From a756032f67c5f1f000c38dc6c6ae48b780f246e3 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Mon, 12 Oct 2015 10:47:46 -0400 Subject: --nosound option testing --- src/firejail/pulseaudio.c | 18 +++++++----------- src/firejail/usage.c | 4 +++- src/man/firejail.txt | 11 +++++++++++ 3 files changed, 21 insertions(+), 12 deletions(-) diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c index 0b2918fc0..9291e65d1 100644 --- a/src/firejail/pulseaudio.c +++ b/src/firejail/pulseaudio.c @@ -34,6 +34,9 @@ static void disable_file(const char *path, const char *file) { if (stat(fname, &s) == -1) goto doexit; + if (arg_debug) + printf("Disable%s\n", fname); + if (S_ISDIR(s.st_mode)) { if (mount(RO_DIR, fname, "none", MS_BIND, "mode=400,gid=0") < 0) errExit("disable file"); @@ -49,9 +52,10 @@ doexit: // disable pulseaudio socket void pulseaudio_disable(void) { - //************************************** + // blacklist user config directory + disable_file(cfg.homedir, ".config/pulse"); + // blacklist any pulse* file in /tmp directory - //************************************** DIR *dir; if (!(dir = opendir("/tmp"))) { // sleep 2 seconds and try again @@ -65,24 +69,16 @@ void pulseaudio_disable(void) { struct dirent *entry; while ((entry = readdir(dir))) { if (strncmp(entry->d_name, "pulse-", 6) == 0) { - if (arg_debug) - printf("Disable /tmp/%s\n", entry->d_name); disable_file("/tmp", entry->d_name); } } closedir(dir); - //************************************** // blacklist XDG_RUNTIME_DIR - //************************************** char *name = getenv("XDG_RUNTIME_DIR"); - if (name) { - if (arg_debug) - printf("Disable %s/pulse/native\n", name); + if (name) disable_file(name, "pulse/native"); - } - } diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 93d79fd94..24969823f 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c @@ -151,7 +151,9 @@ void usage(void) { printf("\t--noroot - install a user namespace with a single user - the current\n"); printf("\t\tuser. root user does not exist in the new namespace. This option\n"); printf("\t\tis not supported for --chroot and --overlay configurations.\n\n"); - + + printf("\t--nosound - disable sound system\n\n"); + printf("\t--output=logfile - stdout logging and log rotation. Copy stdout to\n"); printf("\t\tlogfile, and keep the size of the file under 500KB using log\n"); printf("\t\trotation. Five files with prefixes .1 to .5 are used in\n"); diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 00360e65b..cacd6abca 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -654,6 +654,17 @@ $ ping google.com ping: icmp open socket: Operation not permitted .br $ + +.TP +\fB\-\-nosound +Disable sound system. +.br + +.br +Example: +.br +$ firejail \-\-nosound firefox + .TP \fB\-\-output=logfile stdout logging and log rotation. Copy stdout to logfile, and keep the size of the file under 500KB using log -- cgit v1.2.3-70-g09d2