diff options
author | smitsohu <smitsohu@gmail.com> | 2021-02-25 01:26:53 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2021-02-25 01:26:53 +0100 |
commit | a2e1248e6d7d18ccc0dc5bb60674e05d3eeb3c2b (patch) | |
tree | 4317eb1598a412b38a579bb30c162fb90204ab0e | |
parent | jailtest fix (diff) | |
download | firejail-a2e1248e6d7d18ccc0dc5bb60674e05d3eeb3c2b.tar.gz firejail-a2e1248e6d7d18ccc0dc5bb60674e05d3eeb3c2b.tar.zst firejail-a2e1248e6d7d18ccc0dc5bb60674e05d3eeb3c2b.zip |
cleanup
-rw-r--r-- | src/firejail/no_sandbox.c | 40 |
1 files changed, 13 insertions, 27 deletions
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c index 3120fe527..1e8951afc 100644 --- a/src/firejail/no_sandbox.c +++ b/src/firejail/no_sandbox.c | |||
@@ -167,15 +167,6 @@ void run_no_sandbox(int argc, char **argv) { | |||
167 | if (setresuid(-1, getuid(), getuid()) != 0) | 167 | if (setresuid(-1, getuid(), getuid()) != 0) |
168 | errExit("setresuid"); | 168 | errExit("setresuid"); |
169 | 169 | ||
170 | // process limited subset of options | ||
171 | int i; | ||
172 | for (i = 0; i < argc; i++) { | ||
173 | if (strcmp(argv[i], "--debug") == 0) | ||
174 | arg_debug = 1; | ||
175 | else if (strncmp(argv[i], "--shell=", 8) == 0) | ||
176 | fwarning("shell-related command line options are disregarded - using SHELL environment variable\n"); | ||
177 | } | ||
178 | |||
179 | // use $SHELL to get shell used in sandbox, guess shell otherwise | 170 | // use $SHELL to get shell used in sandbox, guess shell otherwise |
180 | cfg.shell = guess_shell(); | 171 | cfg.shell = guess_shell(); |
181 | if (!cfg.shell) { | 172 | if (!cfg.shell) { |
@@ -185,12 +176,18 @@ void run_no_sandbox(int argc, char **argv) { | |||
185 | else if (arg_debug) | 176 | else if (arg_debug) |
186 | printf("Selecting %s as shell\n", cfg.shell); | 177 | printf("Selecting %s as shell\n", cfg.shell); |
187 | 178 | ||
188 | int prog_index = 0; | 179 | // process limited subset of options |
189 | // find first non option arg: | 180 | // and find first non option arg: |
190 | // - first argument not starting with --, | 181 | // - first argument not starting with --, |
191 | // - whatever follows after -c (example: firejail -c ls) | 182 | // - whatever follows after -c (example: firejail -c ls) |
183 | int prog_index = 0; | ||
184 | int i; | ||
192 | for (i = 1; i < argc; i++) { | 185 | for (i = 1; i < argc; i++) { |
193 | if (strcmp(argv[i], "-c") == 0) { | 186 | if (strcmp(argv[i], "--debug") == 0) |
187 | arg_debug = 1; | ||
188 | else if (strncmp(argv[i], "--shell=", 8) == 0) | ||
189 | fwarning("shell-related command line options are disregarded\n"); | ||
190 | else if (strcmp(argv[i], "-c") == 0) { | ||
194 | prog_index = i + 1; | 191 | prog_index = i + 1; |
195 | if (prog_index == argc) { | 192 | if (prog_index == argc) { |
196 | fprintf(stderr, "Error: option -c requires an argument\n"); | 193 | fprintf(stderr, "Error: option -c requires an argument\n"); |
@@ -199,18 +196,12 @@ void run_no_sandbox(int argc, char **argv) { | |||
199 | break; | 196 | break; |
200 | } | 197 | } |
201 | // check first argument not starting with -- | 198 | // check first argument not starting with -- |
202 | if (strncmp(argv[i],"--",2) != 0) { | 199 | else if (strncmp(argv[i],"--",2) != 0) { |
203 | prog_index = i; | 200 | prog_index = i; |
204 | break; | 201 | break; |
205 | } | 202 | } |
206 | } | 203 | } |
207 | 204 | ||
208 | // if shell is /usr/bin/firejail, replace it with /bin/bash | ||
209 | // if (strcmp(cfg.shell, PATH_FIREJAIL) == 0) { | ||
210 | // cfg.shell = "/bin/bash"; | ||
211 | // prog_index = 0; | ||
212 | // } | ||
213 | |||
214 | if (prog_index == 0) { | 205 | if (prog_index == 0) { |
215 | assert(cfg.command_line == NULL); // runs cfg.shell | 206 | assert(cfg.command_line == NULL); // runs cfg.shell |
216 | cfg.window_title = cfg.shell; | 207 | cfg.window_title = cfg.shell; |
@@ -218,17 +209,12 @@ void run_no_sandbox(int argc, char **argv) { | |||
218 | build_cmdline(&cfg.command_line, &cfg.window_title, argc, argv, prog_index); | 209 | build_cmdline(&cfg.command_line, &cfg.window_title, argc, argv, prog_index); |
219 | } | 210 | } |
220 | 211 | ||
212 | fwarning("an existing sandbox was detected. " | ||
213 | "%s will run without any additional sandboxing features\n", prog_index ? argv[prog_index] : cfg.shell); | ||
214 | |||
221 | cfg.original_argv = argv; | 215 | cfg.original_argv = argv; |
222 | cfg.original_program_index = prog_index; | 216 | cfg.original_program_index = prog_index; |
223 | 217 | ||
224 | char *command; | ||
225 | if (prog_index == 0) | ||
226 | command = cfg.shell; | ||
227 | else | ||
228 | command = argv[prog_index]; | ||
229 | fwarning("an existing sandbox was detected. " | ||
230 | "%s will run without any additional sandboxing features\n", command); | ||
231 | |||
232 | arg_quiet = 1; | 218 | arg_quiet = 1; |
233 | 219 | ||
234 | start_application(1, -1, NULL); | 220 | start_application(1, -1, NULL); |