On 05/29/2018 06:46 PM, Reiner Herrmann wrote: > Control: forwarded -1 https://github.com/netblue30/firejail/issues/1964 > > On Tue, May 29, 2018 at 11:35:24AM +0200, Alex Mestiashvili wrote: >> not able to use firejail after updating to 0.9.54-1 due to new check for >> UID_MIN. My user is a system user with UID 256. >> >> Firejail should not ignore users defined in the users database >> /etc/firejail/firejail.users even if they have uid lower that UID_MIN >> (defined in /etc/login.defs on a buildd!) > > Thanks for reporting this. I forwarded it upstream and suggested > to obtain the limit at runtime instead of hardcoding it.
Thank you! I commented on the issue as I don't see a good reason for UID_MIN check if there is a user database check.. > >> @@ -83,6 +78,11 @@ int firejail_user_check(const char *name >> >> fclose(fp); >> return 0; >> + >> + // other system users will run the program as is >> + uid_t uid = getuid(); >> + if ((uid < UID_MIN && uid != 0) || strcmp(name, "nobody") == 0) >> + return 0; >> } >> >> // add a user to the database > > This will not work, as you moved the block behind a return statement. > The code can now never be reached. Ah, right, good that you spot that! but it seems to me that this check is redundant anyway. So I guess it is safe to remove it. Best regards, Alex
