diff options
| author |  smitsohu <smitsohu@gmail.com> | 2020-12-21 01:23:41 +0100 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2020-12-21 01:23:41 +0100 |
| commit | a7607e423f3336f67daf2ec296414d55c6740f84 (patch) | |
| tree | b499ca84067e892792434e1500e9173d64a423ec /src | |
| parent | declare seccomp_debug function static (diff) | |
| download | firejail-a7607e423f3336f67daf2ec296414d55c6740f84.tar.gz firejail-a7607e423f3336f67daf2ec296414d55c6740f84.tar.zst firejail-a7607e423f3336f67daf2ec296414d55c6740f84.zip | |
noroot option: don't drop firejail supplementary group
see suggested setup in man 5 firejail-users
also related to issue #3604
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/util.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/firejail/util.c b/src/firejail/util.c index e8b35a64b..6cc1bc720 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
| @@ -75,10 +75,11 @@ static void clean_supplementary_groups(gid_t gid) { | |||
| 75 | goto clean_all; | 75 | goto clean_all; |
| 76 | 76 | ||
| 77 | // clean supplementary group list | 77 | // clean supplementary group list |
| 78 | // allow only tty, audio, video, games | 78 | // allow only firejail, tty, audio, video, games |
| 79 | gid_t new_groups[MAX_GROUPS]; | 79 | gid_t new_groups[MAX_GROUPS]; |
| 80 | int new_ngroups = 0; | 80 | int new_ngroups = 0; |
| 81 | char *allowed[] = { | 81 | char *allowed[] = { |
| 82 | "firejail", | ||
| 82 | "tty", | 83 | "tty", |
| 83 | "audio", | 84 | "audio", |
| 84 | "video", | 85 | "video", |