From 12dd1d0807d5422198c45a0cf4c995ad90c4934e Mon Sep 17 00:00:00 2001 From: netblue30 Date: Wed, 3 May 2017 07:43:41 -0400 Subject: --fix-sound support in firecfg --- src/firecfg/main.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++--- src/man/firecfg.txt | 42 +++++++++++++++++++++++++++++++-------- src/man/firejail.txt | 2 +- 3 files changed, 87 insertions(+), 12 deletions(-) (limited to 'src') diff --git a/src/firecfg/main.c b/src/firecfg/main.c index c8af9d03a..af5ebef98 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c @@ -34,6 +34,7 @@ #include "../include/common.h" static int arg_debug = 0; +#define MAX_BUF 1024 static void usage(void) { printf("firecfg - version %s\n\n", VERSION); @@ -46,6 +47,7 @@ static void usage(void) { printf("Usage: firecfg [OPTIONS]\n\n"); printf(" --clean - remove all firejail symbolic links.\n\n"); printf(" --debug - print debug messages.\n\n"); + printf(" --fix-sound - create ~/.config/pulse/client.conf file.\n\n"); printf(" --help, -? - this help screen.\n\n"); printf(" --list - list all firejail symbolic links.\n\n"); printf(" --version - print program version and exit.\n\n"); @@ -67,6 +69,49 @@ static void usage(void) { printf("Homepage: http://firejail.wordpress.com\n\n"); } +static void sound(void) { + struct passwd *pw = getpwuid(getuid()); + if (!pw) { + goto errexit; + } + char *home = pw->pw_dir; + if (!home) { + goto errexit; + } + + // the input file is /etc/pulse/client.conf + FILE *fpin = fopen("/etc/pulse/client.conf", "r"); + if (!fpin) { + fprintf(stderr, "PulseAudio is not available on this platform, there is nothing to fix...\n"); + return; + } + + // the dest is PulseAudio user config file + char *fname; + if (asprintf(&fname, "%s/.config/pulse/client.conf", home) == -1) + errExit("asprintf"); + FILE *fpout = fopen(fname, "w"); + free(fname); + if (!fpout) + goto errexit; + + // copy default config + char buf[MAX_BUF]; + while (fgets(buf, MAX_BUF, fpin)) + fputs(buf, fpout); + + // disable shm + fprintf(fpout, "\nenable-shm = no\n"); + fclose(fpin); + fclose(fpout); + printf("PulseAudio configured, please logout and login back again\n"); + return; + +errexit: + fprintf(stderr, "Error: cannot configure sound file\n"); + exit(1); +} + // return 1 if the program is found static int find(const char *program, const char *directory) { int retval = 0; @@ -231,7 +276,6 @@ static void set_file(const char *name, const char *firejail_exec) { free(fname); } -#define MAX_BUF 1024 static void set_links(void) { char *cfgfile; if (asprintf(&cfgfile, "%s/firejail/firecfg.config", LIBDIR) == -1) @@ -504,6 +548,10 @@ int main(int argc, char **argv) { list(); return 0; } + else if (strcmp(argv[i], "--fix-sound") == 0) { + sound(); + return 0; + } else { fprintf(stderr, "Error: invalid command line option\n"); usage(); @@ -513,8 +561,9 @@ int main(int argc, char **argv) { // set symlinks in /usr/local/bin if (getuid() != 0) { - fprintf(stderr, "Error: you need to be root to run this command\n"); - exit(1); + fprintf(stderr, "Error: cannot set the symbolic links in /usr/local/bin\n"); + fprintf(stderr, "The proper way to run this command is \"sudo firecfg\".\n"); + return 1; } set_links(); diff --git a/src/man/firecfg.txt b/src/man/firecfg.txt index 369c3a7e0..979d4fc06 100644 --- a/src/man/firecfg.txt +++ b/src/man/firecfg.txt @@ -1,24 +1,50 @@ .TH FIRECFG 1 "MONTH YEAR" "VERSION" "firecfg man page" .SH NAME -Firecfg \- Desktop configuration program for Firejail software. +Firecfg \- Desktop integration utility for Firejail software. .SH SYNOPSIS firecfg [OPTIONS] .SH DESCRIPTION -Firecfg is the desktop configuration utility for Firejail software. The utility -creates several symbolic links to firejail executable in /usr/local/bin. +Firecfg is the desktop integration utility for Firejail sandbox. +It allows the user to sandbox applications automatically by +clicking on desktop manager icons and menus. -Firecfg also checks .desktop files in /usr/share/applications/, -replaces the full path by program name, and writes the result to $HOME/.local/share/applications/. -This allows the user to sandbox applications automatically, just by clicking on regular desktop -menus and icons. +The integration covers: +.br +.PP +.RS +- programs started in a terminal - typing "firefox" would be enough to start a sandboxed Firefox browser +.br -For more information, see \fBDESKTOP INTEGRATION\fR section in \fBman 1 firejail\fR. +.br +- programs started by clicking on desktop manager menus - all major desktop managers are supported +.br + +.br +- programs started by clicking on file icons in file manager - only Cinnamon, KDE, LXDE, MATE and XFCE +desktop managers are supported in this moment +.RE + +This brings us as very close to full desktop integration. + +To set it up, run "sudo firecfg" after installing +Firejail software, and logout/login for the integration to take effect. "sudo firecfg" should also be run after +you install new programs. If the program is supported by Firejail, the symbolic link in /usr/local/bin +will be created. For a list of programs supported by default run "ls /etc/firejail". + +For user-driven manual integration, see \fBDESKTOP INTEGRATION\fR section in \fBman 1 firejail\fR. .SH OPTIONS .TP \fB\-\-clean Remove all firejail symbolic links. .TP +\fB\-\-fix-sound +Create a proper ~/.config/pulse/client.conf file without shm support. On some PulseAudio versions, +shared memory support (shm) breaks the process ID namespace. PulseAudio software was designed +a long time ago, and the introduction of PID namespace in Linux kernel breaks their design. This was +reportedly fixed in PulseAudio version 9. If you have sound problems on your system, run +"firecfg --fix-sound" command in a terminal, followed by logout/login in order to apply the changes. +.TP \fB\-\-debug Print debug messages. .TP diff --git a/src/man/firejail.txt b/src/man/firejail.txt index bc4c3f19a..915a0d50d 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -1997,7 +1997,7 @@ $ firejail --tree 1221:netblue:/usr/lib/firefox/firefox .RE -For more information, see \fBman 1 firecfg\fR. +We provide a tool that automates all this integration, please see \fBman 1 firecfg\fR for more details. .SH APPARMOR .TP -- cgit v1.2.3-70-g09d2