Commits on Feb 11, 2022

1. Disable/comment message about nogroups being ignored …

   Added on commit 7abce0b ("Fix keeping certain groups with nogroups",
   2021-11-30) / PR netblue30#4732.
   
   As reported by @rusty-snake on netblue30#4930, conflicting messages are printed
   when using whitelist-run-common.inc with nogroups:
   
       $ cat test.profile
       include whitelist-run-common.inc
       nogroups
       $ firejail --profile=./test.profile groups
       Reading profile ./test.profile
       Reading profile /etc/firejail/whitelist-run-common.inc
       Parent pid 1234, child pid 1235
       Warning: logind not detected, nogroups command ignored     <--- is a lie
       Warning: cleaning all supplementary groups
       Child process initialized in 30.00 ms
       rusty-snake    <---- running `groups` outside of the sandbox shows more so groups are actually cleaned
   
       Parent is shutting down, bye...
   
   This probably happens because wrc causes /run/systemd to be hidden in
   the sandbox and because check_can_drop_all_groups is called multiple
   times, seemingly both before and after the whitelisting goes into
   effect.  So disable the message about nogroups being ignored, but keep
   the message about cleaning all supplementary groups (which is unlikely
   to be printed unless it really happens).
   
   Fixes netblue30#4930.

   

   kmk3 committed Feb 11, 2022
   Configuration menu

   • View commit details
   • Copy full SHA for 1db6740
   • Browse repository at this point

   Copy the full SHA

   1db6740 View commit details

   Browse the repository at this point in the history