diff options
author | Kristóf Marussy <kristof@marussy.com> | 2020-05-09 01:55:11 +0200 |
---|---|---|
committer | Kristóf Marussy <kristof@marussy.com> | 2020-05-09 01:56:10 +0200 |
commit | 9a430b94d8e2b5ec4b8027a62072bc9d02136128 (patch) | |
tree | ee1b426c48ccd7e88a95fb75d37ce7ee038c1f05 | |
parent | Documentation for new DBus options (diff) | |
download | firejail-9a430b94d8e2b5ec4b8027a62072bc9d02136128.tar.gz firejail-9a430b94d8e2b5ec4b8027a62072bc9d02136128.tar.zst firejail-9a430b94d8e2b5ec4b8027a62072bc9d02136128.zip |
Turn attempted DBus policy downgrade into warning (fixes #3408)
-rw-r--r-- | src/firejail/main.c | 12 | ||||
-rw-r--r-- | src/firejail/profile.c | 8 |
2 files changed, 10 insertions, 10 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index e458d16f4..958374c43 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -2065,10 +2065,10 @@ int main(int argc, char **argv, char **envp) { | |||
2065 | else if (strncmp("--dbus-user=", argv[i], 12) == 0) { | 2065 | else if (strncmp("--dbus-user=", argv[i], 12) == 0) { |
2066 | if (strcmp("filter", argv[i] + 12) == 0) { | 2066 | if (strcmp("filter", argv[i] + 12) == 0) { |
2067 | if (arg_dbus_user == DBUS_POLICY_BLOCK) { | 2067 | if (arg_dbus_user == DBUS_POLICY_BLOCK) { |
2068 | fprintf(stderr, "Error: Cannot relax --dbus-user policy, it is already set to block\n"); | 2068 | fprintf(stderr, "Warning: Cannot relax --dbus-user policy, it is already set to block\n"); |
2069 | exit(1); | 2069 | } else { |
2070 | arg_dbus_user = DBUS_POLICY_FILTER; | ||
2070 | } | 2071 | } |
2071 | arg_dbus_user = DBUS_POLICY_FILTER; | ||
2072 | } else if (strcmp("none", argv[i] + 12) == 0) { | 2072 | } else if (strcmp("none", argv[i] + 12) == 0) { |
2073 | if (arg_dbus_log_user) { | 2073 | if (arg_dbus_log_user) { |
2074 | fprintf(stderr, "Error: --dbus-user.log requires --dbus-user=filter\n"); | 2074 | fprintf(stderr, "Error: --dbus-user.log requires --dbus-user=filter\n"); |
@@ -2123,10 +2123,10 @@ int main(int argc, char **argv, char **envp) { | |||
2123 | else if (strncmp("--dbus-system=", argv[i], 14) == 0) { | 2123 | else if (strncmp("--dbus-system=", argv[i], 14) == 0) { |
2124 | if (strcmp("filter", argv[i] + 14) == 0) { | 2124 | if (strcmp("filter", argv[i] + 14) == 0) { |
2125 | if (arg_dbus_system == DBUS_POLICY_BLOCK) { | 2125 | if (arg_dbus_system == DBUS_POLICY_BLOCK) { |
2126 | fprintf(stderr, "Error: Cannot relax --dbus-system policy, it is already set to block\n"); | 2126 | fprintf(stderr, "Warning: Cannot relax --dbus-system policy, it is already set to block\n"); |
2127 | exit(1); | 2127 | } else { |
2128 | arg_dbus_system = DBUS_POLICY_FILTER; | ||
2128 | } | 2129 | } |
2129 | arg_dbus_system = DBUS_POLICY_FILTER; | ||
2130 | } else if (strcmp("none", argv[i] + 14) == 0) { | 2130 | } else if (strcmp("none", argv[i] + 14) == 0) { |
2131 | if (arg_dbus_log_system) { | 2131 | if (arg_dbus_log_system) { |
2132 | fprintf(stderr, "Error: --dbus-system.log requires --dbus-system=filter\n"); | 2132 | fprintf(stderr, "Error: --dbus-system.log requires --dbus-system=filter\n"); |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 749006487..a87222824 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -441,9 +441,9 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
441 | if (strcmp("filter", ptr) == 0) { | 441 | if (strcmp("filter", ptr) == 0) { |
442 | if (arg_dbus_user == DBUS_POLICY_BLOCK) { | 442 | if (arg_dbus_user == DBUS_POLICY_BLOCK) { |
443 | fprintf(stderr, "Error: Cannot relax dbus-user policy, it is already set to block\n"); | 443 | fprintf(stderr, "Error: Cannot relax dbus-user policy, it is already set to block\n"); |
444 | exit(1); | 444 | } else { |
445 | arg_dbus_user = DBUS_POLICY_FILTER; | ||
445 | } | 446 | } |
446 | arg_dbus_user = DBUS_POLICY_FILTER; | ||
447 | } else if (strcmp("none", ptr) == 0) { | 447 | } else if (strcmp("none", ptr) == 0) { |
448 | if (arg_dbus_log_user) { | 448 | if (arg_dbus_log_user) { |
449 | fprintf(stderr, "Error: --dbus-user.log requires --dbus-user=filter\n"); | 449 | fprintf(stderr, "Error: --dbus-user.log requires --dbus-user=filter\n"); |
@@ -496,9 +496,9 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
496 | if (strcmp("filter", ptr) == 0) { | 496 | if (strcmp("filter", ptr) == 0) { |
497 | if (arg_dbus_system == DBUS_POLICY_BLOCK) { | 497 | if (arg_dbus_system == DBUS_POLICY_BLOCK) { |
498 | fprintf(stderr, "Error: Cannot relax dbus-system policy, it is already set to block\n"); | 498 | fprintf(stderr, "Error: Cannot relax dbus-system policy, it is already set to block\n"); |
499 | exit(1); | 499 | } else { |
500 | arg_dbus_system = DBUS_POLICY_FILTER; | ||
500 | } | 501 | } |
501 | arg_dbus_system = DBUS_POLICY_FILTER; | ||
502 | } else if (strcmp("none", ptr) == 0) { | 502 | } else if (strcmp("none", ptr) == 0) { |
503 | if (arg_dbus_log_system) { | 503 | if (arg_dbus_log_system) { |
504 | fprintf(stderr, "Error: --dbus-system.log requires --dbus-system=filter\n"); | 504 | fprintf(stderr, "Error: --dbus-system.log requires --dbus-system=filter\n"); |