From f65fceb93caae524fcbd3a2c161618e0cb3099a6 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Fri, 8 Apr 2016 11:51:19 -0400
Subject: network profile fix

---
 src/firejail/profile.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'src')

diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 22d6beb56..a917152ff 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -235,6 +235,19 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 	else if (strncmp(ptr, "net ", 4) == 0) {
 #ifdef HAVE_NETWORK
 		if (checkcfg(CFG_NETWORK)) {
+#ifdef HAVE_NETWORK_RESTRICTED
+			// compile time restricted networking
+			if (getuid() != 0) {
+				fprintf(stderr, "Error: only \"net none\" is allowed to non-root users\n");
+				exit(1);
+			}
+#endif
+			// run time restricted networking
+			if (checkcfg(CFG_RESTRICTED_NETWORK) && getuid() != 0) {
+				fprintf(stderr, "Error: only \"net none\" is allowed to non-root users\n");
+				exit(1);
+			}
+			
 			if (strcmp(ptr + 4, "lo") == 0) {
 				fprintf(stderr, "Error: cannot attach to lo device\n");
 				exit(1);
-- 
cgit v1.2.3-54-g00ecf