diff options
author | netblue30 <netblue30@protonmail.com> | 2021-02-25 06:57:57 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-02-25 06:57:57 -0500 |
commit | 85c9b7704be737f033263e5b72a642b79c5ffa44 (patch) | |
tree | 033316d85f74d45f40b13ec7906127fd9faf10bc | |
parent | Fixup 0e31d020, torbrowser-launcher missing path (diff) | |
parent | fix firecfg links in restrictive sandboxes (diff) | |
download | firejail-85c9b7704be737f033263e5b72a642b79c5ffa44.tar.gz firejail-85c9b7704be737f033263e5b72a642b79c5ffa44.tar.zst firejail-85c9b7704be737f033263e5b72a642b79c5ffa44.zip |
Merge pull request #4007 from smitsohu/privatelib5
fix firecfg links in restrictive sandboxes
-rw-r--r-- | src/firejail/no_sandbox.c | 58 |
1 files changed, 23 insertions, 35 deletions
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c index 3120fe527..60a82821e 100644 --- a/src/firejail/no_sandbox.c +++ b/src/firejail/no_sandbox.c | |||
@@ -168,29 +168,17 @@ void run_no_sandbox(int argc, char **argv) { | |||
168 | errExit("setresuid"); | 168 | errExit("setresuid"); |
169 | 169 | ||
170 | // process limited subset of options | 170 | // process limited subset of options |
171 | // and find first non option arg: | ||
172 | // - first argument not starting with --, | ||
173 | // - whatever follows after -c (example: firejail -c ls) | ||
174 | int prog_index = 0; | ||
171 | int i; | 175 | int i; |
172 | for (i = 0; i < argc; i++) { | 176 | for (i = 1; i < argc; i++) { |
173 | if (strcmp(argv[i], "--debug") == 0) | 177 | if (strcmp(argv[i], "--debug") == 0) |
174 | arg_debug = 1; | 178 | arg_debug = 1; |
175 | else if (strncmp(argv[i], "--shell=", 8) == 0) | 179 | else if (strncmp(argv[i], "--shell=", 8) == 0) |
176 | fwarning("shell-related command line options are disregarded - using SHELL environment variable\n"); | 180 | fwarning("shell-related command line options are disregarded\n"); |
177 | } | 181 | else if (strcmp(argv[i], "-c") == 0) { |
178 | |||
179 | // use $SHELL to get shell used in sandbox, guess shell otherwise | ||
180 | cfg.shell = guess_shell(); | ||
181 | if (!cfg.shell) { | ||
182 | fprintf(stderr, "Error: unable to guess your shell, please set SHELL environment variable\n"); | ||
183 | exit(1); | ||
184 | } | ||
185 | else if (arg_debug) | ||
186 | printf("Selecting %s as shell\n", cfg.shell); | ||
187 | |||
188 | int prog_index = 0; | ||
189 | // find first non option arg: | ||
190 | // - first argument not starting with --, | ||
191 | // - whatever follows after -c (example: firejail -c ls) | ||
192 | for (i = 1; i < argc; i++) { | ||
193 | if (strcmp(argv[i], "-c") == 0) { | ||
194 | prog_index = i + 1; | 182 | prog_index = i + 1; |
195 | if (prog_index == argc) { | 183 | if (prog_index == argc) { |
196 | fprintf(stderr, "Error: option -c requires an argument\n"); | 184 | fprintf(stderr, "Error: option -c requires an argument\n"); |
@@ -199,36 +187,36 @@ void run_no_sandbox(int argc, char **argv) { | |||
199 | break; | 187 | break; |
200 | } | 188 | } |
201 | // check first argument not starting with -- | 189 | // check first argument not starting with -- |
202 | if (strncmp(argv[i],"--",2) != 0) { | 190 | else if (strncmp(argv[i],"--",2) != 0) { |
203 | prog_index = i; | 191 | prog_index = i; |
204 | break; | 192 | break; |
205 | } | 193 | } |
206 | } | 194 | } |
207 | 195 | ||
208 | // if shell is /usr/bin/firejail, replace it with /bin/bash | ||
209 | // if (strcmp(cfg.shell, PATH_FIREJAIL) == 0) { | ||
210 | // cfg.shell = "/bin/bash"; | ||
211 | // prog_index = 0; | ||
212 | // } | ||
213 | |||
214 | if (prog_index == 0) { | 196 | if (prog_index == 0) { |
215 | assert(cfg.command_line == NULL); // runs cfg.shell | 197 | // got no command, require a shell and try to execute it |
198 | cfg.shell = guess_shell(); | ||
199 | if (!cfg.shell) { | ||
200 | fprintf(stderr, "Error: unable to guess your shell, please set SHELL environment variable\n"); | ||
201 | exit(1); | ||
202 | } | ||
203 | |||
204 | assert(cfg.command_line == NULL); | ||
216 | cfg.window_title = cfg.shell; | 205 | cfg.window_title = cfg.shell; |
217 | } else { | 206 | } else { |
207 | // this sandbox might not allow execution of a shell | ||
208 | // force --shell=none in order to not break firecfg symbolic links | ||
209 | arg_shell_none = 1; | ||
210 | |||
218 | build_cmdline(&cfg.command_line, &cfg.window_title, argc, argv, prog_index); | 211 | build_cmdline(&cfg.command_line, &cfg.window_title, argc, argv, prog_index); |
219 | } | 212 | } |
220 | 213 | ||
214 | fwarning("an existing sandbox was detected. " | ||
215 | "%s will run without any additional sandboxing features\n", prog_index ? argv[prog_index] : cfg.shell); | ||
216 | |||
221 | cfg.original_argv = argv; | 217 | cfg.original_argv = argv; |
222 | cfg.original_program_index = prog_index; | 218 | cfg.original_program_index = prog_index; |
223 | 219 | ||
224 | char *command; | ||
225 | if (prog_index == 0) | ||
226 | command = cfg.shell; | ||
227 | else | ||
228 | command = argv[prog_index]; | ||
229 | fwarning("an existing sandbox was detected. " | ||
230 | "%s will run without any additional sandboxing features\n", command); | ||
231 | |||
232 | arg_quiet = 1; | 220 | arg_quiet = 1; |
233 | 221 | ||
234 | start_application(1, -1, NULL); | 222 | start_application(1, -1, NULL); |