diff options
author | Melvin Vermeeren <mail@mel.vin> | 2018-04-01 21:57:32 +0200 |
---|---|---|
committer | Melvin Vermeeren <mail@mel.vin> | 2018-04-01 21:57:32 +0200 |
commit | 617ff40c9334929101c39d0a758fbaefad6a0f78 (patch) | |
tree | e3e22dd6da0f06620d40269a3dbffc9f713ceaec | |
parent | Fix private-lib again (#1852) for evince (diff) | |
download | firejail-617ff40c9334929101c39d0a758fbaefad6a0f78.tar.gz firejail-617ff40c9334929101c39d0a758fbaefad6a0f78.tar.zst firejail-617ff40c9334929101c39d0a758fbaefad6a0f78.zip |
add --noautopulse arg for complex pulse setups
such as remote pulse servers or non-standard socket paths
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/main.c | 3 | ||||
-rw-r--r-- | src/firejail/profile.c | 4 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 2 | ||||
-rw-r--r-- | src/firejail/usage.c | 1 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 4 | ||||
-rw-r--r-- | src/man/firejail.txt | 11 |
8 files changed, 26 insertions, 1 deletions
@@ -1,5 +1,6 @@ | |||
1 | firejail (0.9.53) baseline; urgency=low | 1 | firejail (0.9.53) baseline; urgency=low |
2 | * work in progress | 2 | * work in progress |
3 | * add --noautopulse to disable automatic ~/.config/pulse (for complex setups) | ||
3 | * modif: support for private-bin, private-lib and shell none has been | 4 | * modif: support for private-bin, private-lib and shell none has been |
4 | disabled while running AppImage archives in order to be able to use | 5 | disabled while running AppImage archives in order to be able to use |
5 | our regular profile files with AppImages. | 6 | our regular profile files with AppImages. |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index fdb5745cb..d6c39260b 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -357,6 +357,7 @@ extern int arg_private_lib; // private lib directory | |||
357 | extern int arg_scan; // arp-scan all interfaces | 357 | extern int arg_scan; // arp-scan all interfaces |
358 | extern int arg_whitelist; // whitelist commad | 358 | extern int arg_whitelist; // whitelist commad |
359 | extern int arg_nosound; // disable sound | 359 | extern int arg_nosound; // disable sound |
360 | extern int arg_noautopulse; // disable automatic ~/.config/pulse init | ||
360 | extern int arg_novideo; //disable video devices in /dev | 361 | extern int arg_novideo; //disable video devices in /dev |
361 | extern int arg_no3d; // disable 3d hardware acceleration | 362 | extern int arg_no3d; // disable 3d hardware acceleration |
362 | extern int arg_quiet; // no output for scripting | 363 | extern int arg_quiet; // no output for scripting |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 6dc19abdd..52f6af667 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -94,6 +94,7 @@ int arg_private_lib = 0; // private lib directory | |||
94 | int arg_scan = 0; // arp-scan all interfaces | 94 | int arg_scan = 0; // arp-scan all interfaces |
95 | int arg_whitelist = 0; // whitelist commad | 95 | int arg_whitelist = 0; // whitelist commad |
96 | int arg_nosound = 0; // disable sound | 96 | int arg_nosound = 0; // disable sound |
97 | int arg_noautopulse = 0; // disable automatic ~/.config/pulse init | ||
97 | int arg_novideo = 0; //disable video devices in /dev | 98 | int arg_novideo = 0; //disable video devices in /dev |
98 | int arg_no3d; // disable 3d hardware acceleration | 99 | int arg_no3d; // disable 3d hardware acceleration |
99 | int arg_quiet = 0; // no output for scripting | 100 | int arg_quiet = 0; // no output for scripting |
@@ -1727,6 +1728,8 @@ int main(int argc, char **argv) { | |||
1727 | env_store(argv[i] + 8, RMENV); | 1728 | env_store(argv[i] + 8, RMENV); |
1728 | else if (strcmp(argv[i], "--nosound") == 0) | 1729 | else if (strcmp(argv[i], "--nosound") == 0) |
1729 | arg_nosound = 1; | 1730 | arg_nosound = 1; |
1731 | else if (strcmp(argv[i], "--noautopulse") == 0) | ||
1732 | arg_noautopulse = 1; | ||
1730 | else if (strcmp(argv[i], "--novideo") == 0) | 1733 | else if (strcmp(argv[i], "--novideo") == 0) |
1731 | arg_novideo = 1; | 1734 | arg_novideo = 1; |
1732 | else if (strcmp(argv[i], "--no3d") == 0) | 1735 | else if (strcmp(argv[i], "--no3d") == 0) |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 2cb91964a..3ef9a1856 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -233,6 +233,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
233 | arg_nosound = 1; | 233 | arg_nosound = 1; |
234 | return 0; | 234 | return 0; |
235 | } | 235 | } |
236 | else if (strcmp(ptr, "noautopulse") == 0) { | ||
237 | arg_noautopulse = 1; | ||
238 | return 0; | ||
239 | } | ||
236 | else if (strcmp(ptr, "notv") == 0) { | 240 | else if (strcmp(ptr, "notv") == 0) { |
237 | arg_notv = 1; | 241 | arg_notv = 1; |
238 | return 0; | 242 | return 0; |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 75dbc976d..1e60b6477 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -889,7 +889,7 @@ int sandbox(void* sandbox_arg) { | |||
889 | // disable /dev/snd | 889 | // disable /dev/snd |
890 | fs_dev_disable_sound(); | 890 | fs_dev_disable_sound(); |
891 | } | 891 | } |
892 | else | 892 | else if (!arg_noautopulse) |
893 | pulseaudio_init(); | 893 | pulseaudio_init(); |
894 | 894 | ||
895 | if (arg_no3d) | 895 | if (arg_no3d) |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index d0292f524..cefb63a85 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -143,6 +143,7 @@ void usage(void) { | |||
143 | printf(" --noroot - install a user namespace with only the current user.\n"); | 143 | printf(" --noroot - install a user namespace with only the current user.\n"); |
144 | #endif | 144 | #endif |
145 | printf(" --nosound - disable sound system.\n"); | 145 | printf(" --nosound - disable sound system.\n"); |
146 | printf(" --noautopulse - disable automatic ~/.config/pulse init.\n"); | ||
146 | printf(" --novideo - disable video devices.\n"); | 147 | printf(" --novideo - disable video devices.\n"); |
147 | printf(" --nowhitelist=filename - disable whitelist for file or directory .\n"); | 148 | printf(" --nowhitelist=filename - disable whitelist for file or directory .\n"); |
148 | printf(" --output=logfile - stdout logging and log rotation.\n"); | 149 | printf(" --output=logfile - stdout logging and log rotation.\n"); |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 77bdffb62..4b6e9766f 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -451,6 +451,10 @@ Enable IPC namespace. | |||
451 | \fBnosound | 451 | \fBnosound |
452 | Disable sound system. | 452 | Disable sound system. |
453 | .TP | 453 | .TP |
454 | \fBnoautopulse | ||
455 | Disable automatic ~/.config/pulse init, for complex setups such as remote | ||
456 | pulse servers or non-standard socket paths. | ||
457 | .TP | ||
454 | \fBnotv | 458 | \fBnotv |
455 | Disable DVB (Digital Video Broadcasting) TV devices. | 459 | Disable DVB (Digital Video Broadcasting) TV devices. |
456 | .TP | 460 | .TP |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index f080c8c7b..f481f5c46 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1199,6 +1199,17 @@ Example: | |||
1199 | $ firejail \-\-nosound firefox | 1199 | $ firejail \-\-nosound firefox |
1200 | 1200 | ||
1201 | .TP | 1201 | .TP |
1202 | \fB\-\-noautopulse | ||
1203 | Disable automatic ~/.config/pulse init, for complex setups such as remote | ||
1204 | pulse servers or non-standard socket paths. | ||
1205 | .br | ||
1206 | |||
1207 | .br | ||
1208 | Example: | ||
1209 | .br | ||
1210 | $ firejail \-\-noautopulse firefox | ||
1211 | |||
1212 | .TP | ||
1202 | \fB\-\-notv | 1213 | \fB\-\-notv |
1203 | Disable DVB (Digital Video Broadcasting) TV devices. | 1214 | Disable DVB (Digital Video Broadcasting) TV devices. |
1204 | .br | 1215 | .br |