From 90877c63eecf5e161c86df6b0c62006029e2677e Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Mon, 23 Apr 2018 09:38:21 -0400
Subject: fix user database access

---
 src/lib/firejail_user.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/firejail_user.c b/src/lib/firejail_user.c
index 7d9784392..09a4da0e7 100644
--- a/src/lib/firejail_user.c
+++ b/src/lib/firejail_user.c
@@ -28,6 +28,7 @@
 #include "../include/common.h"
 #include <sys/types.h>
 #include <pwd.h>
+#include "../../uids.h"
 
 #define MAXBUF 4098
 static inline char *get_fname(void) {
@@ -41,15 +42,13 @@ static inline char *get_fname(void) {
 int firejail_user_check(const char *name) {
 	assert(name);
 
-	// root allowed by default
+	// root is allowed to run firejail by default
 	if (strcmp(name, "root") == 0)
 		return 1;
 
-	// user nobody disabled by default
-	if (strcmp(name, "nobody") == 0) {
-		fprintf(stderr, "Error: user nobody is not allowed to run the sandbox\n");
-		exit(1);
-	}
+	// other system users will run the program as is
+	if (getuid() < UID_MIN || strcmp(name, "nobody") == 0)
+		return 0;
 
 	// check file existence
 	char *fname = get_fname();
-- 
cgit v1.2.3-54-g00ecf