Merge pull request #805 from manevich/join-or-start

join-or-start option
author: netblue30 <netblue30@yahoo.com> 2016-09-24 08:02:49 -0400
committer: GitHub <noreply@github.com> 2016-09-24 08:02:49 -0400
commit: a1e3d76d3fb549c56e6d49713a46e358bf935a8b (patch)
tree: 85a625ed2edfc872ce8e5b49422ce6d724df01f8
parent: fixed make deb (diff)
parent: update man (diff)
download: firejail-a1e3d76d3fb549c56e6d49713a46e358bf935a8b.tar.gz
firejail-a1e3d76d3fb549c56e6d49713a46e358bf935a8b.tar.zst
firejail-a1e3d76d3fb549c56e6d49713a46e358bf935a8b.zip
4 files changed, 72 insertions, 0 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 3afecbe62..03ffab788 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -634,6 +634,30 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                exit(0);
        }
+        else if (strncmp(argv[i], "--join-or-start=", 16) == 0) {
+                // NOTE: this is first part of option handler,
+                //               sandbox name is set in other part
+                logargs(argc, argv);
+                if (arg_shell_none) {
+                        if (argc <= (i+1)) {
+                                fprintf(stderr, "Error: --shell=none set, but no command specified\n");
+                                exit(1);
+                        }
+                        cfg.original_program_index = i + 1;
+                }
+                // try to join by name only
+                pid_t pid;
+                if (!name2pid(argv[i] + 16, &pid)) {
+                        if (!cfg.shell && !arg_shell_none)
+                                cfg.shell = guess_shell();
+                        join(pid, argc, argv, i + 1);
+                        exit(0);
+                }
+                // if there no such sandbox continue argument processing
+        }
 #ifdef HAVE_NETWORK     
        else if (strncmp(argv[i], "--join-network=", 15) == 0) {
                if (checkcfg(CFG_NETWORK)) {
@@ -2157,6 +2181,17 @@ int main(int argc, char **argv) {
                else if (strcmp(argv[i], "--x11=block") == 0) {
                        arg_x11_block = 1;
                }
+                else if (strncmp(argv[i], "--join-or-start=", 16) == 0) {
+                        // NOTE: this is second part of option handler,
+                        //               atempt to find and join sandbox is done in other one
+                        // set sandbox name and start normally
+                        cfg.name = argv[i] + 16;
+                        if (strlen(cfg.name) == 0) {
+                                fprintf(stderr, "Error: please provide a name for sandbox\n");
+                                return 1;
+                        }
+                }
                else if (strcmp(argv[i], "--") == 0) {
                        // double dash - positional params to follow
                        arg_doubledash = 1;
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 00301037f..73b655379 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -803,6 +803,30 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                return 0;               
        }
+        if (strncmp(ptr, "join-or-start ", 14) == 0) {
+                // try to join by name only
+                pid_t pid;
+                if (!name2pid(ptr + 14, &pid)) {
+                        if (!cfg.shell && !arg_shell_none)
+                                cfg.shell = guess_shell();
+                        // find first non-option arg
+                        int i;
+                        for (i = 1; i < cfg.original_argc && strncmp(cfg.original_argv[i], "--", 2) != 0; i++);
+                        join(pid, cfg.original_argc,cfg.original_argv, i + 1);
+                        exit(0);
+                }
+                // set sandbox name and start normally
+                cfg.name = ptr + 14;
+                if (strlen(cfg.name) == 0) {
+                        fprintf(stderr, "Error: invalid sandbox name\n");
+                        exit(1);
+                }
+                return 0;
+        }
        // rest of filesystem
        if (strncmp(ptr, "blacklist ", 10) == 0)
                ptr += 10;
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index cc37670aa..68420ae9d 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -467,6 +467,12 @@ available in the new namespace is a new loopback interface (lo).
 Use this option to deny network access to programs that don't
 really need network access.
+.SH Other
+.TP
+\fBjoin-or-start sandboxname
+Join the sandbox identified by name or start a new one.
+Same as "firejail --join=sandboxname" command if sandbox with specified name exists, otherwise same as "name sandboxname".
 .SH RELOCATING PROFILES
 For various reasons some users might want to keep the profile files in a different directory.
 Using \fB--profile-path\fR command line option, Firejail can be instructed to look for profiles
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 29b0f05a2..88c884801 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -619,6 +619,13 @@ Switching to pid 1932, the first child process inside the sandbox
       valid_lft forever preferred_lft forever
 .TP
+\fB\-\-join-or-start=name
+Join the sandbox identified by name or start a new one.
+Same as "firejail --join=name" if sandbox with specified name exists, otherwise same as "firejail --name=name ..."
+.br
+Note that in contrary to other join options there is respective profile option.
+.TP
 \fB\-\-ls=name|pid dir_or_filename
 List files in sandbox container, see \fBFILE TRANSFER\fR section for more details.
author	netblue30 <netblue30@yahoo.com>	2016-09-24 08:02:49 -0400
committer	GitHub <noreply@github.com>	2016-09-24 08:02:49 -0400
commit	a1e3d76d3fb549c56e6d49713a46e358bf935a8b (patch)
tree	85a625ed2edfc872ce8e5b49422ce6d724df01f8
parent	fixed make deb (diff)
parent	update man (diff)
download	firejail-a1e3d76d3fb549c56e6d49713a46e358bf935a8b.tar.gz firejail-a1e3d76d3fb549c56e6d49713a46e358bf935a8b.tar.zst firejail-a1e3d76d3fb549c56e6d49713a46e358bf935a8b.zip

diff --git a/src/firejail/main.c b/src/firejail/main.c index 3afecbe62..03ffab788 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -634,6 +634,30 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
634	exit(0);	634	exit(0);
635		635
636	}	636	}
		637	else if (strncmp(argv[i], "--join-or-start=", 16) == 0) {
		638	// NOTE: this is first part of option handler,
		639	// sandbox name is set in other part
		640	logargs(argc, argv);
		641
		642	if (arg_shell_none) {
		643	if (argc <= (i+1)) {
		644	fprintf(stderr, "Error: --shell=none set, but no command specified\n");
		645	exit(1);
		646	}
		647	cfg.original_program_index = i + 1;
		648	}
		649
		650	// try to join by name only
		651	pid_t pid;
		652	if (!name2pid(argv[i] + 16, &pid)) {
		653	if (!cfg.shell && !arg_shell_none)
		654	cfg.shell = guess_shell();
		655
		656	join(pid, argc, argv, i + 1);
		657	exit(0);
		658	}
		659	// if there no such sandbox continue argument processing
		660	}
637	#ifdef HAVE_NETWORK	661	#ifdef HAVE_NETWORK
638	else if (strncmp(argv[i], "--join-network=", 15) == 0) {	662	else if (strncmp(argv[i], "--join-network=", 15) == 0) {
639	if (checkcfg(CFG_NETWORK)) {	663	if (checkcfg(CFG_NETWORK)) {
@@ -2157,6 +2181,17 @@ int main(int argc, char **argv) {
2157	else if (strcmp(argv[i], "--x11=block") == 0) {	2181	else if (strcmp(argv[i], "--x11=block") == 0) {
2158	arg_x11_block = 1;	2182	arg_x11_block = 1;
2159	}	2183	}
		2184	else if (strncmp(argv[i], "--join-or-start=", 16) == 0) {
		2185	// NOTE: this is second part of option handler,
		2186	// atempt to find and join sandbox is done in other one
		2187
		2188	// set sandbox name and start normally
		2189	cfg.name = argv[i] + 16;
		2190	if (strlen(cfg.name) == 0) {
		2191	fprintf(stderr, "Error: please provide a name for sandbox\n");
		2192	return 1;
		2193	}
		2194	}
2160	else if (strcmp(argv[i], "--") == 0) {	2195	else if (strcmp(argv[i], "--") == 0) {
2161	// double dash - positional params to follow	2196	// double dash - positional params to follow
2162	arg_doubledash = 1;	2197	arg_doubledash = 1;


diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 00301037f..73b655379 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c
@@ -803,6 +803,30 @@ int profile_check_line(char ptr, int lineno, const char fname) {
803	return 0;	803	return 0;
804	}	804	}
805		805
		806	if (strncmp(ptr, "join-or-start ", 14) == 0) {
		807	// try to join by name only
		808	pid_t pid;
		809	if (!name2pid(ptr + 14, &pid)) {
		810	if (!cfg.shell && !arg_shell_none)
		811	cfg.shell = guess_shell();
		812
		813	// find first non-option arg
		814	int i;
		815	for (i = 1; i < cfg.original_argc && strncmp(cfg.original_argv[i], "--", 2) != 0; i++);
		816
		817	join(pid, cfg.original_argc,cfg.original_argv, i + 1);
		818	exit(0);
		819	}
		820
		821	// set sandbox name and start normally
		822	cfg.name = ptr + 14;
		823	if (strlen(cfg.name) == 0) {
		824	fprintf(stderr, "Error: invalid sandbox name\n");
		825	exit(1);
		826	}
		827	return 0;
		828	}
		829
806	// rest of filesystem	830	// rest of filesystem
807	if (strncmp(ptr, "blacklist ", 10) == 0)	831	if (strncmp(ptr, "blacklist ", 10) == 0)
808	ptr += 10;	832	ptr += 10;


diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index cc37670aa..68420ae9d 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt
@@ -467,6 +467,12 @@ available in the new namespace is a new loopback interface (lo).
467	Use this option to deny network access to programs that don't	467	Use this option to deny network access to programs that don't
468	really need network access.	468	really need network access.
469		469
		470	.SH Other
		471	.TP
		472	\fBjoin-or-start sandboxname
		473	Join the sandbox identified by name or start a new one.
		474	Same as "firejail --join=sandboxname" command if sandbox with specified name exists, otherwise same as "name sandboxname".
		475
470	.SH RELOCATING PROFILES	476	.SH RELOCATING PROFILES
471	For various reasons some users might want to keep the profile files in a different directory.	477	For various reasons some users might want to keep the profile files in a different directory.
472	Using \fB--profile-path\fR command line option, Firejail can be instructed to look for profiles	478	Using \fB--profile-path\fR command line option, Firejail can be instructed to look for profiles


diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 29b0f05a2..88c884801 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -619,6 +619,13 @@ Switching to pid 1932, the first child process inside the sandbox
619	valid_lft forever preferred_lft forever	619	valid_lft forever preferred_lft forever
620		620
621	.TP	621	.TP
		622	\fB\-\-join-or-start=name
		623	Join the sandbox identified by name or start a new one.
		624	Same as "firejail --join=name" if sandbox with specified name exists, otherwise same as "firejail --name=name ..."
		625	.br
		626	Note that in contrary to other join options there is respective profile option.
		627
		628	.TP
622	\fB\-\-ls=name\|pid dir_or_filename	629	\fB\-\-ls=name\|pid dir_or_filename
623	List files in sandbox container, see \fBFILE TRANSFER\fR section for more details.	630	List files in sandbox container, see \fBFILE TRANSFER\fR section for more details.
624		631