From 37bc54cef3d156a9e9c0363c11c93e9de0b9f3e0 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Sat, 10 Mar 2018 16:55:28 -0500
Subject: disable symlinks for root user

---
 src/firejail/run_symlink.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/firejail/run_symlink.c b/src/firejail/run_symlink.c
index 7369e15f3..5d59afad4 100644
--- a/src/firejail/run_symlink.c
+++ b/src/firejail/run_symlink.c
@@ -30,11 +30,10 @@ void run_symlink(int argc, char **argv) {
 		program += 1;
 	else
 		program = argv[0];
-	if (strcmp(program, "firejail") == 0)
+	if (strcmp(program, "firejail") == 0) // this is a regular "firejail program" sandbox starting
 		return;
 
-	// find the real program
-	// probably the first entry returend by "which -a" is a symlink - use the second entry!
+	// find the real program by looking in PATH
 	char *p = getenv("PATH");
 	if (!p) {
 		fprintf(stderr, "Error: PATH environment variable not set\n");
@@ -84,6 +83,12 @@ void run_symlink(int argc, char **argv) {
 
 	free(selfpath);
 
+	// desktop integration is not supported for root user; instead, the original program is started
+	if (getuid() == 0) {
+		argv[0] = program;
+		execv(program, argv);
+		exit(1);
+	}
 
 	// start the argv[0] program in a new sandbox
 	// drop privileges
-- 
cgit v1.2.3-54-g00ecf