void fs_dev_disable_sound(void) {
unsigned i = 0;
while (dev[i].dev_fname != NULL) {
if (dev[i].type == DEV_SOUND)
disable_file_or_dir(dev[i].dev_fname);
i++;
}
// disable all jack sockets in /dev/shm
glob_t globbuf;
int globerr = glob("/dev/shm/jack*", GLOB_NOSORT, NULL, &globbuf);
if (globerr)
return;
for (i = 0; i < globbuf.gl_pathc; i++) {
char *path = globbuf.gl_pathv[i];
assert(path);
if (is_link(path)) {
fwarning("skipping nosound for %s because it is a symbolic link\n", path);
continue;
}
disable_file_or_dir(path);
}
globfree(&globbuf);
}
void fs_dev_disable_3d(void) {
int i = 0;
while (dev[i].dev_fname != NULL) {
if (dev[i].hw3d)
disable_file_or_dir(dev[i].dev_fname);
i++;
}
}
void fs_dev_disable_u2f(void) {
int i = 0;
while (dev[i].dev_fname != NULL) {
if (dev[i].type == DEV_U2F)
disable_file_or_dir(dev[i].dev_fname);
i++;
}
}
void fs_dev_disable_video(void) {
int i = 0;
while (dev[i].dev_fname != NULL) {
if (dev[i].type == DEV_VIDEO)
disable_file_or_dir(dev[i].dev_fname);
i++;
}
}
void dbus_session_disable(void) {
if (!checkcfg(CFG_DBUS)) {
fwarning("D-Bus handling is disabled in Firejail configuration file\n");
return;
}
char *path;
if (asprintf(&path, "/run/user/%d/bus", getuid()) == -1)
errExit("asprintf");
char *env_var;
if (asprintf(&env_var, "DBUS_SESSION_BUS_ADDRESS=unix:path=%s", path) == -1)
errExit("asprintf");
// set a new environment variable: DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/<UID>/bus
if (setenv("DBUS_SESSION_BUS_ADDRESS", env_var, 1) == -1) {
fprintf(stderr, "Error: cannot modify DBUS_SESSION_BUS_ADDRESS required by --nodbus\n");
exit(1);
}
// blacklist the path
disable_file_or_dir(path);
free(path);
free(env_var);
// look for a possible abstract unix socket
// --net=none
if (arg_nonetwork)
return;
// --net=eth0
if (any_bridge_configured())
return;
// --protocol=unix
#ifdef HAVE_SECCOMP
if (cfg.protocol && !strstr(cfg.protocol, "unix"))
return;
#endif
fwarning("An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.\n");
}
