nosound support in profile files

author: netblue30 <netblue30@yahoo.com> 2016-03-11 08:07:20 -0500
committer: netblue30 <netblue30@yahoo.com> 2016-03-11 08:07:20 -0500
commit: 0e88d053e806b2f2b5589f92683e6ad5f934b09d (patch)
tree: ca1af3bbda0d6486519ef344adf80779152b0409 /src
parent: file transfer options (diff)
download: firejail-0e88d053e806b2f2b5589f92683e6ad5f934b09d.tar.gz
firejail-0e88d053e806b2f2b5589f92683e6ad5f934b09d.tar.zst
firejail-0e88d053e806b2f2b5589f92683e6ad5f934b09d.zip
2 files changed, 17 insertions, 14 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 28df9f03e..461bcb941 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -163,6 +163,11 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                arg_nogroups = 1;
                return 0;
        }
+        else if (strcmp(ptr, "nosound") == 0) {
+                arg_nosound = 1;
+                arg_private_dev = 1;
+                return 0;
+        }
        else if (strcmp(ptr, "netfilter") == 0) {
 #ifdef HAVE_NETWORK
                arg_netfilter = 1;
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 8897efc09..c5de79118 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -223,9 +223,13 @@ Enable seccomp filter and whitelist the system calls in the list.
 Use this command  to enable an user namespace. The namespace has only one user, the current user.
 There is no root account (uid 0) defined in the namespace.
-.SH Resource limits
+.SH Resource limits, CPU affinity, Control Groups
 These profile entries define the limits on system resources (rlimits) for the processes inside the sandbox.
-The limits can be modified inside the sandbox using the regular \fBulimit\fR command. Example:
+The limits can be modified inside the sandbox using the regular \fBulimit\fR command. \fBcpu\fR command
+configures the CPU cores available, and \fBcgroup\fR command
+place the sandbox in an existing control group.
+Examples:
 .TP
 \fBrlimit-fsize 1024
@@ -239,23 +243,14 @@ Set the maximum number of files that can be opened by a process to 500.
 .TP
 \fBrlimit-sigpending 200
 Set the maximum number of processes that can be created for the real user ID of the calling process to 200.
-.SH CPU Affinity
-Set the CPU cores available for this sandbox using \fBcpu\fR command. Examples:
 .TP
-cpu 1,2,3
+\fBcpu 1,2,3
 Use only CPU cores 0, 1 and 2.
 .TP
-nice -5
+\fBnice -5
 Set a nice value of -5 to all processes running inside the sandbox.
-.SH Control Groups
-Place the sandbox in an existing control group specified by the full path of the task file using \fBcgroup\fR. Example:
 .TP
-cgroup /sys/fs/cgroup/g1/tasks
+\fBcgroup /sys/fs/cgroup/g1/tasks
 The sandbox is placed in g1 control group.
 .SH User Environment
@@ -286,6 +281,9 @@ Run the program directly, without a shell.
 .TP
 \fBipc-namespace
 Enable IPC namespace.
+.TP
+\fBnosound
+Disable sound system.
 .SH Networking
 Networking features available in profile files.
author	netblue30 <netblue30@yahoo.com>	2016-03-11 08:07:20 -0500
committer	netblue30 <netblue30@yahoo.com>	2016-03-11 08:07:20 -0500
commit	0e88d053e806b2f2b5589f92683e6ad5f934b09d (patch)
tree	ca1af3bbda0d6486519ef344adf80779152b0409 /src
parent	file transfer options (diff)
download	firejail-0e88d053e806b2f2b5589f92683e6ad5f934b09d.tar.gz firejail-0e88d053e806b2f2b5589f92683e6ad5f934b09d.tar.zst firejail-0e88d053e806b2f2b5589f92683e6ad5f934b09d.zip

diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 28df9f03e..461bcb941 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c
@@ -163,6 +163,11 @@ int profile_check_line(char ptr, int lineno, const char fname) {
163	arg_nogroups = 1;	163	arg_nogroups = 1;
164	return 0;	164	return 0;
165	}	165	}
		166	else if (strcmp(ptr, "nosound") == 0) {
		167	arg_nosound = 1;
		168	arg_private_dev = 1;
		169	return 0;
		170	}
166	else if (strcmp(ptr, "netfilter") == 0) {	171	else if (strcmp(ptr, "netfilter") == 0) {
167	#ifdef HAVE_NETWORK	172	#ifdef HAVE_NETWORK
168	arg_netfilter = 1;	173	arg_netfilter = 1;


diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 8897efc09..c5de79118 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt
@@ -223,9 +223,13 @@ Enable seccomp filter and whitelist the system calls in the list.
223	Use this command to enable an user namespace. The namespace has only one user, the current user.	223	Use this command to enable an user namespace. The namespace has only one user, the current user.
224	There is no root account (uid 0) defined in the namespace.	224	There is no root account (uid 0) defined in the namespace.
225		225
226	.SH Resource limits	226	.SH Resource limits, CPU affinity, Control Groups
227	These profile entries define the limits on system resources (rlimits) for the processes inside the sandbox.	227	These profile entries define the limits on system resources (rlimits) for the processes inside the sandbox.
228	The limits can be modified inside the sandbox using the regular \fBulimit\fR command. Example:	228	The limits can be modified inside the sandbox using the regular \fBulimit\fR command. \fBcpu\fR command
		229	configures the CPU cores available, and \fBcgroup\fR command
		230	place the sandbox in an existing control group.
		231
		232	Examples:
229		233
230	.TP	234	.TP
231	\fBrlimit-fsize 1024	235	\fBrlimit-fsize 1024
@@ -239,23 +243,14 @@ Set the maximum number of files that can be opened by a process to 500.
239	.TP	243	.TP
240	\fBrlimit-sigpending 200	244	\fBrlimit-sigpending 200
241	Set the maximum number of processes that can be created for the real user ID of the calling process to 200.	245	Set the maximum number of processes that can be created for the real user ID of the calling process to 200.
242
243	.SH CPU Affinity
244	Set the CPU cores available for this sandbox using \fBcpu\fR command. Examples:
245
246	.TP	246	.TP
247	cpu 1,2,3	247	\fBcpu 1,2,3
248	Use only CPU cores 0, 1 and 2.	248	Use only CPU cores 0, 1 and 2.
249
250	.TP	249	.TP
251	nice -5	250	\fBnice -5
252	Set a nice value of -5 to all processes running inside the sandbox.	251	Set a nice value of -5 to all processes running inside the sandbox.
253
254	.SH Control Groups
255	Place the sandbox in an existing control group specified by the full path of the task file using \fBcgroup\fR. Example:
256
257	.TP	252	.TP
258	cgroup /sys/fs/cgroup/g1/tasks	253	\fBcgroup /sys/fs/cgroup/g1/tasks
259	The sandbox is placed in g1 control group.	254	The sandbox is placed in g1 control group.
260		255
261	.SH User Environment	256	.SH User Environment
@@ -286,6 +281,9 @@ Run the program directly, without a shell.
286	.TP	281	.TP
287	\fBipc-namespace	282	\fBipc-namespace
288	Enable IPC namespace.	283	Enable IPC namespace.
		284	.TP
		285	\fBnosound
		286	Disable sound system.
289	.SH Networking	287	.SH Networking
290	Networking features available in profile files.	288	Networking features available in profile files.
291		289