void fs_dev_disable_sound(void) { unsigned i = 0; while (dev[i].dev_fname != NULL) { if (dev[i].type == DEV_SOUND) disable_file_or_dir(dev[i].dev_fname); i++; } // disable all jack sockets in /dev/shm glob_t globbuf; int globerr = glob("/dev/shm/jack*", GLOB_NOSORT, NULL, &globbuf); if (globerr) return; for (i = 0; i < globbuf.gl_pathc; i++) { char *path = globbuf.gl_pathv[i]; assert(path); if (is_link(path)) { fwarning("skipping nosound for %s because it is a symbolic link\n", path); continue; } disable_file_or_dir(path); } globfree(&globbuf); }
void fs_dev_disable_3d(void) { int i = 0; while (dev[i].dev_fname != NULL) { if (dev[i].hw3d) disable_file_or_dir(dev[i].dev_fname); i++; } }
void fs_dev_disable_u2f(void) { int i = 0; while (dev[i].dev_fname != NULL) { if (dev[i].type == DEV_U2F) disable_file_or_dir(dev[i].dev_fname); i++; } }
void fs_dev_disable_video(void) { int i = 0; while (dev[i].dev_fname != NULL) { if (dev[i].type == DEV_VIDEO) disable_file_or_dir(dev[i].dev_fname); i++; } }
void dbus_session_disable(void) { if (!checkcfg(CFG_DBUS)) { fwarning("D-Bus handling is disabled in Firejail configuration file\n"); return; } char *path; if (asprintf(&path, "/run/user/%d/bus", getuid()) == -1) errExit("asprintf"); char *env_var; if (asprintf(&env_var, "DBUS_SESSION_BUS_ADDRESS=unix:path=%s", path) == -1) errExit("asprintf"); // set a new environment variable: DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/<UID>/bus if (setenv("DBUS_SESSION_BUS_ADDRESS", env_var, 1) == -1) { fprintf(stderr, "Error: cannot modify DBUS_SESSION_BUS_ADDRESS required by --nodbus\n"); exit(1); } // blacklist the path disable_file_or_dir(path); free(path); free(env_var); // look for a possible abstract unix socket // --net=none if (arg_nonetwork) return; // --net=eth0 if (any_bridge_configured()) return; // --protocol=unix #ifdef HAVE_SECCOMP if (cfg.protocol && !strstr(cfg.protocol, "unix")) return; #endif fwarning("An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.\n"); }