Merge branch 'master' of ssh://github.com/netblue30/firejail

etc/inc/disable-programs.inc

@@ -407,7 +407,7 @@ blacklist ${HOME}/.config/dolphin-emu
 blacklist ${HOME}/.config/dolphinrc
 blacklist ${HOME}/.config/dragonplayerrc
 blacklist ${HOME}/.config/draw.io
-blacklist ${HOME}/.config/electron-flag*.conf
+blacklist ${HOME}/.config/electron*-flag*.conf
 blacklist ${HOME}/.config/electron-mail
 blacklist ${HOME}/.config/emaildefaults
 blacklist ${HOME}/.config/emailidentities

etc/profile-a-l/atom.profile

@@ -12,7 +12,7 @@ ignore include disable-interpreters.inc
 ignore include disable-xdg.inc
 ignore whitelist ${DOWNLOADS}
 ignore whitelist ${HOME}/.config/Electron
-ignore whitelist ${HOME}/.config/electron-flag*.conf
+ignore whitelist ${HOME}/.config/electron*-flag*.conf
 ignore include whitelist-common.inc
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc

etc/profile-a-l/code.profile

@@ -12,7 +12,7 @@ ignore include disable-interpreters.inc
 ignore include disable-xdg.inc
 ignore whitelist ${DOWNLOADS}
 ignore whitelist ${HOME}/.config/Electron
-ignore whitelist ${HOME}/.config/electron-flag*.conf
+ignore whitelist ${HOME}/.config/electron*-flag*.conf
 ignore include whitelist-common.inc
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc

etc/profile-a-l/electron.profile

@@ -5,7 +5,7 @@
 include electron.local
 
 noblacklist ${HOME}/.config/Electron
-noblacklist ${HOME}/.config/electron-flag*.conf
+noblacklist ${HOME}/.config/electron*-flag*.conf
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-xdg.inc
 
 whitelist ${DOWNLOADS}
 whitelist ${HOME}/.config/Electron
-whitelist ${HOME}/.config/electron-flag*.conf
+whitelist ${HOME}/.config/electron*-flag*.conf
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc

etc/profile-a-l/github-desktop.profile

@@ -15,7 +15,7 @@ include globals.local
 ignore include disable-xdg.inc
 ignore whitelist ${DOWNLOADS}
 ignore whitelist ${HOME}/.config/Electron
-ignore whitelist ${HOME}/.config/electron-flag*.conf
+ignore whitelist ${HOME}/.config/electron*-flag*.conf
 ignore include whitelist-common.inc
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc

etc/profile-m-z/notable.profile

@@ -27,7 +27,7 @@ ignore dbus-user none
 # Notable keeps claiming it is started for the first time when whitelisting - see #4812.
 ignore whitelist ${DOWNLOADS}
 ignore whitelist ${HOME}/.config/Electron
-ignore whitelist ${HOME}/.config/electron-flag*.conf
+ignore whitelist ${HOME}/.config/electron*-flag*.conf
 ignore include whitelist-common.inc
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc

src/firejail/util.c

@@ -173,13 +173,19 @@ static void clean_supplementary_groups(gid_t gid) {
 	assert(cfg.username);
 	gid_t groups[MAX_GROUPS];
 	int ngroups = MAX_GROUPS;
+
+	if (arg_nogroups && check_can_drop_all_groups()) {
+		if (setgroups(0, NULL) < 0)
+			errExit("setgroups");
+		if (arg_debug)
+			printf("No supplementary groups\n");
+		return;
+	}
+
 	int rv = getgrouplist(cfg.username, gid, groups, &ngroups);
 	if (rv == -1)
 		goto clean_all;
 
-	if (arg_nogroups && check_can_drop_all_groups())
-		goto clean_all;
-
 	// clean supplementary group list
 	gid_t new_groups[MAX_GROUPS];
 	int new_ngroups = 0;