util.c: Rename nogroups to force_nogroups on drop_privs

To not be confused with arg_nogroups, as in the vast majority of cases drop_privs is called with either 0 or 1 rather than arg_nogroups. The rename makes it clearer that what the parameter does is to drop all groups without exception, unlike arg_nogroups, which may have certain groups be kept.
author: Kelvin M. Klann <kmk3.code@protonmail.com> 2021-11-30 19:45:07 -0300
committer: Kelvin M. Klann <kmk3.code@protonmail.com> 2021-12-01 15:55:28 -0300
commit: 28d3091620602d789a4782ce2715f1e4e539e5a8 (patch)
tree: 4ece333df51797790e4b3b8e899675ec3c62e2d8
parent: Merge pull request #4727 from glitsj16/electron (diff)
download: firejail-28d3091620602d789a4782ce2715f1e4e539e5a8.tar.gz
firejail-28d3091620602d789a4782ce2715f1e4e539e5a8.tar.zst
firejail-28d3091620602d789a4782ce2715f1e4e539e5a8.zip
2 files changed, 6 insertions, 5 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index a7673ae20..bbc496afc 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -506,7 +506,7 @@ void errLogExit(char* fmt, ...) __attribute__((noreturn));
 void fwarning(char* fmt, ...);
 void fmessage(char* fmt, ...);
 long long unsigned parse_arg_size(char *str);
-void drop_privs(int nogroups);
+void drop_privs(int force_nogroups);
 int mkpath_as_root(const char* path);
 void extract_command_name(int index, char **argv);
 void logsignal(int s);
diff --git a/src/firejail/util.c b/src/firejail/util.c
index 97afe9649..55df44414 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -215,15 +215,16 @@ clean_all:
 // drop privileges
-// - for root group or if nogroups is set, supplementary groups are not configured
+// - for root group or if force_nogroups is set, supplementary groups are not configured
-void drop_privs(int nogroups) {
+void drop_privs(int force_nogroups) {
        gid_t gid = getgid();
        if (arg_debug)
-                printf("Drop privileges: pid %d, uid %d, gid %d, nogroups %d\n",  getpid(), getuid(), gid, nogroups);
+                printf("Drop privileges: pid %d, uid %d, gid %d, force_nogroups %d\n",
+                       getpid(), getuid(), gid, force_nogroups);
        // configure supplementary groups
        EUID_ROOT();
-        if (gid == 0 || nogroups) {
+        if (gid == 0 || force_nogroups) {
                if (setgroups(0, NULL) < 0)
                        errExit("setgroups");
                if (arg_debug)
author	Kelvin M. Klann <kmk3.code@protonmail.com>	2021-11-30 19:45:07 -0300
committer	Kelvin M. Klann <kmk3.code@protonmail.com>	2021-12-01 15:55:28 -0300
commit	28d3091620602d789a4782ce2715f1e4e539e5a8 (patch)
tree	4ece333df51797790e4b3b8e899675ec3c62e2d8
parent	Merge pull request #4727 from glitsj16/electron (diff)
download	firejail-28d3091620602d789a4782ce2715f1e4e539e5a8.tar.gz firejail-28d3091620602d789a4782ce2715f1e4e539e5a8.tar.zst firejail-28d3091620602d789a4782ce2715f1e4e539e5a8.zip