aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar smitsohu <smitsohu@gmail.com>2018-09-10 22:54:23 +0200
committerLibravatar smitsohu <smitsohu@gmail.com>2018-09-10 22:54:23 +0200
commit58d9899f3165bfc71c7a55a41d361e161114853d (patch)
tree7245927309ad3363155a46651c4e890ba367ffa2
parentsmall rlimits adjustment (diff)
downloadfirejail-58d9899f3165bfc71c7a55a41d361e161114853d.tar.gz
firejail-58d9899f3165bfc71c7a55a41d361e161114853d.tar.zst
firejail-58d9899f3165bfc71c7a55a41d361e161114853d.zip
add switch to disable/enable private-cache
Diffstat
-rw-r--r--etc/firejail.config3
-rw-r--r--src/firejail/checkcfg.c8
-rw-r--r--src/firejail/firejail.h3
-rw-r--r--src/firejail/fs.c2
-rw-r--r--src/firejail/main.c5
-rw-r--r--src/firejail/profile.c5
6 files changed, 23 insertions, 3 deletions
diff --git a/etc/firejail.config b/etc/firejail.config
index 1f47f77d0..91a03f095 100644
--- a/etc/firejail.config
+++ b/etc/firejail.config
@@ -59,6 +59,9 @@
59# Enable or disable private-home feature, default enabled 59# Enable or disable private-home feature, default enabled
60# private-home yes 60# private-home yes
61 61
62# Enable or disable private-cache feature, default enabled
63# private-cache yes
64
62# Enable or disable private-lib feature, default enabled 65# Enable or disable private-lib feature, default enabled
63# private-lib yes 66# private-lib yes
64 67
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index 06820ce24..50f952e91 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -323,6 +323,14 @@ int checkcfg(int val) {
323 else 323 else
324 goto errout; 324 goto errout;
325 } 325 }
326 else if (strncmp(ptr, "private-cache ", 14) == 0) {
327 if (strcmp(ptr + 14, "yes") == 0)
328 cfg_val[CFG_PRIVATE_CACHE] = 1;
329 else if (strcmp(ptr + 14, "no") == 0)
330 cfg_val[CFG_PRIVATE_CACHE] = 0;
331 else
332 goto errout;
333 }
326 else if (strncmp(ptr, "private-lib ", 12) == 0) { 334 else if (strncmp(ptr, "private-lib ", 12) == 0) {
327 if (strcmp(ptr + 12, "yes") == 0) 335 if (strcmp(ptr + 12, "yes") == 0)
328 cfg_val[CFG_PRIVATE_LIB] = 1; 336 cfg_val[CFG_PRIVATE_LIB] = 1;
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 051456539..389bdbbcb 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -724,6 +724,7 @@ void x11_start_xpra(int argc, char **argv);
724void x11_start_xephyr(int argc, char **argv); 724void x11_start_xephyr(int argc, char **argv);
725void x11_block(void); 725void x11_block(void);
726void x11_start_xvfb(int argc, char **argv); 726void x11_start_xvfb(int argc, char **argv);
727void x11_xorg(void);
727 728
728// ls.c 729// ls.c
729enum { 730enum {
@@ -760,6 +761,7 @@ enum {
760 CFG_PRIVATE_LIB, 761 CFG_PRIVATE_LIB,
761 CFG_APPARMOR, 762 CFG_APPARMOR,
762 CFG_DBUS, 763 CFG_DBUS,
764 CFG_PRIVATE_CACHE,
763 CFG_MAX // this should always be the last entry 765 CFG_MAX // this should always be the last entry
764}; 766};
765extern char *xephyr_screen; 767extern char *xephyr_screen;
@@ -770,7 +772,6 @@ extern char *xvfb_extra_params;
770extern char *netfilter_default; 772extern char *netfilter_default;
771int checkcfg(int val); 773int checkcfg(int val);
772void print_compiletime_support(void); 774void print_compiletime_support(void);
773void x11_xorg(void);
774 775
775// appimage.c 776// appimage.c
776void appimage_set(const char *appimage_path); 777void appimage_set(const char *appimage_path);
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index fa3b3da0a..707817b1c 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -1497,6 +1497,8 @@ void fs_private_cache(void) {
1497 return; 1497 return;
1498 } 1498 }
1499 1499
1500 if (arg_debug)
1501 printf("Mounting tmpfs on %s\n", cache);
1500 // get a file descriptor for ~/.cache, fails if there is any symlink 1502 // get a file descriptor for ~/.cache, fails if there is any symlink
1501 int fd = safe_fd(cache, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC); 1503 int fd = safe_fd(cache, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC);
1502 if (fd == -1) 1504 if (fd == -1)
diff --git a/src/firejail/main.c b/src/firejail/main.c
index da052320c..7c44aca95 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1702,7 +1702,10 @@ int main(int argc, char **argv) {
1702 arg_private_tmp = 1; 1702 arg_private_tmp = 1;
1703 } 1703 }
1704 else if (strcmp(argv[i], "--private-cache") == 0) { 1704 else if (strcmp(argv[i], "--private-cache") == 0) {
1705 arg_private_cache = 1; 1705 if (checkcfg(CFG_PRIVATE_CACHE))
1706 arg_private_cache = 1;
1707 else
1708 exit_err_feature("private-cache");
1706 } 1709 }
1707 1710
1708 //************************************* 1711 //*************************************
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index bc5915d46..db58d2e0b 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -225,7 +225,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
225 return 0; 225 return 0;
226 } 226 }
227 else if (strcmp(ptr, "private-cache") == 0) { 227 else if (strcmp(ptr, "private-cache") == 0) {
228 arg_private_cache = 1; 228 if (checkcfg(CFG_PRIVATE_CACHE))
229 arg_private_cache = 1;
230 else
231 warning_feature_disabled("private-cache");
229 return 0; 232 return 0;
230 } 233 }
231 else if (strcmp(ptr, "private-dev") == 0) { 234 else if (strcmp(ptr, "private-dev") == 0) {
generated by cgit v1.2.3-54-g00ecf (git 2.45.0) at 2024-05-07 06:44:05 +0000