Keep vglusers group unless no3d is used (virtualgl) - firejail - Mirror of https://github.com/netblue30/firejail

diff options

author	Kelvin M. Klann <kmk3.code@protonmail.com>	2022-01-07 12:36:01 -0300
committer	Kelvin M. Klann <kmk3.code@protonmail.com>	2022-01-12 20:01:10 -0300
commit	f3293866936b725d1fe4786efe1774ec5ae22d9c (patch)
tree	f869a72749ac446a491fbb77d118fc8c7f990ec1 /src/fnettrace/hostnames.c
parent	refactor closing of file descriptors (diff)
download	firejail-f3293866936b725d1fe4786efe1774ec5ae22d9c.tar.gz firejail-f3293866936b725d1fe4786efe1774ec5ae22d9c.tar.zst firejail-f3293866936b725d1fe4786efe1774ec5ae22d9c.zip

Keep vglusers group unless no3d is used (virtualgl)

virtualgl[1] runs `chown root:vglusers` on `/dev/nvidia*` and on devices usually owned by the "render" group[2]. This makes them unavailable in the sandbox if `noroot` (which causes groups to be dropped) is used. Since firejail classifies all of the aforementioned devices as being `DEV_3D` on fs_dev.c (which means that they are controlled by `no3d`), treat the "vglusers" group the same as the "render" group (by always keeping "vglusers" unless `no3d` is used). See the discussion on #2042 (from this comment[3] onwards). [1] https://virtualgl.org [2] https://github.com/VirtualGL/virtualgl/blob/6f0b90be02d13171dfdfffb112485f4091a5904f/server/vglserver_config#L393 [3] https://github.com/netblue30/firejail/issues/2042#issuecomment-1007468715 Reported-by: @JCallicoat

Diffstat (limited to 'src/fnettrace/hostnames.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: