diff options
Diffstat (limited to 'src/firejail/util.c')
-rw-r--r-- | src/firejail/util.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/src/firejail/util.c b/src/firejail/util.c index 109105630..eb7f05624 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -173,13 +173,19 @@ static void clean_supplementary_groups(gid_t gid) { | |||
173 | assert(cfg.username); | 173 | assert(cfg.username); |
174 | gid_t groups[MAX_GROUPS]; | 174 | gid_t groups[MAX_GROUPS]; |
175 | int ngroups = MAX_GROUPS; | 175 | int ngroups = MAX_GROUPS; |
176 | |||
177 | if (arg_nogroups && check_can_drop_all_groups()) { | ||
178 | if (setgroups(0, NULL) < 0) | ||
179 | errExit("setgroups"); | ||
180 | if (arg_debug) | ||
181 | printf("No supplementary groups\n"); | ||
182 | return; | ||
183 | } | ||
184 | |||
176 | int rv = getgrouplist(cfg.username, gid, groups, &ngroups); | 185 | int rv = getgrouplist(cfg.username, gid, groups, &ngroups); |
177 | if (rv == -1) | 186 | if (rv == -1) |
178 | goto clean_all; | 187 | goto clean_all; |
179 | 188 | ||
180 | if (arg_nogroups && check_can_drop_all_groups()) | ||
181 | goto clean_all; | ||
182 | |||
183 | // clean supplementary group list | 189 | // clean supplementary group list |
184 | gid_t new_groups[MAX_GROUPS]; | 190 | gid_t new_groups[MAX_GROUPS]; |
185 | int new_ngroups = 0; | 191 | int new_ngroups = 0; |