diff options
author | netblue30 <netblue30@yahoo.com> | 2015-10-12 10:47:46 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-10-12 10:47:46 -0400 |
commit | a756032f67c5f1f000c38dc6c6ae48b780f246e3 (patch) | |
tree | fed84e7ad89a77567bc019e0fc9f011ac5944a47 /src | |
parent | --nosound (diff) | |
download | firejail-a756032f67c5f1f000c38dc6c6ae48b780f246e3.tar.gz firejail-a756032f67c5f1f000c38dc6c6ae48b780f246e3.tar.zst firejail-a756032f67c5f1f000c38dc6c6ae48b780f246e3.zip |
--nosound option testing
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/pulseaudio.c | 18 | ||||
-rw-r--r-- | src/firejail/usage.c | 4 | ||||
-rw-r--r-- | src/man/firejail.txt | 11 |
3 files changed, 21 insertions, 12 deletions
diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c index 0b2918fc0..9291e65d1 100644 --- a/src/firejail/pulseaudio.c +++ b/src/firejail/pulseaudio.c | |||
@@ -34,6 +34,9 @@ static void disable_file(const char *path, const char *file) { | |||
34 | if (stat(fname, &s) == -1) | 34 | if (stat(fname, &s) == -1) |
35 | goto doexit; | 35 | goto doexit; |
36 | 36 | ||
37 | if (arg_debug) | ||
38 | printf("Disable%s\n", fname); | ||
39 | |||
37 | if (S_ISDIR(s.st_mode)) { | 40 | if (S_ISDIR(s.st_mode)) { |
38 | if (mount(RO_DIR, fname, "none", MS_BIND, "mode=400,gid=0") < 0) | 41 | if (mount(RO_DIR, fname, "none", MS_BIND, "mode=400,gid=0") < 0) |
39 | errExit("disable file"); | 42 | errExit("disable file"); |
@@ -49,9 +52,10 @@ doexit: | |||
49 | 52 | ||
50 | // disable pulseaudio socket | 53 | // disable pulseaudio socket |
51 | void pulseaudio_disable(void) { | 54 | void pulseaudio_disable(void) { |
52 | //************************************** | 55 | // blacklist user config directory |
56 | disable_file(cfg.homedir, ".config/pulse"); | ||
57 | |||
53 | // blacklist any pulse* file in /tmp directory | 58 | // blacklist any pulse* file in /tmp directory |
54 | //************************************** | ||
55 | DIR *dir; | 59 | DIR *dir; |
56 | if (!(dir = opendir("/tmp"))) { | 60 | if (!(dir = opendir("/tmp"))) { |
57 | // sleep 2 seconds and try again | 61 | // sleep 2 seconds and try again |
@@ -65,24 +69,16 @@ void pulseaudio_disable(void) { | |||
65 | struct dirent *entry; | 69 | struct dirent *entry; |
66 | while ((entry = readdir(dir))) { | 70 | while ((entry = readdir(dir))) { |
67 | if (strncmp(entry->d_name, "pulse-", 6) == 0) { | 71 | if (strncmp(entry->d_name, "pulse-", 6) == 0) { |
68 | if (arg_debug) | ||
69 | printf("Disable /tmp/%s\n", entry->d_name); | ||
70 | disable_file("/tmp", entry->d_name); | 72 | disable_file("/tmp", entry->d_name); |
71 | } | 73 | } |
72 | } | 74 | } |
73 | 75 | ||
74 | closedir(dir); | 76 | closedir(dir); |
75 | 77 | ||
76 | //************************************** | ||
77 | // blacklist XDG_RUNTIME_DIR | 78 | // blacklist XDG_RUNTIME_DIR |
78 | //************************************** | ||
79 | char *name = getenv("XDG_RUNTIME_DIR"); | 79 | char *name = getenv("XDG_RUNTIME_DIR"); |
80 | if (name) { | 80 | if (name) |
81 | if (arg_debug) | ||
82 | printf("Disable %s/pulse/native\n", name); | ||
83 | disable_file(name, "pulse/native"); | 81 | disable_file(name, "pulse/native"); |
84 | } | ||
85 | |||
86 | } | 82 | } |
87 | 83 | ||
88 | 84 | ||
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 93d79fd94..24969823f 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -151,7 +151,9 @@ void usage(void) { | |||
151 | printf("\t--noroot - install a user namespace with a single user - the current\n"); | 151 | printf("\t--noroot - install a user namespace with a single user - the current\n"); |
152 | printf("\t\tuser. root user does not exist in the new namespace. This option\n"); | 152 | printf("\t\tuser. root user does not exist in the new namespace. This option\n"); |
153 | printf("\t\tis not supported for --chroot and --overlay configurations.\n\n"); | 153 | printf("\t\tis not supported for --chroot and --overlay configurations.\n\n"); |
154 | 154 | ||
155 | printf("\t--nosound - disable sound system\n\n"); | ||
156 | |||
155 | printf("\t--output=logfile - stdout logging and log rotation. Copy stdout to\n"); | 157 | printf("\t--output=logfile - stdout logging and log rotation. Copy stdout to\n"); |
156 | printf("\t\tlogfile, and keep the size of the file under 500KB using log\n"); | 158 | printf("\t\tlogfile, and keep the size of the file under 500KB using log\n"); |
157 | printf("\t\trotation. Five files with prefixes .1 to .5 are used in\n"); | 159 | printf("\t\trotation. Five files with prefixes .1 to .5 are used in\n"); |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 00360e65b..cacd6abca 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -654,6 +654,17 @@ $ ping google.com | |||
654 | ping: icmp open socket: Operation not permitted | 654 | ping: icmp open socket: Operation not permitted |
655 | .br | 655 | .br |
656 | $ | 656 | $ |
657 | |||
658 | .TP | ||
659 | \fB\-\-nosound | ||
660 | Disable sound system. | ||
661 | .br | ||
662 | |||
663 | .br | ||
664 | Example: | ||
665 | .br | ||
666 | $ firejail \-\-nosound firefox | ||
667 | |||
657 | .TP | 668 | .TP |
658 | \fB\-\-output=logfile | 669 | \fB\-\-output=logfile |
659 | stdout logging and log rotation. Copy stdout to logfile, and keep the size of the file under 500KB using log | 670 | stdout logging and log rotation. Copy stdout to logfile, and keep the size of the file under 500KB using log |