diff options
author | netblue30 <netblue30@yahoo.com> | 2015-10-12 10:19:33 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-10-12 10:19:33 -0400 |
commit | 894293e0184d27387ba4e05e36b9da9bc20bd7cb (patch) | |
tree | 1d3f44f727883e1ee2ac1033f815db159978153f | |
parent | --nosound option (diff) | |
download | firejail-894293e0184d27387ba4e05e36b9da9bc20bd7cb.tar.gz firejail-894293e0184d27387ba4e05e36b9da9bc20bd7cb.tar.zst firejail-894293e0184d27387ba4e05e36b9da9bc20bd7cb.zip |
--nosound
-rw-r--r-- | src/firejail/pulseaudio.c | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c index 491ef8e1b..0b2918fc0 100644 --- a/src/firejail/pulseaudio.c +++ b/src/firejail/pulseaudio.c | |||
@@ -23,15 +23,17 @@ | |||
23 | #include <sys/mount.h> | 23 | #include <sys/mount.h> |
24 | #include <dirent.h> | 24 | #include <dirent.h> |
25 | 25 | ||
26 | static void disable_file(const char *file) { | 26 | static void disable_file(const char *path, const char *file) { |
27 | assert(file); | 27 | assert(file); |
28 | assert(path); | ||
28 | 29 | ||
29 | struct stat s; | 30 | struct stat s; |
30 | char *fname; | 31 | char *fname; |
31 | if (asprintf(&fname, "/tmp/%s", file) == -1) | 32 | if (asprintf(&fname, "%s/%s", path, file) == -1) |
32 | errExit("asprintf"); | 33 | errExit("asprintf"); |
33 | if (stat(fname, &s) == -1) | 34 | if (stat(fname, &s) == -1) |
34 | return; | 35 | goto doexit; |
36 | |||
35 | if (S_ISDIR(s.st_mode)) { | 37 | if (S_ISDIR(s.st_mode)) { |
36 | if (mount(RO_DIR, fname, "none", MS_BIND, "mode=400,gid=0") < 0) | 38 | if (mount(RO_DIR, fname, "none", MS_BIND, "mode=400,gid=0") < 0) |
37 | errExit("disable file"); | 39 | errExit("disable file"); |
@@ -40,6 +42,9 @@ static void disable_file(const char *file) { | |||
40 | if (mount(RO_FILE, fname, "none", MS_BIND, "mode=400,gid=0") < 0) | 42 | if (mount(RO_FILE, fname, "none", MS_BIND, "mode=400,gid=0") < 0) |
41 | errExit("disable file"); | 43 | errExit("disable file"); |
42 | } | 44 | } |
45 | |||
46 | doexit: | ||
47 | free(fname); | ||
43 | } | 48 | } |
44 | 49 | ||
45 | // disable pulseaudio socket | 50 | // disable pulseaudio socket |
@@ -61,8 +66,8 @@ void pulseaudio_disable(void) { | |||
61 | while ((entry = readdir(dir))) { | 66 | while ((entry = readdir(dir))) { |
62 | if (strncmp(entry->d_name, "pulse-", 6) == 0) { | 67 | if (strncmp(entry->d_name, "pulse-", 6) == 0) { |
63 | if (arg_debug) | 68 | if (arg_debug) |
64 | printf("Disable %s\n", entry->d_name); | 69 | printf("Disable /tmp/%s\n", entry->d_name); |
65 | disable_file(entry->d_name); | 70 | disable_file("/tmp", entry->d_name); |
66 | } | 71 | } |
67 | } | 72 | } |
68 | 73 | ||
@@ -74,9 +79,10 @@ void pulseaudio_disable(void) { | |||
74 | char *name = getenv("XDG_RUNTIME_DIR"); | 79 | char *name = getenv("XDG_RUNTIME_DIR"); |
75 | if (name) { | 80 | if (name) { |
76 | if (arg_debug) | 81 | if (arg_debug) |
77 | printf("Disable %s\n", name); | 82 | printf("Disable %s/pulse/native\n", name); |
78 | disable_file(name); | 83 | disable_file(name, "pulse/native"); |
79 | } | 84 | } |
85 | |||
80 | } | 86 | } |
81 | 87 | ||
82 | 88 | ||
@@ -109,7 +115,7 @@ void pulseaudio_init(void) { | |||
109 | FILE *fp = fopen(pulsecfg, "a+"); | 115 | FILE *fp = fopen(pulsecfg, "a+"); |
110 | if (!fp) | 116 | if (!fp) |
111 | errExit("fopen"); | 117 | errExit("fopen"); |
112 | fprintf(fp, "\nenable-shm = no\n"); | 118 | fprintf(fp, "%s", "\nenable-shm = no\n"); |
113 | fclose(fp); | 119 | fclose(fp); |
114 | if (chmod(pulsecfg, 0644) == -1) | 120 | if (chmod(pulsecfg, 0644) == -1) |
115 | errExit("chmod"); | 121 | errExit("chmod"); |