diff options
author | netblue30 <netblue30@yahoo.com> | 2017-03-14 10:47:00 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-03-14 10:47:00 -0400 |
commit | 4f9bea625e613e35a15d6a0c611e8fd591f8d846 (patch) | |
tree | be5832f1a7278617b854a78a79d787b89fedb7f3 | |
parent | fixed handling of .local profile files when the software is installed ~/.loca... (diff) | |
download | firejail-4f9bea625e613e35a15d6a0c611e8fd591f8d846.tar.gz firejail-4f9bea625e613e35a15d6a0c611e8fd591f8d846.tar.zst firejail-4f9bea625e613e35a15d6a0c611e8fd591f8d846.zip |
added support to enable/disable tmpfs mounting on top of ~/.cache directory
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | etc/firejail.config | 3 | ||||
-rw-r--r-- | src/firejail/checkcfg.c | 11 | ||||
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 3 |
5 files changed, 17 insertions, 2 deletions
@@ -36,6 +36,7 @@ firejail (0.9.45) baseline; urgency=low | |||
36 | * feature: config support to disable access to /mnt and /media (disable-mnt) | 36 | * feature: config support to disable access to /mnt and /media (disable-mnt) |
37 | * feature: allow tmpfs for regular users for files in home directory | 37 | * feature: allow tmpfs for regular users for files in home directory |
38 | * feature: mount a tmpfs on top of ~/.cache directory by default | 38 | * feature: mount a tmpfs on top of ~/.cache directory by default |
39 | * feature: config support to disable tmpfs mounting on ~/.cache (cache-tmpfs) | ||
39 | * new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire, | 40 | * new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire, |
40 | * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma, | 41 | * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma, |
41 | * new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator, | 42 | * new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator, |
diff --git a/etc/firejail.config b/etc/firejail.config index af190cb3c..0887e05b5 100644 --- a/etc/firejail.config +++ b/etc/firejail.config | |||
@@ -6,6 +6,9 @@ | |||
6 | # Enable or disable bind support, default enabled. | 6 | # Enable or disable bind support, default enabled. |
7 | # bind yes | 7 | # bind yes |
8 | 8 | ||
9 | # Enable mounting a tmpfs on top of ~/.cache directory, default enabled. | ||
10 | # cache-tmpfs yes | ||
11 | |||
9 | # Enable or disable chroot support, default enabled. | 12 | # Enable or disable chroot support, default enabled. |
10 | # chroot yes | 13 | # chroot yes |
11 | 14 | ||
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 2aa7e7373..476ecbe10 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -74,8 +74,17 @@ int checkcfg(int val) { | |||
74 | if (!ptr) | 74 | if (!ptr) |
75 | continue; | 75 | continue; |
76 | 76 | ||
77 | // mount tmpfs on top of ~/.cache directory | ||
78 | if (strncmp(ptr, "cache-tmpfs ", 12) == 0) { | ||
79 | if (strcmp(ptr + 12, "yes") == 0) | ||
80 | cfg_val[CFG_CACHE_TMPFS] = 1; | ||
81 | else if (strcmp(ptr + 12, "no") == 0) | ||
82 | cfg_val[CFG_CACHE_TMPFS] = 0; | ||
83 | else | ||
84 | goto errout; | ||
85 | } | ||
77 | // file transfer | 86 | // file transfer |
78 | if (strncmp(ptr, "file-transfer ", 14) == 0) { | 87 | else if (strncmp(ptr, "file-transfer ", 14) == 0) { |
79 | if (strcmp(ptr + 14, "yes") == 0) | 88 | if (strcmp(ptr + 14, "yes") == 0) |
80 | cfg_val[CFG_FILE_TRANSFER] = 1; | 89 | cfg_val[CFG_FILE_TRANSFER] = 1; |
81 | else if (strcmp(ptr + 14, "no") == 0) | 90 | else if (strcmp(ptr + 14, "no") == 0) |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index f4d24ffa5..fa6ba5c6a 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -684,6 +684,7 @@ enum { | |||
684 | CFG_FOLLOW_SYMLINK_AS_USER, | 684 | CFG_FOLLOW_SYMLINK_AS_USER, |
685 | CFG_FOLLOW_SYMLINK_PRIVATE_BIN, | 685 | CFG_FOLLOW_SYMLINK_PRIVATE_BIN, |
686 | CFG_DISABLE_MNT, | 686 | CFG_DISABLE_MNT, |
687 | CFG_CACHE_TMPFS, | ||
687 | CFG_MAX // this should always be the last entry | 688 | CFG_MAX // this should always be the last entry |
688 | }; | 689 | }; |
689 | extern char *xephyr_screen; | 690 | extern char *xephyr_screen; |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index f517316ed..faa641d13 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -773,7 +773,8 @@ int sandbox(void* sandbox_arg) { | |||
773 | //**************************** | 773 | //**************************** |
774 | // deploy a tmpfs on ~/.cache directory | 774 | // deploy a tmpfs on ~/.cache directory |
775 | //**************************** | 775 | //**************************** |
776 | fs_cache(); | 776 | if (checkcfg(CFG_CACHE_TMPFS)) |
777 | fs_cache(); | ||
777 | 778 | ||
778 | 779 | ||
779 | //**************************** | 780 | //**************************** |