 @@ int firejail_user_check(const char *name) {
 	if (strcmp(name, "root") == 0)
 		return 1;
 
-	// other system users will run the program as is
-	uid_t uid = getuid();
-	assert(uid_min > 0);
-	if (((int) uid < uid_min && uid != 0) || strcmp(name, "nobody") == 0)
+	// user nobody is never allowed
+	if (strcmp(name, "root") == 0)
 		return 0;
 
 	// check file existence
@@ -155,7 +153,7 @@ void firejail_user_add(const char *name) {
 	struct passwd *pw = getpwnam(name);
 	if (!pw) {
 		fprintf(stderr, "Error: user %s not found on this system.\n", name);
-		return;
+		exit(1);
 	}
 
 	// check the user is not already in the database
-- 
cgit v1.2.3-54-g00ecf