diff options
| author |  smitsohu <smitsohu@gmail.com> | 2019-10-08 15:38:47 +0200 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2019-10-08 15:38:47 +0200 |
| commit | 8e62cb50dd7e4477e57c3daafa418c8b8034803b (patch) | |
| tree | d88b28260396e738e41610b655ecabcc53648c01 | |
| parent | little tweaks (diff) | |
| download | firejail-8e62cb50dd7e4477e57c3daafa418c8b8034803b.tar.gz firejail-8e62cb50dd7e4477e57c3daafa418c8b8034803b.tar.zst firejail-8e62cb50dd7e4477e57c3daafa418c8b8034803b.zip | |
add HAS_X11 conditional, disconnect session manager - #2205
| -rw-r--r-- | etc/disable-common.inc | 4 | ||||
| -rw-r--r-- | src/firejail/profile.c | 5 | ||||
| -rw-r--r-- | src/man/firejail-profile.txt | 3 |
3 files changed, 11 insertions, 1 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 68176e9e0..35789df2e 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
| @@ -62,6 +62,10 @@ blacklist /etc/X11/Xsession.d | |||
| 62 | blacklist /etc/xdg/autostart | 62 | blacklist /etc/xdg/autostart |
| 63 | read-only ${HOME}/.Xauthority | 63 | read-only ${HOME}/.Xauthority |
| 64 | 64 | ||
| 65 | # Session manager | ||
| 66 | ?HAS_X11: blacklist ${HOME}/.ICEauthority | ||
| 67 | ?HAS_X11: blacklist /tmp/.ICE-unix | ||
| 68 | |||
| 65 | # KDE config | 69 | # KDE config |
| 66 | blacklist ${HOME}/.config/khotkeysrc | 70 | blacklist ${HOME}/.config/khotkeysrc |
| 67 | blacklist ${HOME}/.config/krunnerrc | 71 | blacklist ${HOME}/.config/krunnerrc |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 7303d30f8..40f3c3be7 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -147,6 +147,10 @@ static int check_nodbus(void) { | |||
| 147 | return arg_nodbus != 0; | 147 | return arg_nodbus != 0; |
| 148 | } | 148 | } |
| 149 | 149 | ||
| 150 | static int check_x11(void) { | ||
| 151 | return (arg_x11_block || getenv("FIREJAIL_X11")); | ||
| 152 | } | ||
| 153 | |||
| 150 | static int check_disable_u2f(void) { | 154 | static int check_disable_u2f(void) { |
| 151 | return checkcfg(CFG_BROWSER_DISABLE_U2F) != 0; | 155 | return checkcfg(CFG_BROWSER_DISABLE_U2F) != 0; |
| 152 | } | 156 | } |
| @@ -158,6 +162,7 @@ static int check_allow_drm(void) { | |||
| 158 | Cond conditionals[] = { | 162 | Cond conditionals[] = { |
| 159 | {"HAS_APPIMAGE", check_appimage}, | 163 | {"HAS_APPIMAGE", check_appimage}, |
| 160 | {"HAS_NODBUS", check_nodbus}, | 164 | {"HAS_NODBUS", check_nodbus}, |
| 165 | {"HAS_X11", check_x11}, | ||
| 161 | {"BROWSER_DISABLE_U2F", check_disable_u2f}, | 166 | {"BROWSER_DISABLE_U2F", check_disable_u2f}, |
| 162 | {"BROWSER_ALLOW_DRM", check_allow_drm}, | 167 | {"BROWSER_ALLOW_DRM", check_allow_drm}, |
| 163 | { NULL, NULL } | 168 | { NULL, NULL } |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 82ca103c9..4a84cc828 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
| @@ -103,7 +103,8 @@ Example: "?HAS_APPIMAGE: whitelist ${HOME}/special/appimage/dir" | |||
| 103 | 103 | ||
| 104 | This example will load the whitelist profile line only if the \-\-appimage option has been specified on the command line. | 104 | This example will load the whitelist profile line only if the \-\-appimage option has been specified on the command line. |
| 105 | 105 | ||
| 106 | Currently the only conditionals supported are HAS_APPIMAGE, HAS_NODBUS, BROWSER_DISABLE_U2F, and BROWSER_ALLOW_DRM. | 106 | Currently the only conditionals supported this way are HAS_APPIMAGE, HAS_NODBUS and HAS_X11. The conditionals BROWSER_DISABLE_U2F and BROWSER_ALLOW_DRM |
| 107 | can be enabled or disabled globally in Firejail's configuration file. | ||
| 107 | 108 | ||
| 108 | The profile line may be any profile line that you would normally use in a profile \fBexcept\fR for "quiet" and "include" lines. | 109 | The profile line may be any profile line that you would normally use in a profile \fBexcept\fR for "quiet" and "include" lines. |
| 109 | 110 | ||