diff options
| author |  startx2017 <vradu.startx@yandex.com> | 2018-03-26 10:37:02 -0400 |
|---|---|---|
| committer | startx2017 <vradu.startx@yandex.com> | 2018-03-26 10:37:02 -0400 |
| commit | ae008e5fa9e8a901fbf255664f3de775415a39a3 (patch) | |
| tree | 6a9288e88ada7d9097b292d84422e8ced69d9ec3 /src/firejail/pulseaudio.c | |
| parent | Add atril thumbnailer and previewer profiles (diff) | |
| download | firejail-ae008e5fa9e8a901fbf255664f3de775415a39a3.tar.gz firejail-ae008e5fa9e8a901fbf255664f3de775415a39a3.tar.zst firejail-ae008e5fa9e8a901fbf255664f3de775415a39a3.zip | |
--nodbus, first draft for #1825
Diffstat (limited to 'src/firejail/pulseaudio.c')
| -rw-r--r-- | src/firejail/pulseaudio.c | 37 |
1 files changed, 4 insertions, 33 deletions
diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c index ef674fb4a..9109a6865 100644 --- a/src/firejail/pulseaudio.c +++ b/src/firejail/pulseaudio.c | |||
| @@ -24,52 +24,24 @@ | |||
| 24 | #include <dirent.h> | 24 | #include <dirent.h> |
| 25 | #include <sys/wait.h> | 25 | #include <sys/wait.h> |
| 26 | 26 | ||
| 27 | static void disable_file(const char *path, const char *file) { | ||
| 28 | assert(file); | ||
| 29 | assert(path); | ||
| 30 | |||
| 31 | struct stat s; | ||
| 32 | char *fname; | ||
| 33 | if (asprintf(&fname, "%s/%s", path, file) == -1) | ||
| 34 | errExit("asprintf"); | ||
| 35 | if (stat(fname, &s) == -1) | ||
| 36 | goto doexit; | ||
| 37 | |||
| 38 | if (arg_debug) | ||
| 39 | printf("Disable%s\n", fname); | ||
| 40 | |||
| 41 | if (S_ISDIR(s.st_mode)) { | ||
| 42 | if (mount(RUN_RO_DIR, fname, "none", MS_BIND, "mode=400,gid=0") < 0) | ||
| 43 | errExit("disable file"); | ||
| 44 | } | ||
| 45 | else { | ||
| 46 | if (mount(RUN_RO_FILE, fname, "none", MS_BIND, "mode=400,gid=0") < 0) | ||
| 47 | errExit("disable file"); | ||
| 48 | } | ||
| 49 | fs_logger2("blacklist", fname); | ||
| 50 | |||
| 51 | doexit: | ||
| 52 | free(fname); | ||
| 53 | } | ||
| 54 | |||
| 55 | // disable pulseaudio socket | 27 | // disable pulseaudio socket |
| 56 | void pulseaudio_disable(void) { | 28 | void pulseaudio_disable(void) { |
| 57 | if (arg_debug) | 29 | if (arg_debug) |
| 58 | printf("disable pulseaudio\n"); | 30 | printf("disable pulseaudio\n"); |
| 59 | // blacklist user config directory | 31 | // blacklist user config directory |
| 60 | disable_file(cfg.homedir, ".config/pulse"); | 32 | disable_file_path(cfg.homedir, ".config/pulse"); |
| 61 | 33 | ||
| 62 | 34 | ||
| 63 | // blacklist pulseaudio socket in XDG_RUNTIME_DIR | 35 | // blacklist pulseaudio socket in XDG_RUNTIME_DIR |
| 64 | char *name = getenv("XDG_RUNTIME_DIR"); | 36 | char *name = getenv("XDG_RUNTIME_DIR"); |
| 65 | if (name) | 37 | if (name) |
| 66 | disable_file(name, "pulse/native"); | 38 | disable_file_path(name, "pulse/native"); |
| 67 | 39 | ||
| 68 | // try the default location anyway | 40 | // try the default location anyway |
| 69 | char *path; | 41 | char *path; |
| 70 | if (asprintf(&path, "/run/user/%d", getuid()) == -1) | 42 | if (asprintf(&path, "/run/user/%d", getuid()) == -1) |
| 71 | errExit("asprintf"); | 43 | errExit("asprintf"); |
| 72 | disable_file(path, "pulse/native"); | 44 | disable_file_path(path, "pulse/native"); |
| 73 | free(path); | 45 | free(path); |
| 74 | 46 | ||
| 75 | 47 | ||
| @@ -87,12 +59,11 @@ void pulseaudio_disable(void) { | |||
| 87 | struct dirent *entry; | 59 | struct dirent *entry; |
| 88 | while ((entry = readdir(dir))) { | 60 | while ((entry = readdir(dir))) { |
| 89 | if (strncmp(entry->d_name, "pulse-", 6) == 0) { | 61 | if (strncmp(entry->d_name, "pulse-", 6) == 0) { |
| 90 | disable_file("/tmp", entry->d_name); | 62 | disable_file_path("/tmp", entry->d_name); |
| 91 | } | 63 | } |
| 92 | } | 64 | } |
| 93 | 65 | ||
| 94 | closedir(dir); | 66 | closedir(dir); |
| 95 | |||
| 96 | } | 67 | } |
| 97 | 68 | ||
| 98 | 69 | ||