added quiet profile command

author: netblue30 <netblue30@yahoo.com> 2016-08-01 09:55:12 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-08-01 09:55:12 -0400
commit: 19a9166bd3f8ac58acc5b3cbe04d72d79d82c881 (patch)
tree: 1542a476d2b3995b922f3e2834cc6d1be6398c3e
parent: Merge pull request #673 from reinerh/master (diff)
download: firejail-19a9166bd3f8ac58acc5b3cbe04d72d79d82c881.tar.gz
firejail-19a9166bd3f8ac58acc5b3cbe04d72d79d82c881.tar.zst
firejail-19a9166bd3f8ac58acc5b3cbe04d72d79d82c881.zip
16 files changed, 38 insertions, 39 deletions
diff --git a/RELNOTES b/RELNOTES
index a4fc92671..3bdd21caa 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -9,6 +9,7 @@ firejail (0.9.42~rc2) baseline; urgency=low
  * Ubuntu snap support
  * include /dev/snd in --private-dev
  * added mkfile profile command
+  * added quiet profile command
  * recursive mkdir
  * seccomp filter updated
  * compile time and run time support to disable whitelists
diff --git a/etc/cpio.profile b/etc/cpio.profile
index b4d232496..5772c7368 100644
--- a/etc/cpio.profile
+++ b/etc/cpio.profile
@@ -1,7 +1,7 @@
 # cpio profile
 # /sbin and /usr/sbin are visible inside the sandbox
 # /boot is not visible and /var is heavily modified 
+quiet
 noblacklist /sbin
 noblacklist /usr/sbin
 include /etc/firejail/disable-common.inc
diff --git a/etc/file.profile b/etc/file.profile
index 1569b42c7..c2d7b0b0f 100644
--- a/etc/file.profile
+++ b/etc/file.profile
@@ -1,4 +1,5 @@
 # file profile
+quiet
 ignore noroot
 include /etc/firejail/default.profile
diff --git a/etc/gtar.profile b/etc/gtar.profile
index 5dbc550f6..2f675cd9d 100644
--- a/etc/gtar.profile
+++ b/etc/gtar.profile
@@ -1 +1,3 @@
+# gtar profile
+quiet
 include /etc/firejail/tar.profile
diff --git a/etc/gzip.profile b/etc/gzip.profile
index cc19e7608..ce4aa3c4b 100644
--- a/etc/gzip.profile
+++ b/etc/gzip.profile
@@ -1,4 +1,6 @@
 # gzip profile
+quiet
+ignore noroot
 include /etc/firejail/default.profile
 tracelog
 net none
diff --git a/etc/less.profile b/etc/less.profile
index 0c43111d7..802e4196d 100644
--- a/etc/less.profile
+++ b/etc/less.profile
@@ -1,4 +1,6 @@
 # less profile
+quiet
+ignore noroot
 include /etc/firejail/default.profile
 tracelog
 net none
diff --git a/etc/strings.profile b/etc/strings.profile
index 881edf4ad..6ebe81d09 100644
--- a/etc/strings.profile
+++ b/etc/strings.profile
@@ -1,4 +1,6 @@
 # strings profile
+quiet
+ignore noroot
 include /etc/firejail/default.profile
 tracelog
 net none
diff --git a/etc/tar.profile b/etc/tar.profile
index 769a3cd4e..6daa7396a 100644
--- a/etc/tar.profile
+++ b/etc/tar.profile
@@ -1,4 +1,5 @@
 # tar profile
+quiet
 ignore noroot
 include /etc/firejail/default.profile
diff --git a/etc/unrar.profile b/etc/unrar.profile
index 74079e7b9..e941a8f2a 100644
--- a/etc/unrar.profile
+++ b/etc/unrar.profile
@@ -1,4 +1,5 @@
 # unrar profile
+quiet
 ignore noroot
 include /etc/firejail/default.profile
diff --git a/etc/unzip.profile b/etc/unzip.profile
index 502839b98..ab69e932e 100644
--- a/etc/unzip.profile
+++ b/etc/unzip.profile
@@ -1,4 +1,5 @@
 # unzip profile
+quiet
 ignore noroot
 include /etc/firejail/default.profile
diff --git a/etc/uudeview.profile b/etc/uudeview.profile
index 8218ac959..f6fe0abf1 100644
--- a/etc/uudeview.profile
+++ b/etc/uudeview.profile
@@ -1,5 +1,7 @@
 # uudeview profile
 # the default profile will disable root user, enable seccomp filter etc.
+quiet
+ignore noroot
 include /etc/firejail/default.profile
 tracelog
diff --git a/etc/xz.profile b/etc/xz.profile
index 709585acd..5b29f7338 100644
--- a/etc/xz.profile
+++ b/etc/xz.profile
@@ -1,2 +1,3 @@
 # xz profile
+quiet
 include /etc/firejail/cpio.profile
diff --git a/etc/xzdec.profile b/etc/xzdec.profile
index ddf2061bf..3692160e6 100644
--- a/etc/xzdec.profile
+++ b/etc/xzdec.profile
@@ -1,4 +1,6 @@
 # xzdec profile
+quiet
+ignore noroot
 include /etc/firejail/default.profile
 tracelog
 net none
diff --git a/src/firejail/main.c b/src/firejail/main.c
index de1dcc044..8bb438ba4 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -697,21 +697,6 @@ static void delete_x11_file(pid_t pid) {
 static void detect_quiet(int argc, char **argv) {
        int i;
-        char *progs[] = {
-                "cpio",
-                "file",
-                "gtar",
-                "gzip",
-                "less",
-                "strings",
-                "tar",
-                "unrar",
-                "unzip",
-                "uudeview",
-                "xz",
-                "xzdec",
-                NULL
-        };
        
        // detect --quiet
        for (i = 1; i < argc; i++) {
@@ -726,26 +711,6 @@ static void detect_quiet(int argc, char **argv) {
                if (strncmp(argv[i], "--", 2) != 0)
                        break;
        }
-        // argv[i] is the program name if --quiet was not already detected
-        if (arg_quiet || i == argc)
-                return;
-        // extract the name of the program without the leading path
-        char *ptr = strrchr(argv[i], '/');
-        char *name = (ptr)? (ptr + 1): argv[i];
-        if (*name == '\0')
-                return;
-        // look for the program in the list     
-        int j = 0;
-        while (progs[j] != NULL) {
-                if (strcmp(name, progs[j]) == 0) {
-                        arg_quiet = 1;
-                        return;
-                }
-                j++;
-        }
 }
 //*******************************************
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 46ef0921d..8c2970639 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -817,8 +817,7 @@ void profile_read(const char *fname) {
                exit(1);
        }
-        if (!arg_quiet)
+        int msg_printed = 0;
-                fprintf(stderr, "Reading profile %s\n", fname);
        // read the file line by line
        char buf[MAX_READ + 1];
@@ -836,6 +835,17 @@ void profile_read(const char *fname) {
                        continue;
                }
                
+                // process quiet
+                if (strcmp(ptr, "quiet") == 0) {
+                        arg_quiet = 1;
+                        continue;
+                }
+                if (!msg_printed) {
+                        if (!arg_quiet)
+                                fprintf(stderr, "Reading profile %s\n", fname);
+                        msg_printed = 1;
+                }
                // process include
                if (strncmp(ptr, "include ", 8) == 0) {
                        include_level++;
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 7e33a6b45..b6908dd00 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -93,11 +93,17 @@ If the file name matches file_name, the file will not be blacklisted in any blac
 Example: "noblacklist ${HOME}/.mozilla"
 .TP
-\fBignore command
+\fBignore
 Ignore command.
 Example: "ignore seccomp"
+.TP
+\fBquiet
+Disable Firejail's output. This should be the first uncommented command in the profile file.
+Example: "quiet"
 .SH Filesystem
 These profile entries define a chroot filesystem built on top of the existing
 host filesystem. Each line describes a file element that is removed from
author	netblue30 <netblue30@yahoo.com>	2016-08-01 09:55:12 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-08-01 09:55:12 -0400
commit	19a9166bd3f8ac58acc5b3cbe04d72d79d82c881 (patch)
tree	1542a476d2b3995b922f3e2834cc6d1be6398c3e
parent	Merge pull request #673 from reinerh/master (diff)
download	firejail-19a9166bd3f8ac58acc5b3cbe04d72d79d82c881.tar.gz firejail-19a9166bd3f8ac58acc5b3cbe04d72d79d82c881.tar.zst firejail-19a9166bd3f8ac58acc5b3cbe04d72d79d82c881.zip

diff --git a/RELNOTES b/RELNOTES index a4fc92671..3bdd21caa 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -9,6 +9,7 @@ firejail (0.9.42~rc2) baseline; urgency=low
9	* Ubuntu snap support	9	* Ubuntu snap support
10	* include /dev/snd in --private-dev	10	* include /dev/snd in --private-dev
11	* added mkfile profile command	11	* added mkfile profile command
		12	* added quiet profile command
12	* recursive mkdir	13	* recursive mkdir
13	* seccomp filter updated	14	* seccomp filter updated
14	* compile time and run time support to disable whitelists	15	* compile time and run time support to disable whitelists


diff --git a/etc/cpio.profile b/etc/cpio.profile index b4d232496..5772c7368 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile
@@ -1,7 +1,7 @@
1	# cpio profile	1	# cpio profile
2	# /sbin and /usr/sbin are visible inside the sandbox	2	# /sbin and /usr/sbin are visible inside the sandbox
3	# /boot is not visible and /var is heavily modified	3	# /boot is not visible and /var is heavily modified
4		4	quiet
5	noblacklist /sbin	5	noblacklist /sbin
6	noblacklist /usr/sbin	6	noblacklist /usr/sbin
7	include /etc/firejail/disable-common.inc	7	include /etc/firejail/disable-common.inc


diff --git a/etc/file.profile b/etc/file.profile index 1569b42c7..c2d7b0b0f 100644 --- a/etc/file.profile +++ b/etc/file.profile
@@ -1,4 +1,5 @@
1	# file profile	1	# file profile
		2	quiet
2	ignore noroot	3	ignore noroot
3	include /etc/firejail/default.profile	4	include /etc/firejail/default.profile
4		5


diff --git a/etc/gtar.profile b/etc/gtar.profile index 5dbc550f6..2f675cd9d 100644 --- a/etc/gtar.profile +++ b/etc/gtar.profile
@@ -1 +1,3 @@
		1	# gtar profile
		2	quiet
1	include /etc/firejail/tar.profile	3	include /etc/firejail/tar.profile


diff --git a/etc/gzip.profile b/etc/gzip.profile index cc19e7608..ce4aa3c4b 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile
@@ -1,4 +1,6 @@
1	# gzip profile	1	# gzip profile
		2	quiet
		3	ignore noroot
2	include /etc/firejail/default.profile	4	include /etc/firejail/default.profile
3	tracelog	5	tracelog
4	net none	6	net none


diff --git a/etc/less.profile b/etc/less.profile index 0c43111d7..802e4196d 100644 --- a/etc/less.profile +++ b/etc/less.profile
@@ -1,4 +1,6 @@
1	# less profile	1	# less profile
		2	quiet
		3	ignore noroot
2	include /etc/firejail/default.profile	4	include /etc/firejail/default.profile
3	tracelog	5	tracelog
4	net none	6	net none


diff --git a/etc/strings.profile b/etc/strings.profile index 881edf4ad..6ebe81d09 100644 --- a/etc/strings.profile +++ b/etc/strings.profile
@@ -1,4 +1,6 @@
1	# strings profile	1	# strings profile
		2	quiet
		3	ignore noroot
2	include /etc/firejail/default.profile	4	include /etc/firejail/default.profile
3	tracelog	5	tracelog
4	net none	6	net none


diff --git a/etc/tar.profile b/etc/tar.profile index 769a3cd4e..6daa7396a 100644 --- a/etc/tar.profile +++ b/etc/tar.profile
@@ -1,4 +1,5 @@
1	# tar profile	1	# tar profile
		2	quiet
2	ignore noroot	3	ignore noroot
3	include /etc/firejail/default.profile	4	include /etc/firejail/default.profile
4		5


diff --git a/etc/unrar.profile b/etc/unrar.profile index 74079e7b9..e941a8f2a 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile
@@ -1,4 +1,5 @@
1	# unrar profile	1	# unrar profile
		2	quiet
2	ignore noroot	3	ignore noroot
3	include /etc/firejail/default.profile	4	include /etc/firejail/default.profile
4		5


diff --git a/etc/unzip.profile b/etc/unzip.profile index 502839b98..ab69e932e 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile
@@ -1,4 +1,5 @@
1	# unzip profile	1	# unzip profile
		2	quiet
2	ignore noroot	3	ignore noroot
3	include /etc/firejail/default.profile	4	include /etc/firejail/default.profile
4		5


diff --git a/etc/uudeview.profile b/etc/uudeview.profile index 8218ac959..f6fe0abf1 100644 --- a/etc/uudeview.profile +++ b/etc/uudeview.profile
@@ -1,5 +1,7 @@
1	# uudeview profile	1	# uudeview profile
2	# the default profile will disable root user, enable seccomp filter etc.	2	# the default profile will disable root user, enable seccomp filter etc.
		3	quiet
		4	ignore noroot
3	include /etc/firejail/default.profile	5	include /etc/firejail/default.profile
4		6
5	tracelog	7	tracelog


diff --git a/etc/xz.profile b/etc/xz.profile index 709585acd..5b29f7338 100644 --- a/etc/xz.profile +++ b/etc/xz.profile
@@ -1,2 +1,3 @@
1	# xz profile	1	# xz profile
		2	quiet
2	include /etc/firejail/cpio.profile	3	include /etc/firejail/cpio.profile


diff --git a/etc/xzdec.profile b/etc/xzdec.profile index ddf2061bf..3692160e6 100644 --- a/etc/xzdec.profile +++ b/etc/xzdec.profile
@@ -1,4 +1,6 @@
1	# xzdec profile	1	# xzdec profile
		2	quiet
		3	ignore noroot
2	include /etc/firejail/default.profile	4	include /etc/firejail/default.profile
3	tracelog	5	tracelog
4	net none	6	net none


diff --git a/src/firejail/main.c b/src/firejail/main.c index de1dcc044..8bb438ba4 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -697,21 +697,6 @@ static void delete_x11_file(pid_t pid) {
697		697
698	static void detect_quiet(int argc, char **argv) {	698	static void detect_quiet(int argc, char **argv) {
699	int i;	699	int i;
700	char *progs[] = {
701	"cpio",
702	"file",
703	"gtar",
704	"gzip",
705	"less",
706	"strings",
707	"tar",
708	"unrar",
709	"unzip",
710	"uudeview",
711	"xz",
712	"xzdec",
713	NULL
714	};
715		700
716	// detect --quiet	701	// detect --quiet
717	for (i = 1; i < argc; i++) {	702	for (i = 1; i < argc; i++) {
@@ -726,26 +711,6 @@ static void detect_quiet(int argc, char **argv) {
726	if (strncmp(argv[i], "--", 2) != 0)	711	if (strncmp(argv[i], "--", 2) != 0)
727	break;	712	break;
728	}	713	}
729
730	// argv[i] is the program name if --quiet was not already detected
731	if (arg_quiet \|\| i == argc)
732	return;
733
734	// extract the name of the program without the leading path
735	char *ptr = strrchr(argv[i], '/');
736	char *name = (ptr)? (ptr + 1): argv[i];
737	if (*name == '\0')
738	return;
739
740	// look for the program in the list
741	int j = 0;
742	while (progs[j] != NULL) {
743	if (strcmp(name, progs[j]) == 0) {
744	arg_quiet = 1;
745	return;
746	}
747	j++;
748	}
749	}	714	}
750		715
751	//*******************************************	716	//*******************************************


diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 46ef0921d..8c2970639 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c
@@ -817,8 +817,7 @@ void profile_read(const char *fname) {
817	exit(1);	817	exit(1);
818	}	818	}
819		819
820	if (!arg_quiet)	820	int msg_printed = 0;
821	fprintf(stderr, "Reading profile %s\n", fname);
822		821
823	// read the file line by line	822	// read the file line by line
824	char buf[MAX_READ + 1];	823	char buf[MAX_READ + 1];
@@ -836,6 +835,17 @@ void profile_read(const char *fname) {
836	continue;	835	continue;
837	}	836	}
838		837
		838	// process quiet
		839	if (strcmp(ptr, "quiet") == 0) {
		840	arg_quiet = 1;
		841	continue;
		842	}
		843	if (!msg_printed) {
		844	if (!arg_quiet)
		845	fprintf(stderr, "Reading profile %s\n", fname);
		846	msg_printed = 1;
		847	}
		848
839	// process include	849	// process include
840	if (strncmp(ptr, "include ", 8) == 0) {	850	if (strncmp(ptr, "include ", 8) == 0) {
841	include_level++;	851	include_level++;


diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 7e33a6b45..b6908dd00 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt
@@ -93,11 +93,17 @@ If the file name matches file_name, the file will not be blacklisted in any blac
93	Example: "noblacklist ${HOME}/.mozilla"	93	Example: "noblacklist ${HOME}/.mozilla"
94		94
95	.TP	95	.TP
96	\fBignore command	96	\fBignore
97	Ignore command.	97	Ignore command.
98		98
99	Example: "ignore seccomp"	99	Example: "ignore seccomp"
100		100
		101	.TP
		102	\fBquiet
		103	Disable Firejail's output. This should be the first uncommented command in the profile file.
		104
		105	Example: "quiet"
		106
101	.SH Filesystem	107	.SH Filesystem
102	These profile entries define a chroot filesystem built on top of the existing	108	These profile entries define a chroot filesystem built on top of the existing
103	host filesystem. Each line describes a file element that is removed from	109	host filesystem. Each line describes a file element that is removed from