diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2021-11-30 19:45:07 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2021-12-01 15:55:28 -0300 |
commit | 28d3091620602d789a4782ce2715f1e4e539e5a8 (patch) | |
tree | 4ece333df51797790e4b3b8e899675ec3c62e2d8 | |
parent | Merge pull request #4727 from glitsj16/electron (diff) | |
download | firejail-28d3091620602d789a4782ce2715f1e4e539e5a8.tar.gz firejail-28d3091620602d789a4782ce2715f1e4e539e5a8.tar.zst firejail-28d3091620602d789a4782ce2715f1e4e539e5a8.zip |
util.c: Rename nogroups to force_nogroups on drop_privs
To not be confused with arg_nogroups, as in the vast majority of cases
drop_privs is called with either 0 or 1 rather than arg_nogroups. The
rename makes it clearer that what the parameter does is to drop all
groups without exception, unlike arg_nogroups, which may have certain
groups be kept.
-rw-r--r-- | src/firejail/firejail.h | 2 | ||||
-rw-r--r-- | src/firejail/util.c | 9 |
2 files changed, 6 insertions, 5 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index a7673ae20..bbc496afc 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -506,7 +506,7 @@ void errLogExit(char* fmt, ...) __attribute__((noreturn)); | |||
506 | void fwarning(char* fmt, ...); | 506 | void fwarning(char* fmt, ...); |
507 | void fmessage(char* fmt, ...); | 507 | void fmessage(char* fmt, ...); |
508 | long long unsigned parse_arg_size(char *str); | 508 | long long unsigned parse_arg_size(char *str); |
509 | void drop_privs(int nogroups); | 509 | void drop_privs(int force_nogroups); |
510 | int mkpath_as_root(const char* path); | 510 | int mkpath_as_root(const char* path); |
511 | void extract_command_name(int index, char **argv); | 511 | void extract_command_name(int index, char **argv); |
512 | void logsignal(int s); | 512 | void logsignal(int s); |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 97afe9649..55df44414 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -215,15 +215,16 @@ clean_all: | |||
215 | 215 | ||
216 | 216 | ||
217 | // drop privileges | 217 | // drop privileges |
218 | // - for root group or if nogroups is set, supplementary groups are not configured | 218 | // - for root group or if force_nogroups is set, supplementary groups are not configured |
219 | void drop_privs(int nogroups) { | 219 | void drop_privs(int force_nogroups) { |
220 | gid_t gid = getgid(); | 220 | gid_t gid = getgid(); |
221 | if (arg_debug) | 221 | if (arg_debug) |
222 | printf("Drop privileges: pid %d, uid %d, gid %d, nogroups %d\n", getpid(), getuid(), gid, nogroups); | 222 | printf("Drop privileges: pid %d, uid %d, gid %d, force_nogroups %d\n", |
223 | getpid(), getuid(), gid, force_nogroups); | ||
223 | 224 | ||
224 | // configure supplementary groups | 225 | // configure supplementary groups |
225 | EUID_ROOT(); | 226 | EUID_ROOT(); |
226 | if (gid == 0 || nogroups) { | 227 | if (gid == 0 || force_nogroups) { |
227 | if (setgroups(0, NULL) < 0) | 228 | if (setgroups(0, NULL) < 0) |
228 | errExit("setgroups"); | 229 | errExit("setgroups"); |
229 | if (arg_debug) | 230 | if (arg_debug) |