diff options
| author |  netblue30 <netblue30@yahoo.com> | 2015-10-12 10:19:33 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2015-10-12 10:19:33 -0400 |
| commit | 894293e0184d27387ba4e05e36b9da9bc20bd7cb (patch) | |
| tree | 1d3f44f727883e1ee2ac1033f815db159978153f /src | |
| parent | --nosound option (diff) | |
| download | firejail-894293e0184d27387ba4e05e36b9da9bc20bd7cb.tar.gz firejail-894293e0184d27387ba4e05e36b9da9bc20bd7cb.tar.zst firejail-894293e0184d27387ba4e05e36b9da9bc20bd7cb.zip | |
--nosound
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/pulseaudio.c | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c index 491ef8e1b..0b2918fc0 100644 --- a/src/firejail/pulseaudio.c +++ b/src/firejail/pulseaudio.c | |||
| @@ -23,15 +23,17 @@ | |||
| 23 | #include <sys/mount.h> | 23 | #include <sys/mount.h> |
| 24 | #include <dirent.h> | 24 | #include <dirent.h> |
| 25 | 25 | ||
| 26 | static void disable_file(const char *file) { | 26 | static void disable_file(const char *path, const char *file) { |
| 27 | assert(file); | 27 | assert(file); |
| 28 | assert(path); | ||
| 28 | 29 | ||
| 29 | struct stat s; | 30 | struct stat s; |
| 30 | char *fname; | 31 | char *fname; |
| 31 | if (asprintf(&fname, "/tmp/%s", file) == -1) | 32 | if (asprintf(&fname, "%s/%s", path, file) == -1) |
| 32 | errExit("asprintf"); | 33 | errExit("asprintf"); |
| 33 | if (stat(fname, &s) == -1) | 34 | if (stat(fname, &s) == -1) |
| 34 | return; | 35 | goto doexit; |
| 36 | |||
| 35 | if (S_ISDIR(s.st_mode)) { | 37 | if (S_ISDIR(s.st_mode)) { |
| 36 | if (mount(RO_DIR, fname, "none", MS_BIND, "mode=400,gid=0") < 0) | 38 | if (mount(RO_DIR, fname, "none", MS_BIND, "mode=400,gid=0") < 0) |
| 37 | errExit("disable file"); | 39 | errExit("disable file"); |
| @@ -40,6 +42,9 @@ static void disable_file(const char *file) { | |||
| 40 | if (mount(RO_FILE, fname, "none", MS_BIND, "mode=400,gid=0") < 0) | 42 | if (mount(RO_FILE, fname, "none", MS_BIND, "mode=400,gid=0") < 0) |
| 41 | errExit("disable file"); | 43 | errExit("disable file"); |
| 42 | } | 44 | } |
| 45 | |||
| 46 | doexit: | ||
| 47 | free(fname); | ||
| 43 | } | 48 | } |
| 44 | 49 | ||
| 45 | // disable pulseaudio socket | 50 | // disable pulseaudio socket |
| @@ -61,8 +66,8 @@ void pulseaudio_disable(void) { | |||
| 61 | while ((entry = readdir(dir))) { | 66 | while ((entry = readdir(dir))) { |
| 62 | if (strncmp(entry->d_name, "pulse-", 6) == 0) { | 67 | if (strncmp(entry->d_name, "pulse-", 6) == 0) { |
| 63 | if (arg_debug) | 68 | if (arg_debug) |
| 64 | printf("Disable %s\n", entry->d_name); | 69 | printf("Disable /tmp/%s\n", entry->d_name); |
| 65 | disable_file(entry->d_name); | 70 | disable_file("/tmp", entry->d_name); |
| 66 | } | 71 | } |
| 67 | } | 72 | } |
| 68 | 73 | ||
| @@ -74,9 +79,10 @@ void pulseaudio_disable(void) { | |||
| 74 | char *name = getenv("XDG_RUNTIME_DIR"); | 79 | char *name = getenv("XDG_RUNTIME_DIR"); |
| 75 | if (name) { | 80 | if (name) { |
| 76 | if (arg_debug) | 81 | if (arg_debug) |
| 77 | printf("Disable %s\n", name); | 82 | printf("Disable %s/pulse/native\n", name); |
| 78 | disable_file(name); | 83 | disable_file(name, "pulse/native"); |
| 79 | } | 84 | } |
| 85 | |||
| 80 | } | 86 | } |
| 81 | 87 | ||
| 82 | 88 | ||
| @@ -109,7 +115,7 @@ void pulseaudio_init(void) { | |||
| 109 | FILE *fp = fopen(pulsecfg, "a+"); | 115 | FILE *fp = fopen(pulsecfg, "a+"); |
| 110 | if (!fp) | 116 | if (!fp) |
| 111 | errExit("fopen"); | 117 | errExit("fopen"); |
| 112 | fprintf(fp, "\nenable-shm = no\n"); | 118 | fprintf(fp, "%s", "\nenable-shm = no\n"); |
| 113 | fclose(fp); | 119 | fclose(fp); |
| 114 | if (chmod(pulsecfg, 0644) == -1) | 120 | if (chmod(pulsecfg, 0644) == -1) |
| 115 | errExit("chmod"); | 121 | errExit("chmod"); |