[PR #4933] [MERGED] Disable/comment message about nogroups being ignored #5303

New issue

Closed

opened 2026-05-05 10:35:58 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:35:58 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/4933
Author: @kmk3
Created: 2/11/2022
Status: ✅ Merged
Merged: 2/14/2022
Merged by: @netblue30

Base: master ← Head: disable-nogroups-msg

📝 Commits (1)

1db6740 Disable/comment message about nogroups being ignored

📊 Changes

1 file changed (+2 additions, -1 deletions)

View changed files

📝 src/firejail/util.c (+2 -1)

📄 Description

Added on commit 7abce0b4c ("Fix keeping certain groups with nogroups",
2021-11-30) / PR #4732.

As reported by @rusty-snake on #4930, conflicting messages are printed
when using whitelist-run-common.inc with nogroups:

$ cat test.profile
include whitelist-run-common.inc
nogroups
$ firejail --profile=./test.profile groups
Reading profile ./test.profile
Reading profile /etc/firejail/whitelist-run-common.inc
Parent pid 1234, child pid 1235
Warning: logind not detected, nogroups command ignored     <--- is a lie
Warning: cleaning all supplementary groups
Child process initialized in 30.00 ms
rusty-snake    <---- running `groups` outside of the sandbox shows more so groups are actually cleaned

Parent is shutting down, bye...

This probably happens because wrc causes /run/systemd to be hidden in
the sandbox and because check_can_drop_all_groups is called multiple
times, seemingly both before and after the whitelisting goes into
effect. So disable the message about nogroups being ignored, but keep
the message about cleaning all supplementary groups (which is unlikely
to be printed unless it really happens).

Fixes #4930.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/4933 **Author:** [@kmk3](https://github.com/kmk3) **Created:** 2/11/2022 **Status:** ✅ Merged **Merged:** 2/14/2022 **Merged by:** [@netblue30](https://github.com/netblue30) **Base:** `master` ← **Head:** `disable-nogroups-msg` --- ### 📝 Commits (1) - [`1db6740`](https://github.com/netblue30/firejail/commit/1db67408123c43bf4ea2798aec4d4c0e316021e1) Disable/comment message about nogroups being ignored ### 📊 Changes **1 file changed** (+2 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `src/firejail/util.c` (+2 -1) </details> ### 📄 Description Added on commit 7abce0b4c ("Fix keeping certain groups with nogroups", 2021-11-30) / PR #4732. As reported by @rusty-snake on #4930, conflicting messages are printed when using whitelist-run-common.inc with nogroups: $ cat test.profile include whitelist-run-common.inc nogroups $ firejail --profile=./test.profile groups Reading profile ./test.profile Reading profile /etc/firejail/whitelist-run-common.inc Parent pid 1234, child pid 1235 Warning: logind not detected, nogroups command ignored <--- is a lie Warning: cleaning all supplementary groups Child process initialized in 30.00 ms rusty-snake <---- running `groups` outside of the sandbox shows more so groups are actually cleaned Parent is shutting down, bye... This probably happens because wrc causes /run/systemd to be hidden in the sandbox and because check_can_drop_all_groups is called multiple times, seemingly both before and after the whitelisting goes into effect. So disable the message about nogroups being ignored, but keep the message about cleaning all supplementary groups (which is unlikely to be printed unless it really happens). Fixes #4930. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:35:58 -06:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#5303

No description provided.

Rows
Columns