aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@protonmail.com>2022-04-25 15:35:40 -0400
committerLibravatar GitHub <noreply@github.com>2022-04-25 15:35:40 -0400
commitf35ac464dbb3bcbe7df5f6513bdf723b3f034274 (patch)
treef58c1f3ea0e6b9aeea7cf8e1bc7f049afa9462f9
parentMerge branch 'master' of ssh://github.com/netblue30/firejail (diff)
parentStop warning on safe supplementary group clean (diff)
downloadfirejail-f35ac464dbb3bcbe7df5f6513bdf723b3f034274.tar.gz
firejail-f35ac464dbb3bcbe7df5f6513bdf723b3f034274.tar.zst
firejail-f35ac464dbb3bcbe7df5f6513bdf723b3f034274.zip
Merge pull request #5114 from kmk3/stop-warn-group-clean
Stop warning on safe supplementary group clean
Diffstat
-rw-r--r--src/firejail/util.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/src/firejail/util.c b/src/firejail/util.c
index 109105630..eb7f05624 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -173,13 +173,19 @@ static void clean_supplementary_groups(gid_t gid) {
173 assert(cfg.username); 173 assert(cfg.username);
174 gid_t groups[MAX_GROUPS]; 174 gid_t groups[MAX_GROUPS];
175 int ngroups = MAX_GROUPS; 175 int ngroups = MAX_GROUPS;
176
177 if (arg_nogroups && check_can_drop_all_groups()) {
178 if (setgroups(0, NULL) < 0)
179 errExit("setgroups");
180 if (arg_debug)
181 printf("No supplementary groups\n");
182 return;
183 }
184
176 int rv = getgrouplist(cfg.username, gid, groups, &ngroups); 185 int rv = getgrouplist(cfg.username, gid, groups, &ngroups);
177 if (rv == -1) 186 if (rv == -1)
178 goto clean_all; 187 goto clean_all;
179 188
180 if (arg_nogroups && check_can_drop_all_groups())
181 goto clean_all;
182
183 // clean supplementary group list 189 // clean supplementary group list
184 gid_t new_groups[MAX_GROUPS]; 190 gid_t new_groups[MAX_GROUPS];
185 int new_ngroups = 0; 191 int new_ngroups = 0;
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-30 00:02:06 +0000