From 0091caf80c7bb024facf406d229c82b505e5d28a Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Wed, 6 Sep 2023 19:53:01 -0300
Subject: [PATCH] modif: keep pipewire group unless nosound is used

This group is apparently used on Gentoo[1].

Currently only the "audio" supplementary group is kept.

Fixes #5992.

See also commit f32938669 ("Keep vglusers group unless no3d is used
(virtualgl)", 2022-01-07) / PR #4851.

[1] https://wiki.gentoo.org/wiki/PipeWire

Reported-by: @amano-kenji
---
 RELNOTES            | 1 +
 src/firejail/main.c | 7 ++++++-
 src/firejail/util.c | 2 ++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/RELNOTES b/RELNOTES
index 626ed7e5717..b632f2dca53 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -21,6 +21,7 @@ firejail (0.9.73) baseline; urgency=low
   * modif: Improve --version/--help & print version on startup (#5829)
   * modif: improve errExit error messages (#5871)
   * modif: drop deprecated 'shell' option references (#5894)
+  * modif: keep pipewire group unless nosound is used (#5992 #5993)
   * bugfix: qutebrowser: links will not open in the existing instance (#5601
     #5618)
   * bugfix: fix --hostname and --hosts-file commands
diff --git a/src/firejail/main.c b/src/firejail/main.c
index b0d5dac172a..e3dab561c00 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -3217,13 +3217,18 @@ int main(int argc, char **argv, char **envp) {
 
 		gid_t g;
 		if (!arg_nogroups || !check_can_drop_all_groups()) {
-			// add audio group
+			// add audio groups
 			if (!arg_nosound) {
 				g = get_group_id("audio");
 				if (g) {
 					sprintf(ptr, "%d %d 1\n", g, g);
 					ptr += strlen(ptr);
 				}
+				g = get_group_id("pipewire");
+				if (g) {
+					sprintf(ptr, "%d %d 1\n", g, g);
+					ptr += strlen(ptr);
+				}
 			}
 
 			// add video group
diff --git a/src/firejail/util.c b/src/firejail/util.c
index 970832b38dc..bd32181b5e7 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -207,6 +207,8 @@ static void clean_supplementary_groups(gid_t gid) {
 	if (!arg_nosound) {
 		copy_group_ifcont("audio", groups, ngroups,
 		                  new_groups, &new_ngroups, MAX_GROUPS);
+		copy_group_ifcont("pipewire", groups, ngroups,
+		                  new_groups, &new_ngroups, MAX_GROUPS);
 	}
 
 	if (!arg_novideo) {