diff options
author | netblue30 <netblue30@yahoo.com> | 2016-12-11 08:10:04 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-12-11 08:10:04 -0500 |
commit | 9a7acfd771e17bd7d2ca935fc17fa50ef579cce3 (patch) | |
tree | 6ed2313c56d6d96b42e9c6cc28b526615ab0a520 | |
parent | Merge pull request #962 from curiosity-seeker/master (diff) | |
download | firejail-9a7acfd771e17bd7d2ca935fc17fa50ef579cce3.tar.gz firejail-9a7acfd771e17bd7d2ca935fc17fa50ef579cce3.tar.zst firejail-9a7acfd771e17bd7d2ca935fc17fa50ef579cce3.zip |
config support for firejail prompt in terminals
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | etc/firejail.config | 3 | ||||
-rw-r--r-- | src/firejail/checkcfg.c | 10 | ||||
-rw-r--r-- | src/firejail/env.c | 14 | ||||
-rw-r--r-- | src/firejail/firejail.h | 1 |
5 files changed, 26 insertions, 3 deletions
@@ -13,6 +13,7 @@ firejail (0.9.45) baseline; urgency=low | |||
13 | * feature: private /opt directory (--private-opt, profile support) | 13 | * feature: private /opt directory (--private-opt, profile support) |
14 | * feature: private /srv directory (--private-srv, profile support) | 14 | * feature: private /srv directory (--private-srv, profile support) |
15 | * feature: spoof machine-id | 15 | * feature: spoof machine-id |
16 | * feature: config support for firejail prompt in terminal | ||
16 | * new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire, | 17 | * new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire, |
17 | * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma, | 18 | * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma, |
18 | * new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator, | 19 | * new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator, |
diff --git a/etc/firejail.config b/etc/firejail.config index 2ea767f37..824e3f503 100644 --- a/etc/firejail.config +++ b/etc/firejail.config | |||
@@ -17,6 +17,9 @@ | |||
17 | # Enable or disable file transfer support, default enabled. | 17 | # Enable or disable file transfer support, default enabled. |
18 | # file-transfer yes | 18 | # file-transfer yes |
19 | 19 | ||
20 | # Enable Firejail green prompt in terminal, default disabled | ||
21 | # firejail-prompt no | ||
22 | |||
20 | # Force use of nonewprivs. This mitigates the possibility of | 23 | # Force use of nonewprivs. This mitigates the possibility of |
21 | # a user abusing firejail's features to trick a privileged (suid | 24 | # a user abusing firejail's features to trick a privileged (suid |
22 | # or file capabilities) process into loading code or configuration | 25 | # or file capabilities) process into loading code or configuration |
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 6565f488a..098e8e967 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -43,6 +43,7 @@ int checkcfg(int val) { | |||
43 | cfg_val[CFG_RESTRICTED_NETWORK] = 0; // disabled by default | 43 | cfg_val[CFG_RESTRICTED_NETWORK] = 0; // disabled by default |
44 | cfg_val[CFG_FORCE_NONEWPRIVS] = 0; // disabled by default | 44 | cfg_val[CFG_FORCE_NONEWPRIVS] = 0; // disabled by default |
45 | cfg_val[CFG_PRIVATE_BIN_NO_LOCAL] = 0; // disabled by default | 45 | cfg_val[CFG_PRIVATE_BIN_NO_LOCAL] = 0; // disabled by default |
46 | cfg_val[CFG_FIREJAIL_PROMPT] = 0; // disabled by default | ||
46 | 47 | ||
47 | // open configuration file | 48 | // open configuration file |
48 | char *fname; | 49 | char *fname; |
@@ -126,6 +127,15 @@ int checkcfg(int val) { | |||
126 | else | 127 | else |
127 | goto errout; | 128 | goto errout; |
128 | } | 129 | } |
130 | // prompt | ||
131 | else if (strncmp(ptr, "firejail-prompt ", 16) == 0) { | ||
132 | if (strcmp(ptr + 16, "yes") == 0) | ||
133 | cfg_val[CFG_FIREJAIL_PROMPT] = 1; | ||
134 | else if (strcmp(ptr + 16, "no") == 0) | ||
135 | cfg_val[CFG_FIREJAIL_PROMPT] = 0; | ||
136 | else | ||
137 | goto errout; | ||
138 | } | ||
129 | // nonewprivs | 139 | // nonewprivs |
130 | else if (strncmp(ptr, "force-nonewprivs ", 17) == 0) { | 140 | else if (strncmp(ptr, "force-nonewprivs ", 17) == 0) { |
131 | if (strcmp(ptr + 17, "yes") == 0) | 141 | if (strcmp(ptr + 17, "yes") == 0) |
diff --git a/src/firejail/env.c b/src/firejail/env.c index a02c67ae1..783f019a6 100644 --- a/src/firejail/env.c +++ b/src/firejail/env.c | |||
@@ -129,13 +129,21 @@ void env_defaults(void) { | |||
129 | errExit("setenv"); | 129 | errExit("setenv"); |
130 | 130 | ||
131 | // set prompt color to green | 131 | // set prompt color to green |
132 | char *prompt = getenv("FIREJAIL_PROMPT"); | 132 | int set_prompt = 0; |
133 | if (prompt && strcmp(prompt, "yes") == 0) { | 133 | if (checkcfg(CFG_FIREJAIL_PROMPT)) |
134 | set_prompt = 1; | ||
135 | else { // check FIREJAIL_PROMPT="yes" environment variable | ||
136 | char *prompt = getenv("FIREJAIL_PROMPT"); | ||
137 | if (prompt && strcmp(prompt, "yes") == 0) | ||
138 | set_prompt = 1; | ||
139 | } | ||
140 | |||
141 | if (set_prompt) { | ||
134 | //export PS1='\[\e[1;32m\][\u@\h \W]\$\[\e[0m\] ' | 142 | //export PS1='\[\e[1;32m\][\u@\h \W]\$\[\e[0m\] ' |
135 | if (setenv("PROMPT_COMMAND", "export PS1=\"\\[\\e[1;32m\\][\\u@\\h \\W]\\$\\[\\e[0m\\] \"", 1) < 0) | 143 | if (setenv("PROMPT_COMMAND", "export PS1=\"\\[\\e[1;32m\\][\\u@\\h \\W]\\$\\[\\e[0m\\] \"", 1) < 0) |
136 | errExit("setenv"); | 144 | errExit("setenv"); |
137 | } | 145 | } |
138 | 146 | ||
139 | // set the window title | 147 | // set the window title |
140 | if (!arg_quiet) | 148 | if (!arg_quiet) |
141 | printf("\033]0;firejail %s\007", cfg.window_title); | 149 | printf("\033]0;firejail %s\007", cfg.window_title); |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 368e0d88d..8fede5a69 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -661,6 +661,7 @@ enum { | |||
661 | CFG_CHROOT_DESKTOP, | 661 | CFG_CHROOT_DESKTOP, |
662 | CFG_PRIVATE_HOME, | 662 | CFG_PRIVATE_HOME, |
663 | CFG_PRIVATE_BIN_NO_LOCAL, | 663 | CFG_PRIVATE_BIN_NO_LOCAL, |
664 | CFG_FIREJAIL_PROMPT, | ||
664 | CFG_MAX // this should always be the last entry | 665 | CFG_MAX // this should always be the last entry |
665 | }; | 666 | }; |
666 | extern char *xephyr_screen; | 667 | extern char *xephyr_screen; |