Try to fix #2310 -- Can't create run directory without suid-root

src/common.mk.in

@@ -23,6 +23,11 @@ HAVE_FIRETUNNEL=@HAVE_FIRETUNNEL@
 HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@
 HAVE_GCOV=@HAVE_GCOV@
 HAVE_SELINUX=@HAVE_SELINUX@
+ifeq (@HAVE_SUID@, yes)
+HAVE_SUID=-DHAVE_SUID
+else
+HAVE_SUID=
+endif
 HAVE_DBUSPROXY=@HAVE_DBUSPROXY@
 HAVE_USERTMPFS=@HAVE_USERTMPFS@
 HAVE_OUTPUT=@HAVE_OUTPUT@
@@ -37,7 +42,7 @@ BINOBJS =  $(foreach file, $(OBJS), $file)
 CFLAGS = @CFLAGS@
 CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV)
 CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"'
-MANFLAGS = $(HAVE_LTS) $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX) $(HAVE_FORCE_NONEWPRIVS)
+MANFLAGS = $(HAVE_LTS) $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX) $(HAVE_SUID) $(HAVE_FORCE_NONEWPRIVS)
 CFLAGS += $(MANFLAGS)
 CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security
 LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now -lpthread

src/firejail/main.c

@@ -982,6 +982,14 @@ int main(int argc, char **argv, char **envp) {
 	int arg_caps_cmdline = 0; 	// caps requested on command line (used to break out of --chroot)
 	char **ptr;
 
+#ifndef HAVE_SUID
+	if (geteuid() != 0) {
+		fprintf(stderr, "Error: Firejail needs to be SUID.\n");
+		fprintf(stderr, "Assuming firejail is installed in /usr/bin, execute the following command as root:\n");
+		fprintf(stderr, "  chmod u+s /usr/bin/firejail\n");
+	}
+#endif
+
 	// sanitize the umask
 	orig_umask = umask(022);