diff options
author | Aleksey Manevich <manevich.aleksey@gmail.com> | 2016-09-23 16:41:18 +0300 |
---|---|---|
committer | Aleksey Manevich <manevich.aleksey@gmail.com> | 2016-09-23 19:43:56 +0300 |
commit | 7d60b07d1515a2d7f3732f2620689000ed110535 (patch) | |
tree | d9a6beaa2fce334c477259dbd10e6722d7089316 | |
parent | add files to sandbox container (--put) (diff) | |
download | firejail-7d60b07d1515a2d7f3732f2620689000ed110535.tar.gz firejail-7d60b07d1515a2d7f3732f2620689000ed110535.tar.zst firejail-7d60b07d1515a2d7f3732f2620689000ed110535.zip |
join-or-start option
-rw-r--r-- | src/firejail/main.c | 35 | ||||
-rw-r--r-- | src/firejail/profile.c | 24 |
2 files changed, 59 insertions, 0 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 3afecbe62..03ffab788 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -634,6 +634,30 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
634 | exit(0); | 634 | exit(0); |
635 | 635 | ||
636 | } | 636 | } |
637 | else if (strncmp(argv[i], "--join-or-start=", 16) == 0) { | ||
638 | // NOTE: this is first part of option handler, | ||
639 | // sandbox name is set in other part | ||
640 | logargs(argc, argv); | ||
641 | |||
642 | if (arg_shell_none) { | ||
643 | if (argc <= (i+1)) { | ||
644 | fprintf(stderr, "Error: --shell=none set, but no command specified\n"); | ||
645 | exit(1); | ||
646 | } | ||
647 | cfg.original_program_index = i + 1; | ||
648 | } | ||
649 | |||
650 | // try to join by name only | ||
651 | pid_t pid; | ||
652 | if (!name2pid(argv[i] + 16, &pid)) { | ||
653 | if (!cfg.shell && !arg_shell_none) | ||
654 | cfg.shell = guess_shell(); | ||
655 | |||
656 | join(pid, argc, argv, i + 1); | ||
657 | exit(0); | ||
658 | } | ||
659 | // if there no such sandbox continue argument processing | ||
660 | } | ||
637 | #ifdef HAVE_NETWORK | 661 | #ifdef HAVE_NETWORK |
638 | else if (strncmp(argv[i], "--join-network=", 15) == 0) { | 662 | else if (strncmp(argv[i], "--join-network=", 15) == 0) { |
639 | if (checkcfg(CFG_NETWORK)) { | 663 | if (checkcfg(CFG_NETWORK)) { |
@@ -2157,6 +2181,17 @@ int main(int argc, char **argv) { | |||
2157 | else if (strcmp(argv[i], "--x11=block") == 0) { | 2181 | else if (strcmp(argv[i], "--x11=block") == 0) { |
2158 | arg_x11_block = 1; | 2182 | arg_x11_block = 1; |
2159 | } | 2183 | } |
2184 | else if (strncmp(argv[i], "--join-or-start=", 16) == 0) { | ||
2185 | // NOTE: this is second part of option handler, | ||
2186 | // atempt to find and join sandbox is done in other one | ||
2187 | |||
2188 | // set sandbox name and start normally | ||
2189 | cfg.name = argv[i] + 16; | ||
2190 | if (strlen(cfg.name) == 0) { | ||
2191 | fprintf(stderr, "Error: please provide a name for sandbox\n"); | ||
2192 | return 1; | ||
2193 | } | ||
2194 | } | ||
2160 | else if (strcmp(argv[i], "--") == 0) { | 2195 | else if (strcmp(argv[i], "--") == 0) { |
2161 | // double dash - positional params to follow | 2196 | // double dash - positional params to follow |
2162 | arg_doubledash = 1; | 2197 | arg_doubledash = 1; |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 00301037f..73b655379 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -803,6 +803,30 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
803 | return 0; | 803 | return 0; |
804 | } | 804 | } |
805 | 805 | ||
806 | if (strncmp(ptr, "join-or-start ", 14) == 0) { | ||
807 | // try to join by name only | ||
808 | pid_t pid; | ||
809 | if (!name2pid(ptr + 14, &pid)) { | ||
810 | if (!cfg.shell && !arg_shell_none) | ||
811 | cfg.shell = guess_shell(); | ||
812 | |||
813 | // find first non-option arg | ||
814 | int i; | ||
815 | for (i = 1; i < cfg.original_argc && strncmp(cfg.original_argv[i], "--", 2) != 0; i++); | ||
816 | |||
817 | join(pid, cfg.original_argc,cfg.original_argv, i + 1); | ||
818 | exit(0); | ||
819 | } | ||
820 | |||
821 | // set sandbox name and start normally | ||
822 | cfg.name = ptr + 14; | ||
823 | if (strlen(cfg.name) == 0) { | ||
824 | fprintf(stderr, "Error: invalid sandbox name\n"); | ||
825 | exit(1); | ||
826 | } | ||
827 | return 0; | ||
828 | } | ||
829 | |||
806 | // rest of filesystem | 830 | // rest of filesystem |
807 | if (strncmp(ptr, "blacklist ", 10) == 0) | 831 | if (strncmp(ptr, "blacklist ", 10) == 0) |
808 | ptr += 10; | 832 | ptr += 10; |