diff options
author | Aleksey Manevich <manevich.aleksey@gmail.com> | 2016-08-12 08:43:06 +0300 |
---|---|---|
committer | Aleksey Manevich <manevich.aleksey@gmail.com> | 2016-08-12 08:43:06 +0300 |
commit | 702f7b804f940a271b9eca03f70366eae3fe0f60 (patch) | |
tree | 2dc83f629bddf70f0e6419483e914bec126cc6bc | |
parent | --x11=xephyr rewrite (diff) | |
download | firejail-702f7b804f940a271b9eca03f70366eae3fe0f60.tar.gz firejail-702f7b804f940a271b9eca03f70366eae3fe0f60.tar.zst firejail-702f7b804f940a271b9eca03f70366eae3fe0f60.zip |
--x11=xpra rewrite
-rw-r--r-- | src/firejail/x11.c | 118 |
1 files changed, 66 insertions, 52 deletions
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 9e818ab67..58908e9df 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -352,7 +352,7 @@ void x11_start_xephyr(int argc, char **argv) { | |||
352 | 352 | ||
353 | void x11_start_xpra(int argc, char **argv) { | 353 | void x11_start_xpra(int argc, char **argv) { |
354 | EUID_ASSERT(); | 354 | EUID_ASSERT(); |
355 | int i; | 355 | size_t i; |
356 | struct stat s; | 356 | struct stat s; |
357 | pid_t client = 0; | 357 | pid_t client = 0; |
358 | pid_t server = 0; | 358 | pid_t server = 0; |
@@ -374,40 +374,14 @@ void x11_start_xpra(int argc, char **argv) { | |||
374 | } | 374 | } |
375 | 375 | ||
376 | int display = random_display_number(); | 376 | int display = random_display_number(); |
377 | char *display_str; | ||
378 | if (asprintf(&display_str, ":%d", display) == -1) | ||
379 | errExit("asprintf"); | ||
377 | 380 | ||
378 | // build the start command | 381 | // build the start command |
379 | int len = 50; // xpra start... | 382 | char *server_argv[] = { "xpra", "start", display_str, "--no-daemon", NULL }; |
380 | for (i = 0; i < argc; i++) { | ||
381 | len += strlen(argv[i]) + 1; // + ' ' | ||
382 | } | ||
383 | |||
384 | char *cmd1 = malloc(len + 1); // + '\0' | ||
385 | if (!cmd1) | ||
386 | errExit("malloc"); | ||
387 | |||
388 | sprintf(cmd1, "xpra start :%d --exit-with-children --start-child=\"", display); | ||
389 | char *ptr = cmd1 + strlen(cmd1); | ||
390 | for (i = 0; i < argc; i++) { | ||
391 | if (strcmp(argv[i], "--x11") == 0) | ||
392 | continue; | ||
393 | if (strcmp(argv[i], "--x11=xpra") == 0) | ||
394 | continue; | ||
395 | if (strcmp(argv[i], "--x11=xephyr") == 0) | ||
396 | continue; | ||
397 | ptr += sprintf(ptr, "%s ", argv[i]); | ||
398 | } | ||
399 | sprintf(ptr, "\""); | ||
400 | if (arg_debug) | ||
401 | printf("xpra server: %s\n", cmd1); | ||
402 | |||
403 | // build the attach command | ||
404 | char *cmd2; | ||
405 | if (asprintf(&cmd2, "xpra --title=\"firejail x11 sandbox\" attach :%d", display) == -1) | ||
406 | errExit("asprintf"); | ||
407 | if (arg_debug) | ||
408 | printf("xpra client: %s\n", cmd2); | ||
409 | 383 | ||
410 | signal(SIGHUP,SIG_IGN); // fix sleep(1) below | 384 | // start |
411 | server = fork(); | 385 | server = fork(); |
412 | if (server < 0) | 386 | if (server < 0) |
413 | errExit("fork"); | 387 | errExit("fork"); |
@@ -415,13 +389,7 @@ void x11_start_xpra(int argc, char **argv) { | |||
415 | if (arg_debug) | 389 | if (arg_debug) |
416 | printf("Starting xpra...\n"); | 390 | printf("Starting xpra...\n"); |
417 | 391 | ||
418 | char *a[4]; | 392 | execvp(server_argv[0], server_argv); |
419 | a[0] = "/bin/bash"; | ||
420 | a[1] = "-c"; | ||
421 | a[2] = cmd1; | ||
422 | a[3] = NULL; | ||
423 | |||
424 | execvp(a[0], a); | ||
425 | perror("execvp"); | 393 | perror("execvp"); |
426 | exit(1); | 394 | exit(1); |
427 | } | 395 | } |
@@ -437,13 +405,13 @@ void x11_start_xpra(int argc, char **argv) { | |||
437 | if (stat(fname, &s) == 0) | 405 | if (stat(fname, &s) == 0) |
438 | break; | 406 | break; |
439 | }; | 407 | }; |
408 | // sleep(1); | ||
440 | 409 | ||
441 | if (n == 10) { | 410 | if (n == 10) { |
442 | fprintf(stderr, "Error: failed to start xpra\n"); | 411 | fprintf(stderr, "Error: failed to start xpra\n"); |
443 | exit(1); | 412 | exit(1); |
444 | } | 413 | } |
445 | free(fname); | 414 | free(fname); |
446 | sleep(1); | ||
447 | 415 | ||
448 | if (arg_debug) { | 416 | if (arg_debug) { |
449 | printf("X11 sockets: "); fflush(0); | 417 | printf("X11 sockets: "); fflush(0); |
@@ -451,28 +419,74 @@ void x11_start_xpra(int argc, char **argv) { | |||
451 | (void) rv; | 419 | (void) rv; |
452 | } | 420 | } |
453 | 421 | ||
422 | // build attach command | ||
423 | char *attach_argv[] = { "xpra", "--title=\"firejail x11 sandbox\"", "attach", display_str }; | ||
424 | |||
454 | // run attach command | 425 | // run attach command |
455 | client = fork(); | 426 | client = fork(); |
456 | if (client < 0) | 427 | if (client < 0) |
457 | errExit("fork"); | 428 | errExit("fork"); |
458 | if (client == 0) { | 429 | if (client == 0) { |
459 | printf("\n*** Attaching to xpra display %d ***\n\n", display); | 430 | printf("\n*** Attaching to xpra display %d ***\n\n", display); |
460 | char *a[4]; | 431 | execvp(attach_argv[0], attach_argv); |
461 | a[0] = "/bin/bash"; | ||
462 | a[1] = "-c"; | ||
463 | a[2] = cmd2; | ||
464 | a[3] = NULL; | ||
465 | |||
466 | execvp(a[0], a); | ||
467 | perror("execvp"); | 432 | perror("execvp"); |
468 | exit(1); | 433 | exit(1); |
469 | } | 434 | } |
470 | sleep(1); | ||
471 | |||
472 | if (!arg_quiet) | ||
473 | printf("Xpra server pid %d, client pid %d\n", server, client); | ||
474 | 435 | ||
475 | exit(0); | 436 | setenv("DISPLAY", display_str, 1); |
437 | |||
438 | // build jail command | ||
439 | char *firejail_argv[argc+2]; | ||
440 | unsigned pos = 0; | ||
441 | for (i = 0; i < argc; i++) { | ||
442 | if (strcmp(argv[i], "--x11") == 0) | ||
443 | continue; | ||
444 | if (strcmp(argv[i], "--x11=xpra") == 0) | ||
445 | continue; | ||
446 | if (strcmp(argv[i], "--x11=xephyr") == 0) | ||
447 | continue; | ||
448 | firejail_argv[pos] = argv[i]; | ||
449 | pos++; | ||
450 | } | ||
451 | firejail_argv[pos] = NULL; | ||
452 | |||
453 | assert(pos < argc+2); | ||
454 | assert(!firejail_argv[pos]); | ||
455 | |||
456 | // start jail | ||
457 | pid_t jail = fork(); | ||
458 | if (jail < 0) | ||
459 | errExit("fork"); | ||
460 | if (jail == 0) { | ||
461 | execvp(firejail_argv[0], firejail_argv); | ||
462 | perror("execvp"); | ||
463 | exit(1); | ||
464 | } | ||
465 | |||
466 | if (!arg_quiet) | ||
467 | printf("Xpra server pid %d, xpra client pid %d, jail %d\n", server, client, jail); | ||
468 | |||
469 | // wait for jail or server to end | ||
470 | while (1) { | ||
471 | pid_t pid = wait(); | ||
472 | |||
473 | if (pid == jail) { | ||
474 | sleep(3); // FIXME: find better way to wait for xpra | ||
475 | char *stop_argv[] = { "xpra", "stop", display_str, NULL }; | ||
476 | pid_t stop = fork(); | ||
477 | if (stop < 0) | ||
478 | errExit("fork"); | ||
479 | if (stop == 0) { | ||
480 | execvp(stop_argv[0], stop_argv); | ||
481 | perror("execvp"); | ||
482 | exit(1); | ||
483 | } | ||
484 | sleep(3); | ||
485 | kill(client, SIGTERM); | ||
486 | kill(server, SIGTERM); | ||
487 | exit(0); | ||
488 | } | ||
489 | } | ||
476 | } | 490 | } |
477 | 491 | ||
478 | void x11_start(int argc, char **argv) { | 492 | void x11_start(int argc, char **argv) { |