From 8576b7dc9602eac4169d7219d394a8147c26d688 Mon Sep 17 00:00:00 2001 From: northboot Date: Tue, 25 Feb 2025 04:07:46 +0100 Subject: [PATCH] modif: keep users group unless nou2f is used This group is used on Void Linux to enable members to access hardware tokens used for U2F. --- RELNOTES | 1 + src/firejail/main.c | 9 +++++++++ src/firejail/util.c | 5 +++++ 3 files changed, 15 insertions(+) diff --git a/RELNOTES b/RELNOTES index f60d5f9392..82e2c31a75 100644 --- a/RELNOTES +++ b/RELNOTES @@ -41,6 +41,7 @@ firejail (0.9.73) baseline; urgency=low * modif: private-dev: keep /dev/kfd unless no3d is used (#6380) * modif: keep /sys/module/nvidia* if prop driver and no no3d (#6372 #6387) * modif: clarify error messages in profile.c (#6605) + * modif: keep users group unless nou2f is used (#6664) * removal: firemon: remove --interface option (it duplicates the firejail --net.print= option) (0e48f9933) * removal: remove support for LTS and firetunnel (db09546f2) diff --git a/src/firejail/main.c b/src/firejail/main.c index 8bb83c8b6a..cd360896b5 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -3234,6 +3234,15 @@ int main(int argc, char **argv, char **envp) { ptr += strlen(ptr); } } + + // add users group + if (!arg_nou2f) { + g = get_group_id("users"); + if (g) { + sprintf(ptr, "%d %d 1\n", g, g); + ptr += strlen(ptr); + } + } } if (!arg_nogroups) { diff --git a/src/firejail/util.c b/src/firejail/util.c index ab7639f557..fbd855edd7 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c @@ -240,6 +240,11 @@ static void clean_supplementary_groups(gid_t gid) { new_groups, &new_ngroups, MAX_GROUPS); } + if (!arg_nou2f) { + copy_group_ifcont("users", groups, ngroups, + new_groups, &new_ngroups, MAX_GROUPS); + } + if (new_ngroups) { rv = setgroups(new_ngroups, new_groups); if (rv)