diff options
-rw-r--r-- | etc/inc/disable-programs.inc | 2 | ||||
-rw-r--r-- | etc/profile-a-l/atom.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/code.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/electron.profile | 4 | ||||
-rw-r--r-- | etc/profile-a-l/github-desktop.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/notable.profile | 2 | ||||
-rw-r--r-- | src/firejail/util.c | 12 |
7 files changed, 16 insertions, 10 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index e2e550368..af32a224a 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -407,7 +407,7 @@ blacklist ${HOME}/.config/dolphin-emu | |||
407 | blacklist ${HOME}/.config/dolphinrc | 407 | blacklist ${HOME}/.config/dolphinrc |
408 | blacklist ${HOME}/.config/dragonplayerrc | 408 | blacklist ${HOME}/.config/dragonplayerrc |
409 | blacklist ${HOME}/.config/draw.io | 409 | blacklist ${HOME}/.config/draw.io |
410 | blacklist ${HOME}/.config/electron-flag*.conf | 410 | blacklist ${HOME}/.config/electron*-flag*.conf |
411 | blacklist ${HOME}/.config/electron-mail | 411 | blacklist ${HOME}/.config/electron-mail |
412 | blacklist ${HOME}/.config/emaildefaults | 412 | blacklist ${HOME}/.config/emaildefaults |
413 | blacklist ${HOME}/.config/emailidentities | 413 | blacklist ${HOME}/.config/emailidentities |
diff --git a/etc/profile-a-l/atom.profile b/etc/profile-a-l/atom.profile index c1ca20ec9..ccab77db4 100644 --- a/etc/profile-a-l/atom.profile +++ b/etc/profile-a-l/atom.profile | |||
@@ -12,7 +12,7 @@ ignore include disable-interpreters.inc | |||
12 | ignore include disable-xdg.inc | 12 | ignore include disable-xdg.inc |
13 | ignore whitelist ${DOWNLOADS} | 13 | ignore whitelist ${DOWNLOADS} |
14 | ignore whitelist ${HOME}/.config/Electron | 14 | ignore whitelist ${HOME}/.config/Electron |
15 | ignore whitelist ${HOME}/.config/electron-flag*.conf | 15 | ignore whitelist ${HOME}/.config/electron*-flag*.conf |
16 | ignore include whitelist-common.inc | 16 | ignore include whitelist-common.inc |
17 | ignore include whitelist-runuser-common.inc | 17 | ignore include whitelist-runuser-common.inc |
18 | ignore include whitelist-usr-share-common.inc | 18 | ignore include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/code.profile b/etc/profile-a-l/code.profile index 4cade5749..1ff838df9 100644 --- a/etc/profile-a-l/code.profile +++ b/etc/profile-a-l/code.profile | |||
@@ -12,7 +12,7 @@ ignore include disable-interpreters.inc | |||
12 | ignore include disable-xdg.inc | 12 | ignore include disable-xdg.inc |
13 | ignore whitelist ${DOWNLOADS} | 13 | ignore whitelist ${DOWNLOADS} |
14 | ignore whitelist ${HOME}/.config/Electron | 14 | ignore whitelist ${HOME}/.config/Electron |
15 | ignore whitelist ${HOME}/.config/electron-flag*.conf | 15 | ignore whitelist ${HOME}/.config/electron*-flag*.conf |
16 | ignore include whitelist-common.inc | 16 | ignore include whitelist-common.inc |
17 | ignore include whitelist-runuser-common.inc | 17 | ignore include whitelist-runuser-common.inc |
18 | ignore include whitelist-usr-share-common.inc | 18 | ignore include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/electron.profile b/etc/profile-a-l/electron.profile index cedef34ff..2dffb28a6 100644 --- a/etc/profile-a-l/electron.profile +++ b/etc/profile-a-l/electron.profile | |||
@@ -5,7 +5,7 @@ | |||
5 | include electron.local | 5 | include electron.local |
6 | 6 | ||
7 | noblacklist ${HOME}/.config/Electron | 7 | noblacklist ${HOME}/.config/Electron |
8 | noblacklist ${HOME}/.config/electron-flag*.conf | 8 | noblacklist ${HOME}/.config/electron*-flag*.conf |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-xdg.inc | |||
16 | 16 | ||
17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | whitelist ${HOME}/.config/Electron | 18 | whitelist ${HOME}/.config/Electron |
19 | whitelist ${HOME}/.config/electron-flag*.conf | 19 | whitelist ${HOME}/.config/electron*-flag*.conf |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include whitelist-runuser-common.inc | 21 | include whitelist-runuser-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/github-desktop.profile b/etc/profile-a-l/github-desktop.profile index 943a3c8c3..efc58ccd7 100644 --- a/etc/profile-a-l/github-desktop.profile +++ b/etc/profile-a-l/github-desktop.profile | |||
@@ -15,7 +15,7 @@ include globals.local | |||
15 | ignore include disable-xdg.inc | 15 | ignore include disable-xdg.inc |
16 | ignore whitelist ${DOWNLOADS} | 16 | ignore whitelist ${DOWNLOADS} |
17 | ignore whitelist ${HOME}/.config/Electron | 17 | ignore whitelist ${HOME}/.config/Electron |
18 | ignore whitelist ${HOME}/.config/electron-flag*.conf | 18 | ignore whitelist ${HOME}/.config/electron*-flag*.conf |
19 | ignore include whitelist-common.inc | 19 | ignore include whitelist-common.inc |
20 | ignore include whitelist-runuser-common.inc | 20 | ignore include whitelist-runuser-common.inc |
21 | ignore include whitelist-usr-share-common.inc | 21 | ignore include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/notable.profile b/etc/profile-m-z/notable.profile index 7c790539d..98b3757df 100644 --- a/etc/profile-m-z/notable.profile +++ b/etc/profile-m-z/notable.profile | |||
@@ -27,7 +27,7 @@ ignore dbus-user none | |||
27 | # Notable keeps claiming it is started for the first time when whitelisting - see #4812. | 27 | # Notable keeps claiming it is started for the first time when whitelisting - see #4812. |
28 | ignore whitelist ${DOWNLOADS} | 28 | ignore whitelist ${DOWNLOADS} |
29 | ignore whitelist ${HOME}/.config/Electron | 29 | ignore whitelist ${HOME}/.config/Electron |
30 | ignore whitelist ${HOME}/.config/electron-flag*.conf | 30 | ignore whitelist ${HOME}/.config/electron*-flag*.conf |
31 | ignore include whitelist-common.inc | 31 | ignore include whitelist-common.inc |
32 | ignore include whitelist-runuser-common.inc | 32 | ignore include whitelist-runuser-common.inc |
33 | ignore include whitelist-usr-share-common.inc | 33 | ignore include whitelist-usr-share-common.inc |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 109105630..eb7f05624 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -173,13 +173,19 @@ static void clean_supplementary_groups(gid_t gid) { | |||
173 | assert(cfg.username); | 173 | assert(cfg.username); |
174 | gid_t groups[MAX_GROUPS]; | 174 | gid_t groups[MAX_GROUPS]; |
175 | int ngroups = MAX_GROUPS; | 175 | int ngroups = MAX_GROUPS; |
176 | |||
177 | if (arg_nogroups && check_can_drop_all_groups()) { | ||
178 | if (setgroups(0, NULL) < 0) | ||
179 | errExit("setgroups"); | ||
180 | if (arg_debug) | ||
181 | printf("No supplementary groups\n"); | ||
182 | return; | ||
183 | } | ||
184 | |||
176 | int rv = getgrouplist(cfg.username, gid, groups, &ngroups); | 185 | int rv = getgrouplist(cfg.username, gid, groups, &ngroups); |
177 | if (rv == -1) | 186 | if (rv == -1) |
178 | goto clean_all; | 187 | goto clean_all; |
179 | 188 | ||
180 | if (arg_nogroups && check_can_drop_all_groups()) | ||
181 | goto clean_all; | ||
182 | |||
183 | // clean supplementary group list | 189 | // clean supplementary group list |
184 | gid_t new_groups[MAX_GROUPS]; | 190 | gid_t new_groups[MAX_GROUPS]; |
185 | int new_ngroups = 0; | 191 | int new_ngroups = 0; |