Merge pull request #5114 from kmk3/stop-warn-group-clean

Stop warning on safe supplementary group clean
netblue30 · Apr 25, 2022 · f35ac46 · f35ac46
2 parents 9633d7d + 30c1534
commit f35ac46
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/src/firejail/util.c b/src/firejail/util.c
@@ -173,13 +173,19 @@ static void clean_supplementary_groups(gid_t gid) {
 	assert(cfg.username);
 	gid_t groups[MAX_GROUPS];
 	int ngroups = MAX_GROUPS;
+
+	if (arg_nogroups && check_can_drop_all_groups()) {
+		if (setgroups(0, NULL) < 0)
+			errExit("setgroups");
+		if (arg_debug)
+			printf("No supplementary groups\n");
+		return;
+	}
+
 	int rv = getgrouplist(cfg.username, gid, groups, &ngroups);
 	if (rv == -1)
 		goto clean_all;
 
-	if (arg_nogroups && check_can_drop_all_groups())
-		goto clean_all;
-
 	// clean supplementary group list
 	gid_t new_groups[MAX_GROUPS];
 	int new_ngroups = 0;