From 28d3091620602d789a4782ce2715f1e4e539e5a8 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Tue, 30 Nov 2021 19:45:07 -0300 Subject: util.c: Rename nogroups to force_nogroups on drop_privs To not be confused with arg_nogroups, as in the vast majority of cases drop_privs is called with either 0 or 1 rather than arg_nogroups. The rename makes it clearer that what the parameter does is to drop all groups without exception, unlike arg_nogroups, which may have certain groups be kept. --- src/firejail/firejail.h | 2 +- src/firejail/util.c | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index a7673ae20..bbc496afc 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -506,7 +506,7 @@ void errLogExit(char* fmt, ...) __attribute__((noreturn)); void fwarning(char* fmt, ...); void fmessage(char* fmt, ...); long long unsigned parse_arg_size(char *str); -void drop_privs(int nogroups); +void drop_privs(int force_nogroups); int mkpath_as_root(const char* path); void extract_command_name(int index, char **argv); void logsignal(int s); diff --git a/src/firejail/util.c b/src/firejail/util.c index 97afe9649..55df44414 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c @@ -215,15 +215,16 @@ clean_all: // drop privileges -// - for root group or if nogroups is set, supplementary groups are not configured -void drop_privs(int nogroups) { +// - for root group or if force_nogroups is set, supplementary groups are not configured +void drop_privs(int force_nogroups) { gid_t gid = getgid(); if (arg_debug) - printf("Drop privileges: pid %d, uid %d, gid %d, nogroups %d\n", getpid(), getuid(), gid, nogroups); + printf("Drop privileges: pid %d, uid %d, gid %d, force_nogroups %d\n", + getpid(), getuid(), gid, force_nogroups); // configure supplementary groups EUID_ROOT(); - if (gid == 0 || nogroups) { + if (gid == 0 || force_nogroups) { if (setgroups(0, NULL) < 0) errExit("setgroups"); if (arg_debug) -- cgit v1.2.3-70-g09d2