diff options
author | netblue30 <netblue30@yahoo.com> | 2016-08-22 18:20:35 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-08-22 18:20:35 -0400 |
commit | 8db0f9d8b925887df2c1a0941d53c379492d36b0 (patch) | |
tree | 454c428e617a3647a595c92a2b995254fdf728c8 | |
parent | allow-debuggers (diff) | |
download | firejail-8db0f9d8b925887df2c1a0941d53c379492d36b0.tar.gz firejail-8db0f9d8b925887df2c1a0941d53c379492d36b0.tar.zst firejail-8db0f9d8b925887df2c1a0941d53c379492d36b0.zip |
x11 command in profile files
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | src/firejail/profile.c | 17 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 3 |
3 files changed, 21 insertions, 0 deletions
@@ -29,6 +29,7 @@ firejail (0.9.42~rc2) baseline; urgency=low | |||
29 | * run time support to disable remounting of /proc and /sys | 29 | * run time support to disable remounting of /proc and /sys |
30 | * added quiet-by-default config option in /etc/firejail/firejail.config | 30 | * added quiet-by-default config option in /etc/firejail/firejail.config |
31 | * added netfilter-default config option in /etc/firejail/firejail.config | 31 | * added netfilter-default config option in /etc/firejail/firejail.config |
32 | * added x11 command for profile files | ||
32 | * new profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice | 33 | * new profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice |
33 | * new profiles: pix, audacity, xz, xzdec, gzip, cpio, less | 34 | * new profiles: pix, audacity, xz, xzdec, gzip, cpio, less |
34 | * new profiles: Atom Beta, Atom, jitsi, eom, uudeview | 35 | * new profiles: Atom Beta, Atom, jitsi, eom, uudeview |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 26f434f3b..916e39892 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -613,6 +613,23 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
613 | arg_private = 1; | 613 | arg_private = 1; |
614 | return 0; | 614 | return 0; |
615 | } | 615 | } |
616 | |||
617 | if (strcmp(ptr, "x11") == 0) { | ||
618 | #ifdef HAVE_X11 | ||
619 | if (checkcfg(CFG_X11)) { | ||
620 | char *x11env = getenv("FIREJAIL_X11"); | ||
621 | if (x11env && strcmp(x11env, "yes") == 0) | ||
622 | return 0; | ||
623 | else { | ||
624 | // start x11 | ||
625 | x11_start(cfg.original_argc, cfg.original_argv); | ||
626 | exit(0); | ||
627 | } | ||
628 | } | ||
629 | #endif | ||
630 | return 0; | ||
631 | } | ||
632 | |||
616 | 633 | ||
617 | if (strncmp(ptr, "private-template ", 17) == 0) { | 634 | if (strncmp(ptr, "private-template ", 17) == 0) { |
618 | if (arg_private) { | 635 | if (arg_private) { |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 52802755f..e3217bbff 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -258,6 +258,9 @@ does not result in an increase of privilege. | |||
258 | \fBnoroot | 258 | \fBnoroot |
259 | Use this command to enable an user namespace. The namespace has only one user, the current user. | 259 | Use this command to enable an user namespace. The namespace has only one user, the current user. |
260 | There is no root account (uid 0) defined in the namespace. | 260 | There is no root account (uid 0) defined in the namespace. |
261 | .TP | ||
262 | \fBx11 | ||
263 | Enable X11 sandboxing. | ||
261 | 264 | ||
262 | .SH Resource limits, CPU affinity, Control Groups | 265 | .SH Resource limits, CPU affinity, Control Groups |
263 | These profile entries define the limits on system resources (rlimits) for the processes inside the sandbox. | 266 | These profile entries define the limits on system resources (rlimits) for the processes inside the sandbox. |