allow PulseAudio sockets in --private-tmp

author: netblue30 <netblue30@yahoo.com> 2017-04-30 11:51:30 -0400
committer: netblue30 <netblue30@yahoo.com> 2017-04-30 11:51:30 -0400
commit: a2e9b0709309f81050cbba8dd8e9b970fd361e91 (patch)
tree: bf33918d801f8d2bddaf778994863d9f10b4821a /src/firejail/sandbox.c
parent: Added galculator profile (diff)
download: firejail-a2e9b0709309f81050cbba8dd8e9b970fd361e91.tar.gz
firejail-a2e9b0709309f81050cbba8dd8e9b970fd361e91.tar.zst
firejail-a2e9b0709309f81050cbba8dd8e9b970fd361e91.zip
1 files changed, 1 insertions, 15 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 35ca4ff2d..e6deddac5 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -741,21 +741,7 @@ int sandbox(void* sandbox_arg) {
                else {
                        // private-tmp is implemented as a whitelist
                        EUID_USER();
-                        // check XAUTHORITY file, KDE keeps it under /tmp
+                        fs_private_tmp();
-                        char *xauth = getenv("XAUTHORITY");
-                        if (xauth) {
-                                char *rp = realpath(xauth, NULL);
-                                if (rp && strncmp(rp, "/tmp/", 5) == 0) {
-                                        char *cmd;
-                                        if (asprintf(&cmd, "whitelist %s", rp) == -1)
-                                                errExit("asprintf");
-                                        profile_add(cmd); // profile_add does not duplicate the string
-                                }
-                                if (rp)
-                                        free(rp);
-                        }
-                        // whitelist x11 directory
-                        profile_add("whitelist /tmp/.X11-unix");
                        EUID_ROOT();
                }
        }
author	netblue30 <netblue30@yahoo.com>	2017-04-30 11:51:30 -0400
committer	netblue30 <netblue30@yahoo.com>	2017-04-30 11:51:30 -0400
commit	a2e9b0709309f81050cbba8dd8e9b970fd361e91 (patch)
tree	bf33918d801f8d2bddaf778994863d9f10b4821a /src/firejail/sandbox.c
parent	Added galculator profile (diff)
download	firejail-a2e9b0709309f81050cbba8dd8e9b970fd361e91.tar.gz firejail-a2e9b0709309f81050cbba8dd8e9b970fd361e91.tar.zst firejail-a2e9b0709309f81050cbba8dd8e9b970fd361e91.zip

diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 35ca4ff2d..e6deddac5 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c
@@ -741,21 +741,7 @@ int sandbox(void* sandbox_arg) {
741	else {	741	else {
742	// private-tmp is implemented as a whitelist	742	// private-tmp is implemented as a whitelist
743	EUID_USER();	743	EUID_USER();
744	// check XAUTHORITY file, KDE keeps it under /tmp	744	fs_private_tmp();
745	char *xauth = getenv("XAUTHORITY");
746	if (xauth) {
747	char *rp = realpath(xauth, NULL);
748	if (rp && strncmp(rp, "/tmp/", 5) == 0) {
749	char *cmd;
750	if (asprintf(&cmd, "whitelist %s", rp) == -1)
751	errExit("asprintf");
752	profile_add(cmd); // profile_add does not duplicate the string
753	}
754	if (rp)
755	free(rp);
756	}
757	// whitelist x11 directory
758	profile_add("whitelist /tmp/.X11-unix");
759	EUID_ROOT();	745	EUID_ROOT();
760	}	746	}
761	}	747	}