diff options
author | smitsohu <smitsohu@gmail.com> | 2020-12-21 01:23:41 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2020-12-21 01:23:41 +0100 |
commit | a7607e423f3336f67daf2ec296414d55c6740f84 (patch) | |
tree | b499ca84067e892792434e1500e9173d64a423ec | |
parent | declare seccomp_debug function static (diff) | |
download | firejail-a7607e423f3336f67daf2ec296414d55c6740f84.tar.gz firejail-a7607e423f3336f67daf2ec296414d55c6740f84.tar.zst firejail-a7607e423f3336f67daf2ec296414d55c6740f84.zip |
noroot option: don't drop firejail supplementary group
see suggested setup in man 5 firejail-users
also related to issue #3604
-rw-r--r-- | src/firejail/util.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/firejail/util.c b/src/firejail/util.c index e8b35a64b..6cc1bc720 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -75,10 +75,11 @@ static void clean_supplementary_groups(gid_t gid) { | |||
75 | goto clean_all; | 75 | goto clean_all; |
76 | 76 | ||
77 | // clean supplementary group list | 77 | // clean supplementary group list |
78 | // allow only tty, audio, video, games | 78 | // allow only firejail, tty, audio, video, games |
79 | gid_t new_groups[MAX_GROUPS]; | 79 | gid_t new_groups[MAX_GROUPS]; |
80 | int new_ngroups = 0; | 80 | int new_ngroups = 0; |
81 | char *allowed[] = { | 81 | char *allowed[] = { |
82 | "firejail", | ||
82 | "tty", | 83 | "tty", |
83 | "audio", | 84 | "audio", |
84 | "video", | 85 | "video", |