diff options
-rw-r--r-- | src/firejail/main.c | 20 | ||||
-rw-r--r-- | src/firejail/util.c | 13 |
2 files changed, 22 insertions, 11 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index eca2846e2..c10ad17a5 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -3144,17 +3144,21 @@ int main(int argc, char **argv, char **envp) { | |||
3144 | } | 3144 | } |
3145 | 3145 | ||
3146 | // add audio group | 3146 | // add audio group |
3147 | g = get_group_id("audio"); | 3147 | if (!arg_nosound) { |
3148 | if (g) { | 3148 | g = get_group_id("audio"); |
3149 | sprintf(ptr, "%d %d 1\n", g, g); | 3149 | if (g) { |
3150 | ptr += strlen(ptr); | 3150 | sprintf(ptr, "%d %d 1\n", g, g); |
3151 | ptr += strlen(ptr); | ||
3152 | } | ||
3151 | } | 3153 | } |
3152 | 3154 | ||
3153 | // add video group | 3155 | // add video group |
3154 | g = get_group_id("video"); | 3156 | if (!arg_novideo) { |
3155 | if (g) { | 3157 | g = get_group_id("video"); |
3156 | sprintf(ptr, "%d %d 1\n", g, g); | 3158 | if (g) { |
3157 | ptr += strlen(ptr); | 3159 | sprintf(ptr, "%d %d 1\n", g, g); |
3160 | ptr += strlen(ptr); | ||
3161 | } | ||
3158 | } | 3162 | } |
3159 | 3163 | ||
3160 | // add games group | 3164 | // add games group |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 5bb5c257b..969578aeb 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -142,14 +142,11 @@ static void clean_supplementary_groups(gid_t gid) { | |||
142 | goto clean_all; | 142 | goto clean_all; |
143 | 143 | ||
144 | // clean supplementary group list | 144 | // clean supplementary group list |
145 | // allow only firejail, tty, audio, video, games | ||
146 | gid_t new_groups[MAX_GROUPS]; | 145 | gid_t new_groups[MAX_GROUPS]; |
147 | int new_ngroups = 0; | 146 | int new_ngroups = 0; |
148 | char *allowed[] = { | 147 | char *allowed[] = { |
149 | "firejail", | 148 | "firejail", |
150 | "tty", | 149 | "tty", |
151 | "audio", | ||
152 | "video", | ||
153 | "games", | 150 | "games", |
154 | NULL | 151 | NULL |
155 | }; | 152 | }; |
@@ -161,6 +158,16 @@ static void clean_supplementary_groups(gid_t gid) { | |||
161 | i++; | 158 | i++; |
162 | } | 159 | } |
163 | 160 | ||
161 | if (!arg_nosound) { | ||
162 | copy_group_ifcont("audio", groups, ngroups, | ||
163 | new_groups, &new_ngroups, MAX_GROUPS); | ||
164 | } | ||
165 | |||
166 | if (!arg_novideo) { | ||
167 | copy_group_ifcont("video", groups, ngroups, | ||
168 | new_groups, &new_ngroups, MAX_GROUPS); | ||
169 | } | ||
170 | |||
164 | if (new_ngroups) { | 171 | if (new_ngroups) { |
165 | rv = setgroups(new_ngroups, new_groups); | 172 | rv = setgroups(new_ngroups, new_groups); |
166 | if (rv) | 173 | if (rv) |