diff options
author | thewisenerd <thewisenerd@protonmail.com> | 2016-12-24 07:10:24 +0530 |
---|---|---|
committer | thewisenerd <thewisenerd@protonmail.com> | 2016-12-24 07:16:31 +0530 |
commit | ef75c0c22e35bc1cb5339519871de8e1dc4ed5c7 (patch) | |
tree | 27bd8776bc9d15c48d14160e4802cd470de38a35 | |
parent | firejail: private-* : check, then assign. (diff) | |
download | firejail-ef75c0c22e35bc1cb5339519871de8e1dc4ed5c7.tar.gz firejail-ef75c0c22e35bc1cb5339519871de8e1dc4ed5c7.tar.zst firejail-ef75c0c22e35bc1cb5339519871de8e1dc4ed5c7.zip |
firejail: profile: allow multiple private-* options
-rw-r--r-- | src/firejail/profile.c | 34 |
1 files changed, 29 insertions, 5 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index da3daf95a..fab4f1efa 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -179,7 +179,11 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
179 | if (strncmp(ptr, "private-home ", 13) == 0) { | 179 | if (strncmp(ptr, "private-home ", 13) == 0) { |
180 | #ifdef HAVE_PRIVATE_HOME | 180 | #ifdef HAVE_PRIVATE_HOME |
181 | if (checkcfg(CFG_PRIVATE_HOME)) { | 181 | if (checkcfg(CFG_PRIVATE_HOME)) { |
182 | cfg.home_private_keep = ptr + 13; | 182 | if (cfg.home_private_keep) { |
183 | if ( asprintf(&cfg.home_private_keep, "%s,%s", cfg.home_private_keep, ptr + 13) < 0 ) | ||
184 | errExit("asprintf"); | ||
185 | } else | ||
186 | cfg.home_private_keep = ptr + 13; | ||
183 | arg_private = 1; | 187 | arg_private = 1; |
184 | } | 188 | } |
185 | else | 189 | else |
@@ -748,7 +752,12 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
748 | fprintf(stderr, "Error: --private-etc and --writable-etc are mutually exclusive\n"); | 752 | fprintf(stderr, "Error: --private-etc and --writable-etc are mutually exclusive\n"); |
749 | exit(1); | 753 | exit(1); |
750 | } | 754 | } |
751 | cfg.etc_private_keep = ptr + 12; | 755 | if (cfg.etc_private_keep) { |
756 | if ( asprintf(&cfg.etc_private_keep, "%s,%s", cfg.etc_private_keep, ptr + 12) < 0 ) | ||
757 | errExit("asprintf"); | ||
758 | } else { | ||
759 | cfg.etc_private_keep = ptr + 12; | ||
760 | } | ||
752 | arg_private_etc = 1; | 761 | arg_private_etc = 1; |
753 | 762 | ||
754 | return 0; | 763 | return 0; |
@@ -756,7 +765,12 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
756 | 765 | ||
757 | // private /opt list of files and directories | 766 | // private /opt list of files and directories |
758 | if (strncmp(ptr, "private-opt ", 12) == 0) { | 767 | if (strncmp(ptr, "private-opt ", 12) == 0) { |
759 | cfg.opt_private_keep = ptr + 12; | 768 | if (cfg.opt_private_keep) { |
769 | if ( asprintf(&cfg.opt_private_keep, "%s,%s", cfg.opt_private_keep, ptr + 12) < 0 ) | ||
770 | errExit("asprintf"); | ||
771 | } else { | ||
772 | cfg.opt_private_keep = ptr + 12; | ||
773 | } | ||
760 | arg_private_opt = 1; | 774 | arg_private_opt = 1; |
761 | 775 | ||
762 | return 0; | 776 | return 0; |
@@ -764,7 +778,12 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
764 | 778 | ||
765 | // private /srv list of files and directories | 779 | // private /srv list of files and directories |
766 | if (strncmp(ptr, "private-srv ", 12) == 0) { | 780 | if (strncmp(ptr, "private-srv ", 12) == 0) { |
767 | cfg.srv_private_keep = ptr + 12; | 781 | if (cfg.srv_private_keep) { |
782 | if ( asprintf(&cfg.srv_private_keep, "%s,%s", cfg.srv_private_keep, ptr + 12) < 0 ) | ||
783 | errExit("asprintf"); | ||
784 | } else { | ||
785 | cfg.srv_private_keep = ptr + 12; | ||
786 | } | ||
768 | arg_private_srv = 1; | 787 | arg_private_srv = 1; |
769 | 788 | ||
770 | return 0; | 789 | return 0; |
@@ -772,7 +791,12 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
772 | 791 | ||
773 | // private /bin list of files | 792 | // private /bin list of files |
774 | if (strncmp(ptr, "private-bin ", 12) == 0) { | 793 | if (strncmp(ptr, "private-bin ", 12) == 0) { |
775 | cfg.bin_private_keep = ptr + 12; | 794 | if (cfg.bin_private_keep) { |
795 | if ( asprintf(&cfg.bin_private_keep, "%s,%s", cfg.bin_private_keep, ptr + 12) < 0 ) | ||
796 | errExit("asprintf"); | ||
797 | } else { | ||
798 | cfg.bin_private_keep = ptr + 12; | ||
799 | } | ||
776 | arg_private_bin = 1; | 800 | arg_private_bin = 1; |
777 | return 0; | 801 | return 0; |
778 | } | 802 | } |