diff options
author | netblue30 <netblue30@yahoo.com> | 2017-04-30 11:51:30 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-04-30 11:51:30 -0400 |
commit | a2e9b0709309f81050cbba8dd8e9b970fd361e91 (patch) | |
tree | bf33918d801f8d2bddaf778994863d9f10b4821a /src/firejail/sandbox.c | |
parent | Added galculator profile (diff) | |
download | firejail-a2e9b0709309f81050cbba8dd8e9b970fd361e91.tar.gz firejail-a2e9b0709309f81050cbba8dd8e9b970fd361e91.tar.zst firejail-a2e9b0709309f81050cbba8dd8e9b970fd361e91.zip |
allow PulseAudio sockets in --private-tmp
Diffstat (limited to 'src/firejail/sandbox.c')
-rw-r--r-- | src/firejail/sandbox.c | 16 |
1 files changed, 1 insertions, 15 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 35ca4ff2d..e6deddac5 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -741,21 +741,7 @@ int sandbox(void* sandbox_arg) { | |||
741 | else { | 741 | else { |
742 | // private-tmp is implemented as a whitelist | 742 | // private-tmp is implemented as a whitelist |
743 | EUID_USER(); | 743 | EUID_USER(); |
744 | // check XAUTHORITY file, KDE keeps it under /tmp | 744 | fs_private_tmp(); |
745 | char *xauth = getenv("XAUTHORITY"); | ||
746 | if (xauth) { | ||
747 | char *rp = realpath(xauth, NULL); | ||
748 | if (rp && strncmp(rp, "/tmp/", 5) == 0) { | ||
749 | char *cmd; | ||
750 | if (asprintf(&cmd, "whitelist %s", rp) == -1) | ||
751 | errExit("asprintf"); | ||
752 | profile_add(cmd); // profile_add does not duplicate the string | ||
753 | } | ||
754 | if (rp) | ||
755 | free(rp); | ||
756 | } | ||
757 | // whitelist x11 directory | ||
758 | profile_add("whitelist /tmp/.X11-unix"); | ||
759 | EUID_ROOT(); | 745 | EUID_ROOT(); |
760 | } | 746 | } |
761 | } | 747 | } |