diff options
author | startx2017 <vradu.startx@yandex.com> | 2018-03-26 10:37:02 -0400 |
---|---|---|
committer | startx2017 <vradu.startx@yandex.com> | 2018-03-26 10:37:02 -0400 |
commit | ae008e5fa9e8a901fbf255664f3de775415a39a3 (patch) | |
tree | 6a9288e88ada7d9097b292d84422e8ced69d9ec3 /src/firejail/pulseaudio.c | |
parent | Add atril thumbnailer and previewer profiles (diff) | |
download | firejail-ae008e5fa9e8a901fbf255664f3de775415a39a3.tar.gz firejail-ae008e5fa9e8a901fbf255664f3de775415a39a3.tar.zst firejail-ae008e5fa9e8a901fbf255664f3de775415a39a3.zip |
--nodbus, first draft for #1825
Diffstat (limited to 'src/firejail/pulseaudio.c')
-rw-r--r-- | src/firejail/pulseaudio.c | 37 |
1 files changed, 4 insertions, 33 deletions
diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c index ef674fb4a..9109a6865 100644 --- a/src/firejail/pulseaudio.c +++ b/src/firejail/pulseaudio.c | |||
@@ -24,52 +24,24 @@ | |||
24 | #include <dirent.h> | 24 | #include <dirent.h> |
25 | #include <sys/wait.h> | 25 | #include <sys/wait.h> |
26 | 26 | ||
27 | static void disable_file(const char *path, const char *file) { | ||
28 | assert(file); | ||
29 | assert(path); | ||
30 | |||
31 | struct stat s; | ||
32 | char *fname; | ||
33 | if (asprintf(&fname, "%s/%s", path, file) == -1) | ||
34 | errExit("asprintf"); | ||
35 | if (stat(fname, &s) == -1) | ||
36 | goto doexit; | ||
37 | |||
38 | if (arg_debug) | ||
39 | printf("Disable%s\n", fname); | ||
40 | |||
41 | if (S_ISDIR(s.st_mode)) { | ||
42 | if (mount(RUN_RO_DIR, fname, "none", MS_BIND, "mode=400,gid=0") < 0) | ||
43 | errExit("disable file"); | ||
44 | } | ||
45 | else { | ||
46 | if (mount(RUN_RO_FILE, fname, "none", MS_BIND, "mode=400,gid=0") < 0) | ||
47 | errExit("disable file"); | ||
48 | } | ||
49 | fs_logger2("blacklist", fname); | ||
50 | |||
51 | doexit: | ||
52 | free(fname); | ||
53 | } | ||
54 | |||
55 | // disable pulseaudio socket | 27 | // disable pulseaudio socket |
56 | void pulseaudio_disable(void) { | 28 | void pulseaudio_disable(void) { |
57 | if (arg_debug) | 29 | if (arg_debug) |
58 | printf("disable pulseaudio\n"); | 30 | printf("disable pulseaudio\n"); |
59 | // blacklist user config directory | 31 | // blacklist user config directory |
60 | disable_file(cfg.homedir, ".config/pulse"); | 32 | disable_file_path(cfg.homedir, ".config/pulse"); |
61 | 33 | ||
62 | 34 | ||
63 | // blacklist pulseaudio socket in XDG_RUNTIME_DIR | 35 | // blacklist pulseaudio socket in XDG_RUNTIME_DIR |
64 | char *name = getenv("XDG_RUNTIME_DIR"); | 36 | char *name = getenv("XDG_RUNTIME_DIR"); |
65 | if (name) | 37 | if (name) |
66 | disable_file(name, "pulse/native"); | 38 | disable_file_path(name, "pulse/native"); |
67 | 39 | ||
68 | // try the default location anyway | 40 | // try the default location anyway |
69 | char *path; | 41 | char *path; |
70 | if (asprintf(&path, "/run/user/%d", getuid()) == -1) | 42 | if (asprintf(&path, "/run/user/%d", getuid()) == -1) |
71 | errExit("asprintf"); | 43 | errExit("asprintf"); |
72 | disable_file(path, "pulse/native"); | 44 | disable_file_path(path, "pulse/native"); |
73 | free(path); | 45 | free(path); |
74 | 46 | ||
75 | 47 | ||
@@ -87,12 +59,11 @@ void pulseaudio_disable(void) { | |||
87 | struct dirent *entry; | 59 | struct dirent *entry; |
88 | while ((entry = readdir(dir))) { | 60 | while ((entry = readdir(dir))) { |
89 | if (strncmp(entry->d_name, "pulse-", 6) == 0) { | 61 | if (strncmp(entry->d_name, "pulse-", 6) == 0) { |
90 | disable_file("/tmp", entry->d_name); | 62 | disable_file_path("/tmp", entry->d_name); |
91 | } | 63 | } |
92 | } | 64 | } |
93 | 65 | ||
94 | closedir(dir); | 66 | closedir(dir); |
95 | |||
96 | } | 67 | } |
97 | 68 | ||
98 | 69 | ||