summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2016-12-11 08:10:04 -0500
committerLibravatar netblue30 <netblue30@yahoo.com>2016-12-11 08:10:04 -0500
commit9a7acfd771e17bd7d2ca935fc17fa50ef579cce3 (patch)
tree6ed2313c56d6d96b42e9c6cc28b526615ab0a520
parentMerge pull request #962 from curiosity-seeker/master (diff)
downloadfirejail-9a7acfd771e17bd7d2ca935fc17fa50ef579cce3.tar.gz
firejail-9a7acfd771e17bd7d2ca935fc17fa50ef579cce3.tar.zst
firejail-9a7acfd771e17bd7d2ca935fc17fa50ef579cce3.zip
config support for firejail prompt in terminals
Diffstat
-rw-r--r--RELNOTES1
-rw-r--r--etc/firejail.config3
-rw-r--r--src/firejail/checkcfg.c10
-rw-r--r--src/firejail/env.c14
-rw-r--r--src/firejail/firejail.h1
5 files changed, 26 insertions, 3 deletions
diff --git a/RELNOTES b/RELNOTES
index 7755ae3a6..064553f98 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -13,6 +13,7 @@ firejail (0.9.45) baseline; urgency=low
13 * feature: private /opt directory (--private-opt, profile support) 13 * feature: private /opt directory (--private-opt, profile support)
14 * feature: private /srv directory (--private-srv, profile support) 14 * feature: private /srv directory (--private-srv, profile support)
15 * feature: spoof machine-id 15 * feature: spoof machine-id
16 * feature: config support for firejail prompt in terminal
16 * new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire, 17 * new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire,
17 * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma, 18 * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma,
18 * new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator, 19 * new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator,
diff --git a/etc/firejail.config b/etc/firejail.config
index 2ea767f37..824e3f503 100644
--- a/etc/firejail.config
+++ b/etc/firejail.config
@@ -17,6 +17,9 @@
17# Enable or disable file transfer support, default enabled. 17# Enable or disable file transfer support, default enabled.
18# file-transfer yes 18# file-transfer yes
19 19
20# Enable Firejail green prompt in terminal, default disabled
21# firejail-prompt no
22
20# Force use of nonewprivs. This mitigates the possibility of 23# Force use of nonewprivs. This mitigates the possibility of
21# a user abusing firejail's features to trick a privileged (suid 24# a user abusing firejail's features to trick a privileged (suid
22# or file capabilities) process into loading code or configuration 25# or file capabilities) process into loading code or configuration
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index 6565f488a..098e8e967 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -43,6 +43,7 @@ int checkcfg(int val) {
43 cfg_val[CFG_RESTRICTED_NETWORK] = 0; // disabled by default 43 cfg_val[CFG_RESTRICTED_NETWORK] = 0; // disabled by default
44 cfg_val[CFG_FORCE_NONEWPRIVS] = 0; // disabled by default 44 cfg_val[CFG_FORCE_NONEWPRIVS] = 0; // disabled by default
45 cfg_val[CFG_PRIVATE_BIN_NO_LOCAL] = 0; // disabled by default 45 cfg_val[CFG_PRIVATE_BIN_NO_LOCAL] = 0; // disabled by default
46 cfg_val[CFG_FIREJAIL_PROMPT] = 0; // disabled by default
46 47
47 // open configuration file 48 // open configuration file
48 char *fname; 49 char *fname;
@@ -126,6 +127,15 @@ int checkcfg(int val) {
126 else 127 else
127 goto errout; 128 goto errout;
128 } 129 }
130 // prompt
131 else if (strncmp(ptr, "firejail-prompt ", 16) == 0) {
132 if (strcmp(ptr + 16, "yes") == 0)
133 cfg_val[CFG_FIREJAIL_PROMPT] = 1;
134 else if (strcmp(ptr + 16, "no") == 0)
135 cfg_val[CFG_FIREJAIL_PROMPT] = 0;
136 else
137 goto errout;
138 }
129 // nonewprivs 139 // nonewprivs
130 else if (strncmp(ptr, "force-nonewprivs ", 17) == 0) { 140 else if (strncmp(ptr, "force-nonewprivs ", 17) == 0) {
131 if (strcmp(ptr + 17, "yes") == 0) 141 if (strcmp(ptr + 17, "yes") == 0)
diff --git a/src/firejail/env.c b/src/firejail/env.c
index a02c67ae1..783f019a6 100644
--- a/src/firejail/env.c
+++ b/src/firejail/env.c
@@ -129,13 +129,21 @@ void env_defaults(void) {
129 errExit("setenv"); 129 errExit("setenv");
130 130
131 // set prompt color to green 131 // set prompt color to green
132 char *prompt = getenv("FIREJAIL_PROMPT"); 132 int set_prompt = 0;
133 if (prompt && strcmp(prompt, "yes") == 0) { 133 if (checkcfg(CFG_FIREJAIL_PROMPT))
134 set_prompt = 1;
135 else { // check FIREJAIL_PROMPT="yes" environment variable
136 char *prompt = getenv("FIREJAIL_PROMPT");
137 if (prompt && strcmp(prompt, "yes") == 0)
138 set_prompt = 1;
139 }
140
141 if (set_prompt) {
134 //export PS1='\[\e[1;32m\][\u@\h \W]\$\[\e[0m\] ' 142 //export PS1='\[\e[1;32m\][\u@\h \W]\$\[\e[0m\] '
135 if (setenv("PROMPT_COMMAND", "export PS1=\"\\[\\e[1;32m\\][\\u@\\h \\W]\\$\\[\\e[0m\\] \"", 1) < 0) 143 if (setenv("PROMPT_COMMAND", "export PS1=\"\\[\\e[1;32m\\][\\u@\\h \\W]\\$\\[\\e[0m\\] \"", 1) < 0)
136 errExit("setenv"); 144 errExit("setenv");
137 } 145 }
138 146
139 // set the window title 147 // set the window title
140 if (!arg_quiet) 148 if (!arg_quiet)
141 printf("\033]0;firejail %s\007", cfg.window_title); 149 printf("\033]0;firejail %s\007", cfg.window_title);
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 368e0d88d..8fede5a69 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -661,6 +661,7 @@ enum {
661 CFG_CHROOT_DESKTOP, 661 CFG_CHROOT_DESKTOP,
662 CFG_PRIVATE_HOME, 662 CFG_PRIVATE_HOME,
663 CFG_PRIVATE_BIN_NO_LOCAL, 663 CFG_PRIVATE_BIN_NO_LOCAL,
664 CFG_FIREJAIL_PROMPT,
664 CFG_MAX // this should always be the last entry 665 CFG_MAX // this should always be the last entry
665}; 666};
666extern char *xephyr_screen; 667extern char *xephyr_screen;
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-07 09:59:03 +0000