diff options
author | Kristóf Marussy <kristof@marussy.com> | 2020-06-01 18:20:28 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-06-01 18:20:28 +0200 |
commit | 18f99d17a46f84f403b49dd36bf5eeb8167a8746 (patch) | |
tree | 52c26d787fef55c05a76de3a50e3d0fda0cc2f3a | |
parent | Avoid dbus-*=filter breakage (#3432) (diff) | |
parent | Turn attempted DBus policy downgrade into warning (fixes #3408) (diff) | |
download | firejail-18f99d17a46f84f403b49dd36bf5eeb8167a8746.tar.gz firejail-18f99d17a46f84f403b49dd36bf5eeb8167a8746.tar.zst firejail-18f99d17a46f84f403b49dd36bf5eeb8167a8746.zip |
Merge pull request #3406 from kris7t/dbus-proxy
DBus filtering enhancements
-rw-r--r-- | src/faudit/dbus.c | 57 | ||||
-rw-r--r-- | src/firejail/dbus.c | 93 | ||||
-rw-r--r-- | src/firejail/firejail.h | 4 | ||||
-rw-r--r-- | src/firejail/main.c | 92 | ||||
-rw-r--r-- | src/firejail/profile.c | 58 | ||||
-rw-r--r-- | src/firejail/usage.c | 9 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 18 | ||||
-rw-r--r-- | src/man/firejail.txt | 136 |
8 files changed, 444 insertions, 23 deletions
diff --git a/src/faudit/dbus.c b/src/faudit/dbus.c index 8c26c5271..beaa5ac46 100644 --- a/src/faudit/dbus.c +++ b/src/faudit/dbus.c | |||
@@ -18,6 +18,8 @@ | |||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #include "faudit.h" | 20 | #include "faudit.h" |
21 | #include "../include/rundefs.h" | ||
22 | #include <stdarg.h> | ||
21 | #include <sys/socket.h> | 23 | #include <sys/socket.h> |
22 | #include <sys/un.h> | 24 | #include <sys/un.h> |
23 | 25 | ||
@@ -46,9 +48,10 @@ int check_unix(const char *sockfile) { | |||
46 | return rv; | 48 | return rv; |
47 | } | 49 | } |
48 | 50 | ||
49 | void dbus_test(void) { | 51 | static char *test_dbus_env(char *env_var_name) { |
50 | // check the session bus | 52 | // check the session bus |
51 | char *str = getenv("DBUS_SESSION_BUS_ADDRESS"); | 53 | char *str = getenv(env_var_name); |
54 | char *found = NULL; | ||
52 | if (str) { | 55 | if (str) { |
53 | int rv = 0; | 56 | int rv = 0; |
54 | char *bus = strdup(str); | 57 | char *bus = strdup(str); |
@@ -74,19 +77,55 @@ void dbus_test(void) { | |||
74 | if (ptr) | 77 | if (ptr) |
75 | *ptr = '\0'; | 78 | *ptr = '\0'; |
76 | rv = check_unix(sockfile); | 79 | rv = check_unix(sockfile); |
77 | if (rv == 0) | 80 | if (rv == 0) { |
78 | printf("MAYBE: D-Bus socket %s is available\n", sockfile); | 81 | if (strcmp(RUN_DBUS_USER_SOCKET, sockfile) == 0 || |
82 | strcmp(RUN_DBUS_SYSTEM_SOCKET, sockfile) == 0) { | ||
83 | printf("GOOD: D-Bus filtering is active on %s\n", sockfile); | ||
84 | } else { | ||
85 | printf("MAYBE: D-Bus socket %s is available\n", sockfile); | ||
86 | } | ||
87 | } | ||
79 | else if (rv == -1) | 88 | else if (rv == -1) |
80 | printf("GOOD: cannot connect to D-Bus socket %s\n", sockfile); | 89 | printf("GOOD: cannot connect to D-Bus socket %s\n", sockfile); |
90 | found = strdup(sockfile); | ||
91 | if (!found) | ||
92 | errExit("strdup"); | ||
81 | } | 93 | } |
82 | else if ((sockfile = strstr(bus, "tcp:host=")) != NULL) | 94 | else if ((sockfile = strstr(bus, "tcp:host=")) != NULL) |
83 | printf("UGLY: session bus configured for TCP communication.\n"); | 95 | printf("UGLY: %s bus configured for TCP communication.\n", env_var_name); |
84 | else | 96 | else |
85 | printf("GOOD: cannot find a D-Bus socket\n"); | 97 | printf("GOOD: cannot find a %s D-Bus socket\n", env_var_name); |
86 | |||
87 | |||
88 | free(bus); | 98 | free(bus); |
89 | } | 99 | } |
90 | else | 100 | else |
91 | printf("GOOD: DBUS_SESSION_BUS_ADDRESS environment variable not configured."); | 101 | printf("MAYBE: %s environment variable not configured.\n", env_var_name); |
102 | return found; | ||
103 | } | ||
104 | |||
105 | static void test_default_socket(const char *found, const char *format, ...) { | ||
106 | va_list ap; | ||
107 | va_start(ap, format); | ||
108 | char *sockfile; | ||
109 | if (vasprintf(&sockfile, format, ap) == -1) | ||
110 | errExit("vasprintf"); | ||
111 | va_end(ap); | ||
112 | if (found != NULL && strcmp(found, sockfile) == 0) | ||
113 | goto end; | ||
114 | int rv = check_unix(sockfile); | ||
115 | if (rv == 0) | ||
116 | printf("MAYBE: D-Bus socket %s is available\n", sockfile); | ||
117 | end: | ||
118 | free(sockfile); | ||
119 | } | ||
120 | |||
121 | void dbus_test(void) { | ||
122 | char *found_user = test_dbus_env("DBUS_SESSION_BUS_ADDRESS"); | ||
123 | test_default_socket(found_user, "/run/user/%d/bus", (int) getuid()); | ||
124 | test_default_socket(found_user, "/run/user/%d/dbus/user_bus_socket", (int) getuid()); | ||
125 | if (found_user != NULL) | ||
126 | free(found_user); | ||
127 | char *found_system = test_dbus_env("DBUS_SYSTEM_BUS_ADDRESS"); | ||
128 | test_default_socket(found_system, "/run/dbus/system_bus_socket"); | ||
129 | if (found_system != NULL) | ||
130 | free(found_system); | ||
92 | } | 131 | } |
diff --git a/src/firejail/dbus.c b/src/firejail/dbus.c index 0f4f18c57..18576612d 100644 --- a/src/firejail/dbus.c +++ b/src/firejail/dbus.c | |||
@@ -48,7 +48,7 @@ static int dbus_proxy_status_fd = -1; | |||
48 | static char *dbus_user_proxy_socket = NULL; | 48 | static char *dbus_user_proxy_socket = NULL; |
49 | static char *dbus_system_proxy_socket = NULL; | 49 | static char *dbus_system_proxy_socket = NULL; |
50 | 50 | ||
51 | int dbus_check_name(const char *name) { | 51 | static int check_bus_or_interface_name(const char *name, int hyphens_allowed) { |
52 | unsigned long length = strlen(name); | 52 | unsigned long length = strlen(name); |
53 | if (length == 0 || length > DBUS_MAX_NAME_LENGTH) | 53 | if (length == 0 || length > DBUS_MAX_NAME_LENGTH) |
54 | return 0; | 54 | return 0; |
@@ -62,14 +62,48 @@ int dbus_check_name(const char *name) { | |||
62 | if (*p == '.') { | 62 | if (*p == '.') { |
63 | ++segments; | 63 | ++segments; |
64 | in_segment = 0; | 64 | in_segment = 0; |
65 | } else if (!alpha && !digit && *p != '_' && *p != '-') { | 65 | } else if (!alpha && !digit && *p != '_' && (!hyphens_allowed || *p != '-')) { |
66 | return 0; | ||
67 | } | ||
68 | } | ||
69 | else { | ||
70 | if (*p == '*') { | ||
71 | return *(p + 1) == '\0'; | ||
72 | } else if (!alpha && *p != '_' && (!hyphens_allowed || *p != '-')) { | ||
73 | return 0; | ||
74 | } | ||
75 | in_segment = 1; | ||
76 | } | ||
77 | ++p; | ||
78 | } | ||
79 | return in_segment && segments >= 2; | ||
80 | } | ||
81 | |||
82 | static int check_object_path(const char *path) { | ||
83 | unsigned long length = strlen(path); | ||
84 | if (length == 0 || path[0] != '/') | ||
85 | return 0; | ||
86 | // The root path "/" is the only path allowed to have a trailing slash. | ||
87 | if (length == 1) | ||
88 | return 1; | ||
89 | const char *p = path + 1; | ||
90 | int segments = 1; | ||
91 | int in_segment = 0; | ||
92 | while (*p) { | ||
93 | int alpha = (*p >= 'a' && *p <= 'z') || (*p >= 'A' && *p <= 'Z'); | ||
94 | int digit = *p >= '0' && *p <= '9'; | ||
95 | if (in_segment) { | ||
96 | if (*p == '/') { | ||
97 | ++segments; | ||
98 | in_segment = 0; | ||
99 | } else if (!alpha && !digit && *p != '_') { | ||
66 | return 0; | 100 | return 0; |
67 | } | 101 | } |
68 | } | 102 | } |
69 | else { | 103 | else { |
70 | if (*p == '*') { | 104 | if (*p == '*') { |
71 | return *(p + 1) == '\0'; | 105 | return *(p + 1) == '\0'; |
72 | } else if (!alpha && *p != '_' && *p != '-') { | 106 | } else if (!alpha && *p != '_') { |
73 | return 0; | 107 | return 0; |
74 | } | 108 | } |
75 | in_segment = 1; | 109 | in_segment = 1; |
@@ -79,6 +113,38 @@ int dbus_check_name(const char *name) { | |||
79 | return in_segment && segments >= 2; | 113 | return in_segment && segments >= 2; |
80 | } | 114 | } |
81 | 115 | ||
116 | int dbus_check_name(const char *name) { | ||
117 | return check_bus_or_interface_name(name, 1); | ||
118 | } | ||
119 | |||
120 | int dbus_check_call_rule(const char *rule) { | ||
121 | char buf[DBUS_MAX_NAME_LENGTH + 1]; | ||
122 | char *name_end = strchr(rule, '='); | ||
123 | if (name_end == NULL) | ||
124 | return 0; | ||
125 | size_t name_length = (size_t) (name_end - rule); | ||
126 | if (name_length > DBUS_MAX_NAME_LENGTH) | ||
127 | return 0; | ||
128 | strncpy(buf, rule, (size_t) name_length); | ||
129 | buf[name_length] = '\0'; | ||
130 | if (!dbus_check_name(buf)) | ||
131 | return 0; | ||
132 | ++name_end; | ||
133 | char *interface_end = strchr(name_end, '@'); | ||
134 | if (interface_end == NULL) | ||
135 | return check_bus_or_interface_name(name_end, 0); | ||
136 | size_t interface_length = (size_t) (interface_end - name_end); | ||
137 | if (interface_length > DBUS_MAX_NAME_LENGTH) | ||
138 | return 0; | ||
139 | if (interface_length > 0) { | ||
140 | strncpy(buf, name_end, interface_length); | ||
141 | buf[interface_length] = '\0'; | ||
142 | if (!check_bus_or_interface_name(buf, 0)) | ||
143 | return 0; | ||
144 | } | ||
145 | return check_object_path(interface_end + 1); | ||
146 | } | ||
147 | |||
82 | static void dbus_check_bus_profile(char const *prefix, DbusPolicy *policy) { | 148 | static void dbus_check_bus_profile(char const *prefix, DbusPolicy *policy) { |
83 | if (*policy == DBUS_POLICY_FILTER) { | 149 | if (*policy == DBUS_POLICY_FILTER) { |
84 | struct stat s; | 150 | struct stat s; |
@@ -219,6 +285,8 @@ static char *find_user_socket(void) { | |||
219 | void dbus_proxy_start(void) { | 285 | void dbus_proxy_start(void) { |
220 | dbus_create_user_dir(); | 286 | dbus_create_user_dir(); |
221 | 287 | ||
288 | EUID_USER(); | ||
289 | |||
222 | int status_pipe[2]; | 290 | int status_pipe[2]; |
223 | if (pipe(status_pipe) == -1) | 291 | if (pipe(status_pipe) == -1) |
224 | errExit("pipe"); | 292 | errExit("pipe"); |
@@ -233,10 +301,21 @@ void dbus_proxy_start(void) { | |||
233 | errExit("fork"); | 301 | errExit("fork"); |
234 | if (dbus_proxy_pid == 0) { | 302 | if (dbus_proxy_pid == 0) { |
235 | int i; | 303 | int i; |
236 | for (i = 3; i < FIREJAIL_MAX_FD; i++) { | 304 | for (i = STDERR_FILENO + 1; i < FIREJAIL_MAX_FD; i++) { |
237 | if (i != status_pipe[1] && i != args_pipe[0]) | 305 | if (i != status_pipe[1] && i != args_pipe[0]) |
238 | close(i); // close open files | 306 | close(i); // close open files |
239 | } | 307 | } |
308 | if (arg_dbus_log_file != NULL) { | ||
309 | int output_fd = creat(arg_dbus_log_file, 0666); | ||
310 | if (output_fd < 0) | ||
311 | errExit("creat"); | ||
312 | if (output_fd != STDOUT_FILENO) { | ||
313 | if (dup2(output_fd, STDOUT_FILENO) != STDOUT_FILENO) | ||
314 | errExit("dup2"); | ||
315 | close(output_fd); | ||
316 | } | ||
317 | } | ||
318 | close(STDIN_FILENO); | ||
240 | char *args[4] = {XDG_DBUS_PROXY_PATH, NULL, NULL, NULL}; | 319 | char *args[4] = {XDG_DBUS_PROXY_PATH, NULL, NULL, NULL}; |
241 | if (asprintf(&args[1], "--fd=%d", status_pipe[1]) == -1 | 320 | if (asprintf(&args[1], "--fd=%d", status_pipe[1]) == -1 |
242 | || asprintf(&args[2], "--args=%d", args_pipe[0]) == -1) | 321 | || asprintf(&args[2], "--args=%d", args_pipe[0]) == -1) |
@@ -262,6 +341,9 @@ void dbus_proxy_start(void) { | |||
262 | (int) getuid(), (int) getpid()) == -1) | 341 | (int) getuid(), (int) getpid()) == -1) |
263 | errExit("asprintf"); | 342 | errExit("asprintf"); |
264 | write_arg(args_pipe[1], "%s", dbus_user_proxy_socket); | 343 | write_arg(args_pipe[1], "%s", dbus_user_proxy_socket); |
344 | if (arg_dbus_log_user) { | ||
345 | write_arg(args_pipe[1], "--log"); | ||
346 | } | ||
265 | write_arg(args_pipe[1], "--filter"); | 347 | write_arg(args_pipe[1], "--filter"); |
266 | write_profile(args_pipe[1], "dbus-user."); | 348 | write_profile(args_pipe[1], "dbus-user."); |
267 | } | 349 | } |
@@ -278,6 +360,9 @@ void dbus_proxy_start(void) { | |||
278 | (int) getuid(), (int) getpid()) == -1) | 360 | (int) getuid(), (int) getpid()) == -1) |
279 | errExit("asprintf"); | 361 | errExit("asprintf"); |
280 | write_arg(args_pipe[1], "%s", dbus_system_proxy_socket); | 362 | write_arg(args_pipe[1], "%s", dbus_system_proxy_socket); |
363 | if (arg_dbus_log_system) { | ||
364 | write_arg(args_pipe[1], "--log"); | ||
365 | } | ||
281 | write_arg(args_pipe[1], "--filter"); | 366 | write_arg(args_pipe[1], "--filter"); |
282 | write_profile(args_pipe[1], "dbus-system."); | 367 | write_profile(args_pipe[1], "dbus-system."); |
283 | } | 368 | } |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 9b288b1b9..1ef4887ea 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -349,6 +349,9 @@ typedef enum { | |||
349 | } DbusPolicy; | 349 | } DbusPolicy; |
350 | extern DbusPolicy arg_dbus_user; // --dbus-user | 350 | extern DbusPolicy arg_dbus_user; // --dbus-user |
351 | extern DbusPolicy arg_dbus_system; // --dbus-system | 351 | extern DbusPolicy arg_dbus_system; // --dbus-system |
352 | extern int arg_dbus_log_user; | ||
353 | extern int arg_dbus_log_system; | ||
354 | extern const char *arg_dbus_log_file; | ||
352 | 355 | ||
353 | extern int login_shell; | 356 | extern int login_shell; |
354 | extern int parent_to_child_fds[2]; | 357 | extern int parent_to_child_fds[2]; |
@@ -847,6 +850,7 @@ void set_profile_run_file(pid_t pid, const char *fname); | |||
847 | 850 | ||
848 | // dbus.c | 851 | // dbus.c |
849 | int dbus_check_name(const char *name); | 852 | int dbus_check_name(const char *name); |
853 | int dbus_check_call_rule(const char *name); | ||
850 | void dbus_check_profile(void); | 854 | void dbus_check_profile(void); |
851 | void dbus_proxy_start(void); | 855 | void dbus_proxy_start(void); |
852 | void dbus_proxy_stop(void); | 856 | void dbus_proxy_stop(void); |
diff --git a/src/firejail/main.c b/src/firejail/main.c index dc213b988..958374c43 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -148,6 +148,9 @@ int arg_nou2f = 0; // --nou2f | |||
148 | int arg_deterministic_exit_code = 0; // always exit with first child's exit status | 148 | int arg_deterministic_exit_code = 0; // always exit with first child's exit status |
149 | DbusPolicy arg_dbus_user = DBUS_POLICY_ALLOW; // --dbus-user | 149 | DbusPolicy arg_dbus_user = DBUS_POLICY_ALLOW; // --dbus-user |
150 | DbusPolicy arg_dbus_system = DBUS_POLICY_ALLOW; // --dbus-system | 150 | DbusPolicy arg_dbus_system = DBUS_POLICY_ALLOW; // --dbus-system |
151 | const char *arg_dbus_log_file = NULL; | ||
152 | int arg_dbus_log_user = 0; | ||
153 | int arg_dbus_log_system = 0; | ||
151 | int login_shell = 0; | 154 | int login_shell = 0; |
152 | 155 | ||
153 | //********************************************************************************** | 156 | //********************************************************************************** |
@@ -2062,17 +2065,29 @@ int main(int argc, char **argv, char **envp) { | |||
2062 | else if (strncmp("--dbus-user=", argv[i], 12) == 0) { | 2065 | else if (strncmp("--dbus-user=", argv[i], 12) == 0) { |
2063 | if (strcmp("filter", argv[i] + 12) == 0) { | 2066 | if (strcmp("filter", argv[i] + 12) == 0) { |
2064 | if (arg_dbus_user == DBUS_POLICY_BLOCK) { | 2067 | if (arg_dbus_user == DBUS_POLICY_BLOCK) { |
2065 | fprintf(stderr, "Error: Cannot relax --dbus-user policy, it is already set to block\n"); | 2068 | fprintf(stderr, "Warning: Cannot relax --dbus-user policy, it is already set to block\n"); |
2066 | exit(1); | 2069 | } else { |
2070 | arg_dbus_user = DBUS_POLICY_FILTER; | ||
2067 | } | 2071 | } |
2068 | arg_dbus_user = DBUS_POLICY_FILTER; | ||
2069 | } else if (strcmp("none", argv[i] + 12) == 0) { | 2072 | } else if (strcmp("none", argv[i] + 12) == 0) { |
2073 | if (arg_dbus_log_user) { | ||
2074 | fprintf(stderr, "Error: --dbus-user.log requires --dbus-user=filter\n"); | ||
2075 | exit(1); | ||
2076 | } | ||
2070 | arg_dbus_user = DBUS_POLICY_BLOCK; | 2077 | arg_dbus_user = DBUS_POLICY_BLOCK; |
2071 | } else { | 2078 | } else { |
2072 | fprintf(stderr, "Unknown dbus-user policy: %s\n", argv[i] + 12); | 2079 | fprintf(stderr, "Unknown dbus-user policy: %s\n", argv[i] + 12); |
2073 | exit(1); | 2080 | exit(1); |
2074 | } | 2081 | } |
2075 | } | 2082 | } |
2083 | else if (strncmp(argv[i], "--dbus-user.see=", 16) == 0) { | ||
2084 | char *line; | ||
2085 | if (asprintf(&line, "dbus-user.see %s", argv[i] + 16) == -1) | ||
2086 | errExit("asprintf"); | ||
2087 | |||
2088 | profile_check_line(line, 0, NULL); // will exit if something wrong | ||
2089 | profile_add(line); | ||
2090 | } | ||
2076 | else if (strncmp(argv[i], "--dbus-user.talk=", 17) == 0) { | 2091 | else if (strncmp(argv[i], "--dbus-user.talk=", 17) == 0) { |
2077 | char *line; | 2092 | char *line; |
2078 | if (asprintf(&line, "dbus-user.talk %s", argv[i] + 17) == -1) | 2093 | if (asprintf(&line, "dbus-user.talk %s", argv[i] + 17) == -1) |
@@ -2089,20 +2104,48 @@ int main(int argc, char **argv, char **envp) { | |||
2089 | profile_check_line(line, 0, NULL); // will exit if something wrong | 2104 | profile_check_line(line, 0, NULL); // will exit if something wrong |
2090 | profile_add(line); | 2105 | profile_add(line); |
2091 | } | 2106 | } |
2107 | else if (strncmp(argv[i], "--dbus-user.call=", 17) == 0) { | ||
2108 | char *line; | ||
2109 | if (asprintf(&line, "dbus-user.call %s", argv[i] + 17) == -1) | ||
2110 | errExit("asprintf"); | ||
2111 | |||
2112 | profile_check_line(line, 0, NULL); // will exit if something wrong | ||
2113 | profile_add(line); | ||
2114 | } | ||
2115 | else if (strncmp(argv[i], "--dbus-user.broadcast=", 22) == 0) { | ||
2116 | char *line; | ||
2117 | if (asprintf(&line, "dbus-user.broadcast %s", argv[i] + 22) == -1) | ||
2118 | errExit("asprintf"); | ||
2119 | |||
2120 | profile_check_line(line, 0, NULL); // will exit if something wrong | ||
2121 | profile_add(line); | ||
2122 | } | ||
2092 | else if (strncmp("--dbus-system=", argv[i], 14) == 0) { | 2123 | else if (strncmp("--dbus-system=", argv[i], 14) == 0) { |
2093 | if (strcmp("filter", argv[i] + 14) == 0) { | 2124 | if (strcmp("filter", argv[i] + 14) == 0) { |
2094 | if (arg_dbus_system == DBUS_POLICY_BLOCK) { | 2125 | if (arg_dbus_system == DBUS_POLICY_BLOCK) { |
2095 | fprintf(stderr, "Error: Cannot relax --dbus-system policy, it is already set to block\n"); | 2126 | fprintf(stderr, "Warning: Cannot relax --dbus-system policy, it is already set to block\n"); |
2096 | exit(1); | 2127 | } else { |
2128 | arg_dbus_system = DBUS_POLICY_FILTER; | ||
2097 | } | 2129 | } |
2098 | arg_dbus_system = DBUS_POLICY_FILTER; | ||
2099 | } else if (strcmp("none", argv[i] + 14) == 0) { | 2130 | } else if (strcmp("none", argv[i] + 14) == 0) { |
2131 | if (arg_dbus_log_system) { | ||
2132 | fprintf(stderr, "Error: --dbus-system.log requires --dbus-system=filter\n"); | ||
2133 | exit(1); | ||
2134 | } | ||
2100 | arg_dbus_system = DBUS_POLICY_BLOCK; | 2135 | arg_dbus_system = DBUS_POLICY_BLOCK; |
2101 | } else { | 2136 | } else { |
2102 | fprintf(stderr, "Unknown dbus-system policy: %s\n", argv[i] + 14); | 2137 | fprintf(stderr, "Unknown dbus-system policy: %s\n", argv[i] + 14); |
2103 | exit(1); | 2138 | exit(1); |
2104 | } | 2139 | } |
2105 | } | 2140 | } |
2141 | else if (strncmp(argv[i], "--dbus-system.see=", 18) == 0) { | ||
2142 | char *line; | ||
2143 | if (asprintf(&line, "dbus-system.see %s", argv[i] + 18) == -1) | ||
2144 | errExit("asprintf"); | ||
2145 | |||
2146 | profile_check_line(line, 0, NULL); // will exit if something wrong | ||
2147 | profile_add(line); | ||
2148 | } | ||
2106 | else if (strncmp(argv[i], "--dbus-system.talk=", 19) == 0) { | 2149 | else if (strncmp(argv[i], "--dbus-system.talk=", 19) == 0) { |
2107 | char *line; | 2150 | char *line; |
2108 | if (asprintf(&line, "dbus-system.talk %s", argv[i] + 19) == -1) | 2151 | if (asprintf(&line, "dbus-system.talk %s", argv[i] + 19) == -1) |
@@ -2119,6 +2162,43 @@ int main(int argc, char **argv, char **envp) { | |||
2119 | profile_check_line(line, 0, NULL); // will exit if something wrong | 2162 | profile_check_line(line, 0, NULL); // will exit if something wrong |
2120 | profile_add(line); | 2163 | profile_add(line); |
2121 | } | 2164 | } |
2165 | else if (strncmp(argv[i], "--dbus-system.call=", 19) == 0) { | ||
2166 | char *line; | ||
2167 | if (asprintf(&line, "dbus-system.call %s", argv[i] + 19) == -1) | ||
2168 | errExit("asprintf"); | ||
2169 | |||
2170 | profile_check_line(line, 0, NULL); // will exit if something wrong | ||
2171 | profile_add(line); | ||
2172 | } | ||
2173 | else if (strncmp(argv[i], "--dbus-system.broadcast=", 24) == 0) { | ||
2174 | char *line; | ||
2175 | if (asprintf(&line, "dbus-system.broadcast %s", argv[i] + 24) == -1) | ||
2176 | errExit("asprintf"); | ||
2177 | |||
2178 | profile_check_line(line, 0, NULL); // will exit if something wrong | ||
2179 | profile_add(line); | ||
2180 | } | ||
2181 | else if (strncmp(argv[i], "--dbus-log=", 11) == 0) { | ||
2182 | if (arg_dbus_log_file != NULL) { | ||
2183 | fprintf(stderr, "Error: --dbus-log option already specified\n"); | ||
2184 | exit(1); | ||
2185 | } | ||
2186 | arg_dbus_log_file = argv[i] + 11; | ||
2187 | } | ||
2188 | else if (strcmp(argv[i], "--dbus-user.log") == 0) { | ||
2189 | if (arg_dbus_user != DBUS_POLICY_FILTER) { | ||
2190 | fprintf(stderr, "Error: --dbus-user.log requires --dbus-user=filter\n"); | ||
2191 | exit(1); | ||
2192 | } | ||
2193 | arg_dbus_log_user = 1; | ||
2194 | } | ||
2195 | else if (strcmp(argv[i], "--dbus-system.log") == 0) { | ||
2196 | if (arg_dbus_system != DBUS_POLICY_FILTER) { | ||
2197 | fprintf(stderr, "Error: --dbus-system.log requires --dbus-system=filter\n"); | ||
2198 | exit(1); | ||
2199 | } | ||
2200 | arg_dbus_log_system = 1; | ||
2201 | } | ||
2122 | 2202 | ||
2123 | //************************************* | 2203 | //************************************* |
2124 | // network | 2204 | // network |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 0be119903..a87222824 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -441,10 +441,14 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
441 | if (strcmp("filter", ptr) == 0) { | 441 | if (strcmp("filter", ptr) == 0) { |
442 | if (arg_dbus_user == DBUS_POLICY_BLOCK) { | 442 | if (arg_dbus_user == DBUS_POLICY_BLOCK) { |
443 | fprintf(stderr, "Error: Cannot relax dbus-user policy, it is already set to block\n"); | 443 | fprintf(stderr, "Error: Cannot relax dbus-user policy, it is already set to block\n"); |
444 | exit(1); | 444 | } else { |
445 | arg_dbus_user = DBUS_POLICY_FILTER; | ||
445 | } | 446 | } |
446 | arg_dbus_user = DBUS_POLICY_FILTER; | ||
447 | } else if (strcmp("none", ptr) == 0) { | 447 | } else if (strcmp("none", ptr) == 0) { |
448 | if (arg_dbus_log_user) { | ||
449 | fprintf(stderr, "Error: --dbus-user.log requires --dbus-user=filter\n"); | ||
450 | exit(1); | ||
451 | } | ||
448 | arg_dbus_user = DBUS_POLICY_BLOCK; | 452 | arg_dbus_user = DBUS_POLICY_BLOCK; |
449 | } else { | 453 | } else { |
450 | fprintf(stderr, "Unknown dbus-user policy: %s\n", ptr); | 454 | fprintf(stderr, "Unknown dbus-user policy: %s\n", ptr); |
@@ -452,6 +456,13 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
452 | } | 456 | } |
453 | return 0; | 457 | return 0; |
454 | } | 458 | } |
459 | else if (strncmp(ptr, "dbus-user.see ", 14) == 0) { | ||
460 | if (!dbus_check_name(ptr + 14)) { | ||
461 | printf("Invalid dbus-user.see name: %s\n", ptr + 15); | ||
462 | exit(1); | ||
463 | } | ||
464 | return 1; | ||
465 | } | ||
455 | else if (strncmp(ptr, "dbus-user.talk ", 15) == 0) { | 466 | else if (strncmp(ptr, "dbus-user.talk ", 15) == 0) { |
456 | if (!dbus_check_name(ptr + 15)) { | 467 | if (!dbus_check_name(ptr + 15)) { |
457 | printf("Invalid dbus-user.talk name: %s\n", ptr + 15); | 468 | printf("Invalid dbus-user.talk name: %s\n", ptr + 15); |
@@ -466,15 +477,33 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
466 | } | 477 | } |
467 | return 1; | 478 | return 1; |
468 | } | 479 | } |
480 | else if (strncmp(ptr, "dbus-user.call ", 15) == 0) { | ||
481 | if (!dbus_check_call_rule(ptr + 15)) { | ||
482 | fprintf(stderr, "Invalid dbus-user.call rule: %s\n", ptr + 15); | ||
483 | exit(1); | ||
484 | } | ||
485 | return 1; | ||
486 | } | ||
487 | else if (strncmp(ptr, "dbus-user.broadcast ", 20) == 0) { | ||
488 | if (!dbus_check_call_rule(ptr + 20)) { | ||
489 | fprintf(stderr, "Invalid dbus-user.broadcast rule: %s\n", ptr + 20); | ||
490 | exit(1); | ||
491 | } | ||
492 | return 1; | ||
493 | } | ||
469 | else if (strncmp("dbus-system ", ptr, 12) == 0) { | 494 | else if (strncmp("dbus-system ", ptr, 12) == 0) { |
470 | ptr += 12; | 495 | ptr += 12; |
471 | if (strcmp("filter", ptr) == 0) { | 496 | if (strcmp("filter", ptr) == 0) { |
472 | if (arg_dbus_system == DBUS_POLICY_BLOCK) { | 497 | if (arg_dbus_system == DBUS_POLICY_BLOCK) { |
473 | fprintf(stderr, "Error: Cannot relax dbus-system policy, it is already set to block\n"); | 498 | fprintf(stderr, "Error: Cannot relax dbus-system policy, it is already set to block\n"); |
474 | exit(1); | 499 | } else { |
500 | arg_dbus_system = DBUS_POLICY_FILTER; | ||
475 | } | 501 | } |
476 | arg_dbus_system = DBUS_POLICY_FILTER; | ||
477 | } else if (strcmp("none", ptr) == 0) { | 502 | } else if (strcmp("none", ptr) == 0) { |
503 | if (arg_dbus_log_system) { | ||
504 | fprintf(stderr, "Error: --dbus-system.log requires --dbus-system=filter\n"); | ||
505 | exit(1); | ||
506 | } | ||
478 | arg_dbus_system = DBUS_POLICY_BLOCK; | 507 | arg_dbus_system = DBUS_POLICY_BLOCK; |
479 | } else { | 508 | } else { |
480 | fprintf(stderr, "Unknown dbus-system policy: %s\n", ptr); | 509 | fprintf(stderr, "Unknown dbus-system policy: %s\n", ptr); |
@@ -482,6 +511,13 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
482 | } | 511 | } |
483 | return 0; | 512 | return 0; |
484 | } | 513 | } |
514 | else if (strncmp(ptr, "dbus-system.see ", 16) == 0) { | ||
515 | if (!dbus_check_name(ptr + 16)) { | ||
516 | fprintf(stderr, "Invalid dbus-system.see name: %s\n", ptr + 17); | ||
517 | exit(1); | ||
518 | } | ||
519 | return 1; | ||
520 | } | ||
485 | else if (strncmp(ptr, "dbus-system.talk ", 17) == 0) { | 521 | else if (strncmp(ptr, "dbus-system.talk ", 17) == 0) { |
486 | if (!dbus_check_name(ptr + 17)) { | 522 | if (!dbus_check_name(ptr + 17)) { |
487 | fprintf(stderr, "Invalid dbus-system.talk name: %s\n", ptr + 17); | 523 | fprintf(stderr, "Invalid dbus-system.talk name: %s\n", ptr + 17); |
@@ -496,6 +532,20 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
496 | } | 532 | } |
497 | return 1; | 533 | return 1; |
498 | } | 534 | } |
535 | else if (strncmp(ptr, "dbus-system.call ", 17) == 0) { | ||
536 | if (!dbus_check_call_rule(ptr + 17)) { | ||
537 | fprintf(stderr, "Invalid dbus-system.call rule: %s\n", ptr + 17); | ||
538 | exit(1); | ||
539 | } | ||
540 | return 1; | ||
541 | } | ||
542 | else if (strncmp(ptr, "dbus-system.broadcast ", 22) == 0) { | ||
543 | if (!dbus_check_call_rule(ptr + 22)) { | ||
544 | fprintf(stderr, "Invalid dbus-system.broadcast rule: %s\n", ptr + 22); | ||
545 | exit(1); | ||
546 | } | ||
547 | return 1; | ||
548 | } | ||
499 | else if (strcmp(ptr, "nou2f") == 0) { | 549 | else if (strcmp(ptr, "nou2f") == 0) { |
500 | arg_nou2f = 1; | 550 | arg_nou2f = 1; |
501 | return 0; | 551 | return 0; |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 08546fa51..4ab464289 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -53,11 +53,20 @@ static char *usage_str = | |||
53 | #endif | 53 | #endif |
54 | " --cpu=cpu-number,cpu-number - set cpu affinity.\n" | 54 | " --cpu=cpu-number,cpu-number - set cpu affinity.\n" |
55 | " --cpu.print=name|pid - print the cpus in use.\n" | 55 | " --cpu.print=name|pid - print the cpus in use.\n" |
56 | " --dbus-log=file - set DBus log file location.\n" | ||
56 | " --dbus-system=filter|none - set system DBus access policy.\n" | 57 | " --dbus-system=filter|none - set system DBus access policy.\n" |
58 | " --dbus-system.broadcast=rule - allow signals on the system DBus according to rule.\n" | ||
59 | " --dbus-system.call=rule - allow calls on the system DBus according to rule.\n" | ||
60 | " --dbus-system.log - turn on logging for the system DBus." | ||
57 | " --dbus-system.own=name - allow ownership of name on the system DBus.\n" | 61 | " --dbus-system.own=name - allow ownership of name on the system DBus.\n" |
62 | " --dbus-system.see=name - allow seeing name on the system DBus.\n" | ||
58 | " --dbus-system.talk=name - allow talking to name on the system DBus.\n" | 63 | " --dbus-system.talk=name - allow talking to name on the system DBus.\n" |
59 | " --dbus-user=filter|none - set session DBus access policy.\n" | 64 | " --dbus-user=filter|none - set session DBus access policy.\n" |
65 | " --dbus-user.broadcast=rule - allow signals on the session DBus according to rule.\n" | ||
66 | " --dbus-user.call=rule - allow calls on the session DBus according to rule.\n" | ||
67 | " --dbus-user.log - turn on logging for the user DBus." | ||
60 | " --dbus-user.own=name - allow ownership of name on the session DBus.\n" | 68 | " --dbus-user.own=name - allow ownership of name on the session DBus.\n" |
69 | " --dbus-user.see=name - allow seeing name on the session DBus.\n" | ||
61 | " --dbus-user.talk=name - allow talking to name on the session DBus.\n" | 70 | " --dbus-user.talk=name - allow talking to name on the session DBus.\n" |
62 | " --debug - print sandbox debug messages.\n" | 71 | " --debug - print sandbox debug messages.\n" |
63 | " --debug-blacklists - debug blacklisting.\n" | 72 | " --debug-blacklists - debug blacklisting.\n" |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index df2d2a2e8..198f33c00 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -491,6 +491,15 @@ Allow the application to own the name org.gnome.ghex and all names underneath in | |||
491 | \fBdbus-system.talk org.freedesktop.Notifications | 491 | \fBdbus-system.talk org.freedesktop.Notifications |
492 | Allow the application to talk to the name org.freedesktop.Notifications on the system DBus. | 492 | Allow the application to talk to the name org.freedesktop.Notifications on the system DBus. |
493 | .TP | 493 | .TP |
494 | \fBdbus-system.see org.freedesktop.Notifications | ||
495 | Allow the application to see but not talk to the name org.freedesktop.Notifications on the system DBus. | ||
496 | .TP | ||
497 | \fBdbus-system.call org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications | ||
498 | Allow the application to call methods of the interface org.freedesktop.Notifications of the object exposed at the path /org/freedesktop/Notifications by the client owning the bus name org.freedesktop.Notifications on the system DBus. | ||
499 | .TP | ||
500 | \fBdbus-system.broadcast org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications | ||
501 | Allow the application to recieve broadcast signals from the the interface org.freedesktop.Notifications of the object exposed at the path /org/freedesktop/Notifications by the client owning the bus name org.freedesktop.Notifications on the system DBus. | ||
502 | .TP | ||
494 | \fBdbus-user filter | 503 | \fBdbus-user filter |
495 | Enable filtered access to the session DBus. Filters can be specified with the dbus-user.talk and dbus-user.own commands. | 504 | Enable filtered access to the session DBus. Filters can be specified with the dbus-user.talk and dbus-user.own commands. |
496 | .TP | 505 | .TP |
@@ -503,6 +512,15 @@ Allow the application to own the name org.gnome.ghex and all names underneath in | |||
503 | \fBdbus-user.talk org.freedesktop.Notifications | 512 | \fBdbus-user.talk org.freedesktop.Notifications |
504 | Allow the application to talk to the name org.freedesktop.Notifications on the session DBus. | 513 | Allow the application to talk to the name org.freedesktop.Notifications on the session DBus. |
505 | .TP | 514 | .TP |
515 | \fBdbus-user.see org.freedesktop.Notifications | ||
516 | Allow the application to see but not talk to the name org.freedesktop.Notifications on the session DBus. | ||
517 | .TP | ||
518 | \fBdbus-user.call org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications | ||
519 | Allow the application to call methods of the interface org.freedesktop.Notifications of the object exposed at the path /org/freedesktop/Notifications by the client owning the bus name org.freedesktop.Notifications on the session DBus. | ||
520 | .TP | ||
521 | \fBdbus-user.broadcast org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications | ||
522 | Allow the application to recieve broadcast signals from the the interface org.freedesktop.Notifications of the object exposed at the path /org/freedesktop/Notifications by the client owning the bus name org.freedesktop.Notifications on the session DBus. | ||
523 | .TP | ||
506 | \fBnodbus \fR(deprecated) | 524 | \fBnodbus \fR(deprecated) |
507 | Disable D-Bus access (both system and session buses). Equivalent to dbus-system none and dbus-user none. | 525 | Disable D-Bus access (both system and session buses). Equivalent to dbus-system none and dbus-user none. |
508 | .TP | 526 | .TP |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index fae97ceb7..982b40d89 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -326,6 +326,22 @@ $ firejail \-\-list | |||
326 | $ firejail \-\-cpu.print=3272 | 326 | $ firejail \-\-cpu.print=3272 |
327 | 327 | ||
328 | .TP | 328 | .TP |
329 | \fB\-\-dbus-log=file | ||
330 | Specify the location for the DBus log file. | ||
331 | .br | ||
332 | |||
333 | .br | ||
334 | The log file contains events for both the system and session buses if both of | ||
335 | the --dbus-sysem.log and --dbus-user.log options are specified. If no log file | ||
336 | path is given, logs are written to the standard output instead. | ||
337 | .br | ||
338 | |||
339 | .br | ||
340 | Example: | ||
341 | .br | ||
342 | $ firejail --dbus-system=filter --dbus-system.log --dbus-log=dbus.txt | ||
343 | |||
344 | .TP | ||
329 | \fB\-\-dbus-system=filter|none | 345 | \fB\-\-dbus-system=filter|none |
330 | Set system DBus sandboxing policy. | 346 | Set system DBus sandboxing policy. |
331 | .br | 347 | .br |
@@ -353,6 +369,52 @@ Example: | |||
353 | $ firejail \-\-dbus-system=none | 369 | $ firejail \-\-dbus-system=none |
354 | 370 | ||
355 | .TP | 371 | .TP |
372 | \fB\-\-dbus-system.broadcast=name=[member][@path] | ||
373 | Allows the application to receive broadcast signals from theindicated interface | ||
374 | member at the indicated object path exposed by the indicated bus name on the | ||
375 | system DBus. | ||
376 | The name may have a .* suffix to match all names underneath it, including | ||
377 | itself. | ||
378 | The interface member may have a .* to match all members of an interface, or be * to match all interfaces. | ||
379 | The path may have a /* suffix to indicate all objects underneath it, including | ||
380 | itself. | ||
381 | Omitting the interface member or the object path will match all members and | ||
382 | object paths, respectively. | ||
383 | .br | ||
384 | |||
385 | .br | ||
386 | Example: | ||
387 | .br | ||
388 | $ firejail --dbus-system=filter --dbus-system.broadcast=org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications | ||
389 | |||
390 | .TP | ||
391 | \fB\-\-dbus-system.call=name=[member][@path] | ||
392 | Allows the application to call the indicated interface member at the indicated | ||
393 | object path exposed by the indicated bus name on the system DBus. | ||
394 | The name may have a .* suffix to match all names underneath it, including | ||
395 | itself. | ||
396 | The interface member may have a .* to match all members of an interface, or be * to match all interfaces. | ||
397 | The path may have a /* suffix to indicate all objects underneath it, including | ||
398 | itself. | ||
399 | Omitting the interface member or the object path will match all members and | ||
400 | object paths, respectively. | ||
401 | .br | ||
402 | |||
403 | .br | ||
404 | Example: | ||
405 | .br | ||
406 | $ firejail --dbus-system=filter --dbus-system.call=org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications | ||
407 | |||
408 | .TP | ||
409 | \fB\-\-dbus-system.log | ||
410 | Turn on DBus logging for the system DBus. This option requires --dbus-system=log. | ||
411 | |||
412 | .br | ||
413 | Example: | ||
414 | .br | ||
415 | $ firejail --dbus-system=filter --dbus-system.log | ||
416 | |||
417 | .TP | ||
356 | \fB\-\-dbus-system.own=name | 418 | \fB\-\-dbus-system.own=name |
357 | Allows the application to own the specified well-known name on the system DBus. | 419 | Allows the application to own the specified well-known name on the system DBus. |
358 | The name may have a .* suffix to match all names underneath it, including itself | 420 | The name may have a .* suffix to match all names underneath it, including itself |
@@ -366,6 +428,20 @@ Example: | |||
366 | $ firejail --dbus-system=filter --dbus-system.own=org.gnome.ghex.* | 428 | $ firejail --dbus-system=filter --dbus-system.own=org.gnome.ghex.* |
367 | 429 | ||
368 | .TP | 430 | .TP |
431 | \fB\-\-dbus-system.see=name | ||
432 | Allows the application to see, but not talk to the specified well-known name on | ||
433 | the system DBus. | ||
434 | The name may have a .* suffix to match all names underneath it, including itself | ||
435 | (e.g. "foo.bar.*" matches "foo.bar", "foo.bar.baz" and "foo.bar.baz.quux", but | ||
436 | not "foobar"). | ||
437 | .br | ||
438 | |||
439 | .br | ||
440 | Example: | ||
441 | .br | ||
442 | $ firejail --dbus-system=filter --dbus-system.see=org.freedesktop.Notifications | ||
443 | |||
444 | .TP | ||
369 | \fB\-\-dbus-system.talk=name | 445 | \fB\-\-dbus-system.talk=name |
370 | Allows the application to talk to the specified well-known name on the system DBus. | 446 | Allows the application to talk to the specified well-known name on the system DBus. |
371 | The name may have a .* suffix to match all names underneath it, including itself | 447 | The name may have a .* suffix to match all names underneath it, including itself |
@@ -406,6 +482,52 @@ Example: | |||
406 | $ firejail \-\-dbus-user=none | 482 | $ firejail \-\-dbus-user=none |
407 | 483 | ||
408 | .TP | 484 | .TP |
485 | \fB\-\-dbus-user.broadcast=name=[member][@path] | ||
486 | Allows the application to receive broadcast signals from theindicated interface | ||
487 | member at the indicated object path exposed by the indicated bus name on the | ||
488 | session DBus. | ||
489 | The name may have a .* suffix to match all names underneath it, including | ||
490 | itself. | ||
491 | The interface member may have a .* to match all members of an interface, or be * to match all interfaces. | ||
492 | The path may have a /* suffix to indicate all objects underneath it, including | ||
493 | itself. | ||
494 | Omitting the interface member or the object path will match all members and | ||
495 | object paths, respectively. | ||
496 | .br | ||
497 | |||
498 | .br | ||
499 | Example: | ||
500 | .br | ||
501 | $ firejail --dbus-user=filter --dbus-user.broadcast=org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications | ||
502 | |||
503 | .TP | ||
504 | \fB\-\-dbus-user.call=name=[member][@path] | ||
505 | Allows the application to call the indicated interface member at the indicated | ||
506 | object path exposed by the indicated bus name on the session DBus. | ||
507 | The name may have a .* suffix to match all names underneath it, including | ||
508 | itself. | ||
509 | The interface member may have a .* to match all members of an interface, or be * to match all interfaces. | ||
510 | The path may have a /* suffix to indicate all objects underneath it, including | ||
511 | itself. | ||
512 | Omitting the interface member or the object path will match all members and | ||
513 | object paths, respectively. | ||
514 | .br | ||
515 | |||
516 | .br | ||
517 | Example: | ||
518 | .br | ||
519 | $ firejail --dbus-user=filter --dbus-user.call=org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications | ||
520 | |||
521 | .TP | ||
522 | \fB\-\-dbus-user.log | ||
523 | Turn on DBus logging for the session DBus. This option requires --dbus-user=log. | ||
524 | |||
525 | .br | ||
526 | Example: | ||
527 | .br | ||
528 | $ firejail --dbus-user=filter --dbus-user.log | ||
529 | |||
530 | .TP | ||
409 | \fB\-\-dbus-user.own=name | 531 | \fB\-\-dbus-user.own=name |
410 | Allows the application to own the specified well-known name on the session DBus. | 532 | Allows the application to own the specified well-known name on the session DBus. |
411 | The name may have a .* suffix to match all names underneath it, including itself | 533 | The name may have a .* suffix to match all names underneath it, including itself |
@@ -432,6 +554,20 @@ Example: | |||
432 | $ firejail --dbus-user=filter --dbus-user.talk=org.freedesktop.Notifications | 554 | $ firejail --dbus-user=filter --dbus-user.talk=org.freedesktop.Notifications |
433 | 555 | ||
434 | .TP | 556 | .TP |
557 | \fB\-\-dbus-user.see=name | ||
558 | Allows the application to see, but not talk to the specified well-known name on | ||
559 | the session DBus. | ||
560 | The name may have a .* suffix to match all names underneath it, including itself | ||
561 | (e.g. "foo.bar.*" matches "foo.bar", "foo.bar.baz" and "foo.bar.baz.quux", but | ||
562 | not "foobar"). | ||
563 | .br | ||
564 | |||
565 | .br | ||
566 | Example: | ||
567 | .br | ||
568 | $ firejail --dbus-user=filter --dbus-user.see=org.freedesktop.Notifications | ||
569 | |||
570 | .TP | ||
435 | \fB\-\-debug\fR | 571 | \fB\-\-debug\fR |
436 | Print debug messages. | 572 | Print debug messages. |
437 | .br | 573 | .br |