diff options
author | netblue30 <netblue30@yahoo.com> | 2016-08-01 09:55:12 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-08-01 09:55:12 -0400 |
commit | 19a9166bd3f8ac58acc5b3cbe04d72d79d82c881 (patch) | |
tree | 1542a476d2b3995b922f3e2834cc6d1be6398c3e | |
parent | Merge pull request #673 from reinerh/master (diff) | |
download | firejail-19a9166bd3f8ac58acc5b3cbe04d72d79d82c881.tar.gz firejail-19a9166bd3f8ac58acc5b3cbe04d72d79d82c881.tar.zst firejail-19a9166bd3f8ac58acc5b3cbe04d72d79d82c881.zip |
added quiet profile command
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | etc/cpio.profile | 2 | ||||
-rw-r--r-- | etc/file.profile | 1 | ||||
-rw-r--r-- | etc/gtar.profile | 2 | ||||
-rw-r--r-- | etc/gzip.profile | 2 | ||||
-rw-r--r-- | etc/less.profile | 2 | ||||
-rw-r--r-- | etc/strings.profile | 2 | ||||
-rw-r--r-- | etc/tar.profile | 1 | ||||
-rw-r--r-- | etc/unrar.profile | 1 | ||||
-rw-r--r-- | etc/unzip.profile | 1 | ||||
-rw-r--r-- | etc/uudeview.profile | 2 | ||||
-rw-r--r-- | etc/xz.profile | 1 | ||||
-rw-r--r-- | etc/xzdec.profile | 2 | ||||
-rw-r--r-- | src/firejail/main.c | 35 | ||||
-rw-r--r-- | src/firejail/profile.c | 14 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 8 |
16 files changed, 38 insertions, 39 deletions
@@ -9,6 +9,7 @@ firejail (0.9.42~rc2) baseline; urgency=low | |||
9 | * Ubuntu snap support | 9 | * Ubuntu snap support |
10 | * include /dev/snd in --private-dev | 10 | * include /dev/snd in --private-dev |
11 | * added mkfile profile command | 11 | * added mkfile profile command |
12 | * added quiet profile command | ||
12 | * recursive mkdir | 13 | * recursive mkdir |
13 | * seccomp filter updated | 14 | * seccomp filter updated |
14 | * compile time and run time support to disable whitelists | 15 | * compile time and run time support to disable whitelists |
diff --git a/etc/cpio.profile b/etc/cpio.profile index b4d232496..5772c7368 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile | |||
@@ -1,7 +1,7 @@ | |||
1 | # cpio profile | 1 | # cpio profile |
2 | # /sbin and /usr/sbin are visible inside the sandbox | 2 | # /sbin and /usr/sbin are visible inside the sandbox |
3 | # /boot is not visible and /var is heavily modified | 3 | # /boot is not visible and /var is heavily modified |
4 | 4 | quiet | |
5 | noblacklist /sbin | 5 | noblacklist /sbin |
6 | noblacklist /usr/sbin | 6 | noblacklist /usr/sbin |
7 | include /etc/firejail/disable-common.inc | 7 | include /etc/firejail/disable-common.inc |
diff --git a/etc/file.profile b/etc/file.profile index 1569b42c7..c2d7b0b0f 100644 --- a/etc/file.profile +++ b/etc/file.profile | |||
@@ -1,4 +1,5 @@ | |||
1 | # file profile | 1 | # file profile |
2 | quiet | ||
2 | ignore noroot | 3 | ignore noroot |
3 | include /etc/firejail/default.profile | 4 | include /etc/firejail/default.profile |
4 | 5 | ||
diff --git a/etc/gtar.profile b/etc/gtar.profile index 5dbc550f6..2f675cd9d 100644 --- a/etc/gtar.profile +++ b/etc/gtar.profile | |||
@@ -1 +1,3 @@ | |||
1 | # gtar profile | ||
2 | quiet | ||
1 | include /etc/firejail/tar.profile | 3 | include /etc/firejail/tar.profile |
diff --git a/etc/gzip.profile b/etc/gzip.profile index cc19e7608..ce4aa3c4b 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile | |||
@@ -1,4 +1,6 @@ | |||
1 | # gzip profile | 1 | # gzip profile |
2 | quiet | ||
3 | ignore noroot | ||
2 | include /etc/firejail/default.profile | 4 | include /etc/firejail/default.profile |
3 | tracelog | 5 | tracelog |
4 | net none | 6 | net none |
diff --git a/etc/less.profile b/etc/less.profile index 0c43111d7..802e4196d 100644 --- a/etc/less.profile +++ b/etc/less.profile | |||
@@ -1,4 +1,6 @@ | |||
1 | # less profile | 1 | # less profile |
2 | quiet | ||
3 | ignore noroot | ||
2 | include /etc/firejail/default.profile | 4 | include /etc/firejail/default.profile |
3 | tracelog | 5 | tracelog |
4 | net none | 6 | net none |
diff --git a/etc/strings.profile b/etc/strings.profile index 881edf4ad..6ebe81d09 100644 --- a/etc/strings.profile +++ b/etc/strings.profile | |||
@@ -1,4 +1,6 @@ | |||
1 | # strings profile | 1 | # strings profile |
2 | quiet | ||
3 | ignore noroot | ||
2 | include /etc/firejail/default.profile | 4 | include /etc/firejail/default.profile |
3 | tracelog | 5 | tracelog |
4 | net none | 6 | net none |
diff --git a/etc/tar.profile b/etc/tar.profile index 769a3cd4e..6daa7396a 100644 --- a/etc/tar.profile +++ b/etc/tar.profile | |||
@@ -1,4 +1,5 @@ | |||
1 | # tar profile | 1 | # tar profile |
2 | quiet | ||
2 | ignore noroot | 3 | ignore noroot |
3 | include /etc/firejail/default.profile | 4 | include /etc/firejail/default.profile |
4 | 5 | ||
diff --git a/etc/unrar.profile b/etc/unrar.profile index 74079e7b9..e941a8f2a 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile | |||
@@ -1,4 +1,5 @@ | |||
1 | # unrar profile | 1 | # unrar profile |
2 | quiet | ||
2 | ignore noroot | 3 | ignore noroot |
3 | include /etc/firejail/default.profile | 4 | include /etc/firejail/default.profile |
4 | 5 | ||
diff --git a/etc/unzip.profile b/etc/unzip.profile index 502839b98..ab69e932e 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile | |||
@@ -1,4 +1,5 @@ | |||
1 | # unzip profile | 1 | # unzip profile |
2 | quiet | ||
2 | ignore noroot | 3 | ignore noroot |
3 | include /etc/firejail/default.profile | 4 | include /etc/firejail/default.profile |
4 | 5 | ||
diff --git a/etc/uudeview.profile b/etc/uudeview.profile index 8218ac959..f6fe0abf1 100644 --- a/etc/uudeview.profile +++ b/etc/uudeview.profile | |||
@@ -1,5 +1,7 @@ | |||
1 | # uudeview profile | 1 | # uudeview profile |
2 | # the default profile will disable root user, enable seccomp filter etc. | 2 | # the default profile will disable root user, enable seccomp filter etc. |
3 | quiet | ||
4 | ignore noroot | ||
3 | include /etc/firejail/default.profile | 5 | include /etc/firejail/default.profile |
4 | 6 | ||
5 | tracelog | 7 | tracelog |
diff --git a/etc/xz.profile b/etc/xz.profile index 709585acd..5b29f7338 100644 --- a/etc/xz.profile +++ b/etc/xz.profile | |||
@@ -1,2 +1,3 @@ | |||
1 | # xz profile | 1 | # xz profile |
2 | quiet | ||
2 | include /etc/firejail/cpio.profile | 3 | include /etc/firejail/cpio.profile |
diff --git a/etc/xzdec.profile b/etc/xzdec.profile index ddf2061bf..3692160e6 100644 --- a/etc/xzdec.profile +++ b/etc/xzdec.profile | |||
@@ -1,4 +1,6 @@ | |||
1 | # xzdec profile | 1 | # xzdec profile |
2 | quiet | ||
3 | ignore noroot | ||
2 | include /etc/firejail/default.profile | 4 | include /etc/firejail/default.profile |
3 | tracelog | 5 | tracelog |
4 | net none | 6 | net none |
diff --git a/src/firejail/main.c b/src/firejail/main.c index de1dcc044..8bb438ba4 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -697,21 +697,6 @@ static void delete_x11_file(pid_t pid) { | |||
697 | 697 | ||
698 | static void detect_quiet(int argc, char **argv) { | 698 | static void detect_quiet(int argc, char **argv) { |
699 | int i; | 699 | int i; |
700 | char *progs[] = { | ||
701 | "cpio", | ||
702 | "file", | ||
703 | "gtar", | ||
704 | "gzip", | ||
705 | "less", | ||
706 | "strings", | ||
707 | "tar", | ||
708 | "unrar", | ||
709 | "unzip", | ||
710 | "uudeview", | ||
711 | "xz", | ||
712 | "xzdec", | ||
713 | NULL | ||
714 | }; | ||
715 | 700 | ||
716 | // detect --quiet | 701 | // detect --quiet |
717 | for (i = 1; i < argc; i++) { | 702 | for (i = 1; i < argc; i++) { |
@@ -726,26 +711,6 @@ static void detect_quiet(int argc, char **argv) { | |||
726 | if (strncmp(argv[i], "--", 2) != 0) | 711 | if (strncmp(argv[i], "--", 2) != 0) |
727 | break; | 712 | break; |
728 | } | 713 | } |
729 | |||
730 | // argv[i] is the program name if --quiet was not already detected | ||
731 | if (arg_quiet || i == argc) | ||
732 | return; | ||
733 | |||
734 | // extract the name of the program without the leading path | ||
735 | char *ptr = strrchr(argv[i], '/'); | ||
736 | char *name = (ptr)? (ptr + 1): argv[i]; | ||
737 | if (*name == '\0') | ||
738 | return; | ||
739 | |||
740 | // look for the program in the list | ||
741 | int j = 0; | ||
742 | while (progs[j] != NULL) { | ||
743 | if (strcmp(name, progs[j]) == 0) { | ||
744 | arg_quiet = 1; | ||
745 | return; | ||
746 | } | ||
747 | j++; | ||
748 | } | ||
749 | } | 714 | } |
750 | 715 | ||
751 | //******************************************* | 716 | //******************************************* |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 46ef0921d..8c2970639 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -817,8 +817,7 @@ void profile_read(const char *fname) { | |||
817 | exit(1); | 817 | exit(1); |
818 | } | 818 | } |
819 | 819 | ||
820 | if (!arg_quiet) | 820 | int msg_printed = 0; |
821 | fprintf(stderr, "Reading profile %s\n", fname); | ||
822 | 821 | ||
823 | // read the file line by line | 822 | // read the file line by line |
824 | char buf[MAX_READ + 1]; | 823 | char buf[MAX_READ + 1]; |
@@ -836,6 +835,17 @@ void profile_read(const char *fname) { | |||
836 | continue; | 835 | continue; |
837 | } | 836 | } |
838 | 837 | ||
838 | // process quiet | ||
839 | if (strcmp(ptr, "quiet") == 0) { | ||
840 | arg_quiet = 1; | ||
841 | continue; | ||
842 | } | ||
843 | if (!msg_printed) { | ||
844 | if (!arg_quiet) | ||
845 | fprintf(stderr, "Reading profile %s\n", fname); | ||
846 | msg_printed = 1; | ||
847 | } | ||
848 | |||
839 | // process include | 849 | // process include |
840 | if (strncmp(ptr, "include ", 8) == 0) { | 850 | if (strncmp(ptr, "include ", 8) == 0) { |
841 | include_level++; | 851 | include_level++; |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 7e33a6b45..b6908dd00 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -93,11 +93,17 @@ If the file name matches file_name, the file will not be blacklisted in any blac | |||
93 | Example: "noblacklist ${HOME}/.mozilla" | 93 | Example: "noblacklist ${HOME}/.mozilla" |
94 | 94 | ||
95 | .TP | 95 | .TP |
96 | \fBignore command | 96 | \fBignore |
97 | Ignore command. | 97 | Ignore command. |
98 | 98 | ||
99 | Example: "ignore seccomp" | 99 | Example: "ignore seccomp" |
100 | 100 | ||
101 | .TP | ||
102 | \fBquiet | ||
103 | Disable Firejail's output. This should be the first uncommented command in the profile file. | ||
104 | |||
105 | Example: "quiet" | ||
106 | |||
101 | .SH Filesystem | 107 | .SH Filesystem |
102 | These profile entries define a chroot filesystem built on top of the existing | 108 | These profile entries define a chroot filesystem built on top of the existing |
103 | host filesystem. Each line describes a file element that is removed from | 109 | host filesystem. Each line describes a file element that is removed from |