diff options
| author |  netblue30 <netblue30@yahoo.com> | 2015-10-12 10:47:46 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2015-10-12 10:47:46 -0400 |
| commit | a756032f67c5f1f000c38dc6c6ae48b780f246e3 (patch) | |
| tree | fed84e7ad89a77567bc019e0fc9f011ac5944a47 | |
| parent | --nosound (diff) | |
| download | firejail-a756032f67c5f1f000c38dc6c6ae48b780f246e3.tar.gz firejail-a756032f67c5f1f000c38dc6c6ae48b780f246e3.tar.zst firejail-a756032f67c5f1f000c38dc6c6ae48b780f246e3.zip | |
--nosound option testing
| -rw-r--r-- | src/firejail/pulseaudio.c | 18 | ||||
| -rw-r--r-- | src/firejail/usage.c | 4 | ||||
| -rw-r--r-- | src/man/firejail.txt | 11 |
3 files changed, 21 insertions, 12 deletions
diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c index 0b2918fc0..9291e65d1 100644 --- a/src/firejail/pulseaudio.c +++ b/src/firejail/pulseaudio.c | |||
| @@ -34,6 +34,9 @@ static void disable_file(const char *path, const char *file) { | |||
| 34 | if (stat(fname, &s) == -1) | 34 | if (stat(fname, &s) == -1) |
| 35 | goto doexit; | 35 | goto doexit; |
| 36 | 36 | ||
| 37 | if (arg_debug) | ||
| 38 | printf("Disable%s\n", fname); | ||
| 39 | |||
| 37 | if (S_ISDIR(s.st_mode)) { | 40 | if (S_ISDIR(s.st_mode)) { |
| 38 | if (mount(RO_DIR, fname, "none", MS_BIND, "mode=400,gid=0") < 0) | 41 | if (mount(RO_DIR, fname, "none", MS_BIND, "mode=400,gid=0") < 0) |
| 39 | errExit("disable file"); | 42 | errExit("disable file"); |
| @@ -49,9 +52,10 @@ doexit: | |||
| 49 | 52 | ||
| 50 | // disable pulseaudio socket | 53 | // disable pulseaudio socket |
| 51 | void pulseaudio_disable(void) { | 54 | void pulseaudio_disable(void) { |
| 52 | //************************************** | 55 | // blacklist user config directory |
| 56 | disable_file(cfg.homedir, ".config/pulse"); | ||
| 57 | |||
| 53 | // blacklist any pulse* file in /tmp directory | 58 | // blacklist any pulse* file in /tmp directory |
| 54 | //************************************** | ||
| 55 | DIR *dir; | 59 | DIR *dir; |
| 56 | if (!(dir = opendir("/tmp"))) { | 60 | if (!(dir = opendir("/tmp"))) { |
| 57 | // sleep 2 seconds and try again | 61 | // sleep 2 seconds and try again |
| @@ -65,24 +69,16 @@ void pulseaudio_disable(void) { | |||
| 65 | struct dirent *entry; | 69 | struct dirent *entry; |
| 66 | while ((entry = readdir(dir))) { | 70 | while ((entry = readdir(dir))) { |
| 67 | if (strncmp(entry->d_name, "pulse-", 6) == 0) { | 71 | if (strncmp(entry->d_name, "pulse-", 6) == 0) { |
| 68 | if (arg_debug) | ||
| 69 | printf("Disable /tmp/%s\n", entry->d_name); | ||
| 70 | disable_file("/tmp", entry->d_name); | 72 | disable_file("/tmp", entry->d_name); |
| 71 | } | 73 | } |
| 72 | } | 74 | } |
| 73 | 75 | ||
| 74 | closedir(dir); | 76 | closedir(dir); |
| 75 | 77 | ||
| 76 | //************************************** | ||
| 77 | // blacklist XDG_RUNTIME_DIR | 78 | // blacklist XDG_RUNTIME_DIR |
| 78 | //************************************** | ||
| 79 | char *name = getenv("XDG_RUNTIME_DIR"); | 79 | char *name = getenv("XDG_RUNTIME_DIR"); |
| 80 | if (name) { | 80 | if (name) |
| 81 | if (arg_debug) | ||
| 82 | printf("Disable %s/pulse/native\n", name); | ||
| 83 | disable_file(name, "pulse/native"); | 81 | disable_file(name, "pulse/native"); |
| 84 | } | ||
| 85 | |||
| 86 | } | 82 | } |
| 87 | 83 | ||
| 88 | 84 | ||
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 93d79fd94..24969823f 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
| @@ -151,7 +151,9 @@ void usage(void) { | |||
| 151 | printf("\t--noroot - install a user namespace with a single user - the current\n"); | 151 | printf("\t--noroot - install a user namespace with a single user - the current\n"); |
| 152 | printf("\t\tuser. root user does not exist in the new namespace. This option\n"); | 152 | printf("\t\tuser. root user does not exist in the new namespace. This option\n"); |
| 153 | printf("\t\tis not supported for --chroot and --overlay configurations.\n\n"); | 153 | printf("\t\tis not supported for --chroot and --overlay configurations.\n\n"); |
| 154 | 154 | ||
| 155 | printf("\t--nosound - disable sound system\n\n"); | ||
| 156 | |||
| 155 | printf("\t--output=logfile - stdout logging and log rotation. Copy stdout to\n"); | 157 | printf("\t--output=logfile - stdout logging and log rotation. Copy stdout to\n"); |
| 156 | printf("\t\tlogfile, and keep the size of the file under 500KB using log\n"); | 158 | printf("\t\tlogfile, and keep the size of the file under 500KB using log\n"); |
| 157 | printf("\t\trotation. Five files with prefixes .1 to .5 are used in\n"); | 159 | printf("\t\trotation. Five files with prefixes .1 to .5 are used in\n"); |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 00360e65b..cacd6abca 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
| @@ -654,6 +654,17 @@ $ ping google.com | |||
| 654 | ping: icmp open socket: Operation not permitted | 654 | ping: icmp open socket: Operation not permitted |
| 655 | .br | 655 | .br |
| 656 | $ | 656 | $ |
| 657 | |||
| 658 | .TP | ||
| 659 | \fB\-\-nosound | ||
| 660 | Disable sound system. | ||
| 661 | .br | ||
| 662 | |||
| 663 | .br | ||
| 664 | Example: | ||
| 665 | .br | ||
| 666 | $ firejail \-\-nosound firefox | ||
| 667 | |||
| 657 | .TP | 668 | .TP |
| 658 | \fB\-\-output=logfile | 669 | \fB\-\-output=logfile |
| 659 | stdout logging and log rotation. Copy stdout to logfile, and keep the size of the file under 500KB using log | 670 | stdout logging and log rotation. Copy stdout to logfile, and keep the size of the file under 500KB using log |