From 742d2a26ca5281b9d1b161011d92164a4f3dc90e Mon Sep 17 00:00:00 2001
From: Glenn Washburn <development@efficientek.com>
Date: Thu, 29 Aug 2019 22:42:05 -0500
Subject: Make sure that we are unprivileged before creating the trace log
 file.

---
 src/firejail/fs_trace.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c
index eac73a074..2a7c83049 100644
--- a/src/firejail/fs_trace.c
+++ b/src/firejail/fs_trace.c
@@ -45,14 +45,16 @@ void fs_trace_preload(void) {
 		if (arg_debug)
 			printf("Creating an empty trace log file: %s\n", arg_tracefile);
 		// create a bind mounted trace logfile that the sandbox can see
+		EUID_USER();
 		FILE *fp = fopen(arg_tracefile, "w");
 		if (!fp)
 			errExit("fopen");
 		SET_PERMS_STREAM(fp, firejail_uid, firejail_gid, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH);
 		fclose(fp);
+		EUID_ROOT();
 		fp = fopen(RUN_TRACE_FILE, "w");
 		if (!fp)
-			errExit("fopen");
+			errExit("fopen " RUN_TRACE_FILE);
 		fclose(fp);
 		fs_logger2("touch ", arg_tracefile);
 		if (mount(arg_tracefile, RUN_TRACE_FILE, NULL, MS_BIND|MS_REC, NULL) < 0)
-- 
cgit v1.2.3-54-g00ecf