From 689c89738a9c575b0088ef288013aaf743d93eca Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sun, 15 May 2016 09:01:23 -0400 Subject: allow regular users to use --writable-var and --writable-etc --- src/firejail/main.c | 8 -------- src/firejail/profile.c | 8 -------- src/firejail/usage.c | 6 ++---- src/man/firejail-profile.txt | 6 ++---- src/man/firejail.txt | 4 ++-- 5 files changed, 6 insertions(+), 26 deletions(-) (limited to 'src') diff --git a/src/firejail/main.c b/src/firejail/main.c index 59f500e3a..a540d468b 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -1285,10 +1285,6 @@ int main(int argc, char **argv) { } #endif else if (strcmp(argv[i], "--writable-etc") == 0) { - if (getuid() != 0) { - fprintf(stderr, "Error: --writable-etc is available only for root user\n"); - exit(1); - } if (cfg.etc_private_keep) { fprintf(stderr, "Error: --private-etc and --writable-etc are mutually exclusive\n"); exit(1); @@ -1296,10 +1292,6 @@ int main(int argc, char **argv) { arg_writable_etc = 1; } else if (strcmp(argv[i], "--writable-var") == 0) { - if (getuid() != 0) { - fprintf(stderr, "Error: --writable-var is available only for root user\n"); - exit(1); - } arg_writable_var = 1; } else if (strcmp(argv[i], "--private") == 0) diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 095e5eecc..3bf294e00 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c @@ -573,10 +573,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { // writable-etc if (strcmp(ptr, "writable-etc") == 0) { - if (getuid() != 0) { - fprintf(stderr, "Error: writable-etc is available only for root user\n"); - exit(1); - } if (cfg.etc_private_keep) { fprintf(stderr, "Error: private-etc and writable-etc are mutually exclusive\n"); exit(1); @@ -587,10 +583,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { // writable-var if (strcmp(ptr, "writable-var") == 0) { - if (getuid() != 0) { - fprintf(stderr, "Error: writable-var is available only for root user\n"); - exit(1); - } arg_writable_var = 1; return 0; } diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 8c738a0fc..ef02c0d72 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c @@ -248,10 +248,8 @@ void usage(void) { printf(" --version - print program version and exit.\n\n"); printf(" --whitelist=dirname_or_filename - whitelist directory or file.\n\n"); - printf(" --writable-etc - /etc directory is mounted read-write. This option is\n"); - printf("\tavailable only when running the sandbox as root user.\n\n"); - printf(" --writable-var - /var directory is mounted read-write. This option is\n"); - printf("\tavailable only when running the sandbox as root user.\n\n"); + printf(" --writable-etc - /etc directory is mounted read-write.\n\n"); + printf(" --writable-var - /var directory is mounted read-write.\n\n"); printf(" --x11 - enable X11 server. The software checks first if Xpra is installed,\n"); printf("\tthen it checks if Xephyr is installed.\n\n"); diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 8f9eedbd3..4d1de76f5 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt @@ -194,12 +194,10 @@ The modifications to file_or_directory are persistent, everything else is discar when the sandbox is closed. .TP \fBwritable-etc -Mount /etc directory read-write. This option is available only -when running the sandbox as root user. +Mount /etc directory read-write. .TP \fBwritable-var -Mount /var directory read-write. This option is available only -when running the sandbox as root user. +Mount /var directory read-write. .SH Security filters The following security filters are currently implemented: diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 807b3e39e..29a84f71e 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -1480,7 +1480,7 @@ $ firejail "\-\-whitelist=/home/username/My Virtual Machines" .TP \fB\-\-writable-etc -Mount /etc directory read-write. This option is available only when running the sandbox as root user. +Mount /etc directory read-write. .br .br @@ -1490,7 +1490,7 @@ $ sudo firejail --writable-etc .TP \fB\-\-writable-var -Mount /var directory read-write. This option is available only when running the sandbox as root user. +Mount /var directory read-write. .br .br -- cgit v1.2.3-54-g00ecf