diff options
| author |  Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-09-06 19:53:01 -0300 |
|---|---|---|
| committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-09-20 12:23:31 -0300 |
| commit | 0091caf80c7bb024facf406d229c82b505e5d28a (patch) | |
| tree | af60f9ab8ffb3395e667bcbcc926e2c079366008 | |
| parent | VSCodium: Fix developing Arduino (#5991) (diff) | |
| download | firejail-0091caf80c7bb024facf406d229c82b505e5d28a.tar.gz firejail-0091caf80c7bb024facf406d229c82b505e5d28a.tar.zst firejail-0091caf80c7bb024facf406d229c82b505e5d28a.zip | |
modif: keep pipewire group unless nosound is used
This group is apparently used on Gentoo[1].
Currently only the "audio" supplementary group is kept.
Fixes #5992.
See also commit f32938669 ("Keep vglusers group unless no3d is used
(virtualgl)", 2022-01-07) / PR #4851.
[1] https://wiki.gentoo.org/wiki/PipeWire
Reported-by: @amano-kenji
| -rw-r--r-- | RELNOTES | 1 | ||||
| -rw-r--r-- | src/firejail/main.c | 7 | ||||
| -rw-r--r-- | src/firejail/util.c | 2 |
3 files changed, 9 insertions, 1 deletions
| @@ -21,6 +21,7 @@ firejail (0.9.73) baseline; urgency=low | |||
| 21 | * modif: Improve --version/--help & print version on startup (#5829) | 21 | * modif: Improve --version/--help & print version on startup (#5829) |
| 22 | * modif: improve errExit error messages (#5871) | 22 | * modif: improve errExit error messages (#5871) |
| 23 | * modif: drop deprecated 'shell' option references (#5894) | 23 | * modif: drop deprecated 'shell' option references (#5894) |
| 24 | * modif: keep pipewire group unless nosound is used (#5992 #5993) | ||
| 24 | * bugfix: qutebrowser: links will not open in the existing instance (#5601 | 25 | * bugfix: qutebrowser: links will not open in the existing instance (#5601 |
| 25 | #5618) | 26 | #5618) |
| 26 | * bugfix: fix --hostname and --hosts-file commands | 27 | * bugfix: fix --hostname and --hosts-file commands |
diff --git a/src/firejail/main.c b/src/firejail/main.c index b0d5dac17..e3dab561c 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -3217,13 +3217,18 @@ int main(int argc, char **argv, char **envp) { | |||
| 3217 | 3217 | ||
| 3218 | gid_t g; | 3218 | gid_t g; |
| 3219 | if (!arg_nogroups || !check_can_drop_all_groups()) { | 3219 | if (!arg_nogroups || !check_can_drop_all_groups()) { |
| 3220 | // add audio group | 3220 | // add audio groups |
| 3221 | if (!arg_nosound) { | 3221 | if (!arg_nosound) { |
| 3222 | g = get_group_id("audio"); | 3222 | g = get_group_id("audio"); |
| 3223 | if (g) { | 3223 | if (g) { |
| 3224 | sprintf(ptr, "%d %d 1\n", g, g); | 3224 | sprintf(ptr, "%d %d 1\n", g, g); |
| 3225 | ptr += strlen(ptr); | 3225 | ptr += strlen(ptr); |
| 3226 | } | 3226 | } |
| 3227 | g = get_group_id("pipewire"); | ||
| 3228 | if (g) { | ||
| 3229 | sprintf(ptr, "%d %d 1\n", g, g); | ||
| 3230 | ptr += strlen(ptr); | ||
| 3231 | } | ||
| 3227 | } | 3232 | } |
| 3228 | 3233 | ||
| 3229 | // add video group | 3234 | // add video group |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 970832b38..bd32181b5 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
| @@ -207,6 +207,8 @@ static void clean_supplementary_groups(gid_t gid) { | |||
| 207 | if (!arg_nosound) { | 207 | if (!arg_nosound) { |
| 208 | copy_group_ifcont("audio", groups, ngroups, | 208 | copy_group_ifcont("audio", groups, ngroups, |
| 209 | new_groups, &new_ngroups, MAX_GROUPS); | 209 | new_groups, &new_ngroups, MAX_GROUPS); |
| 210 | copy_group_ifcont("pipewire", groups, ngroups, | ||
| 211 | new_groups, &new_ngroups, MAX_GROUPS); | ||
| 210 | } | 212 | } |
| 211 | 213 | ||
| 212 | if (!arg_novideo) { | 214 | if (!arg_novideo) { |