diff options
| author |  smitsohu <smitsohu@gmail.com> | 2018-12-07 16:08:10 +0100 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2018-12-07 16:08:10 +0100 |
| commit | 4292f8ab6fcb53d4036e0b2c2cd55debf2a50298 (patch) | |
| tree | c0f5dade68b5f5e826090a38c61b7707de717196 | |
| parent | merges (diff) | |
| download | firejail-4292f8ab6fcb53d4036e0b2c2cd55debf2a50298.tar.gz firejail-4292f8ab6fcb53d4036e0b2c2cd55debf2a50298.tar.zst firejail-4292f8ab6fcb53d4036e0b2c2cd55debf2a50298.zip | |
add HAS_NODBUS conditional, ${RUNUSER} makro
| -rw-r--r-- | src/firejail/macros.c | 9 | ||||
| -rw-r--r-- | src/firejail/profile.c | 1 | ||||
| -rw-r--r-- | src/man/firejail-profile.txt | 2 |
3 files changed, 11 insertions, 1 deletions
diff --git a/src/firejail/macros.c b/src/firejail/macros.c index 59b5db3d8..7e08ab340 100644 --- a/src/firejail/macros.c +++ b/src/firejail/macros.c | |||
| @@ -229,6 +229,13 @@ char *expand_macros(const char *path) { | |||
| 229 | EUID_ROOT(); | 229 | EUID_ROOT(); |
| 230 | return new_name; | 230 | return new_name; |
| 231 | } | 231 | } |
| 232 | else if (strncmp(path, "${RUNUSER}", 10) == 0) { | ||
| 233 | if (asprintf(&new_name, "/run/user/%u%s", getuid(), path + 10) == -1) | ||
| 234 | errExit("asprintf"); | ||
| 235 | if(called_as_root) | ||
| 236 | EUID_ROOT(); | ||
| 237 | return new_name; | ||
| 238 | } | ||
| 232 | else { | 239 | else { |
| 233 | char *directory = resolve_macro(path); | 240 | char *directory = resolve_macro(path); |
| 234 | if (directory) { | 241 | if (directory) { |
| @@ -260,6 +267,8 @@ void invalid_filename(const char *fname, int globbing) { | |||
| 260 | ptr = fname + 7; | 267 | ptr = fname + 7; |
| 261 | else if (strncmp(ptr, "${PATH}", 7) == 0) | 268 | else if (strncmp(ptr, "${PATH}", 7) == 0) |
| 262 | ptr = fname + 7; | 269 | ptr = fname + 7; |
| 270 | else if (strncmp(ptr, "${RUNUSER}", 10) == 0) | ||
| 271 | ptr = fname + 10; | ||
| 263 | else { | 272 | else { |
| 264 | int id = macro_id(fname); | 273 | int id = macro_id(fname); |
| 265 | if (id != -1) | 274 | if (id != -1) |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 5f5d94ddf..a6d619f38 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -141,6 +141,7 @@ int profile_check_conditional(char *ptr, int lineno, const char *fname) { | |||
| 141 | bool value; // true if set | 141 | bool value; // true if set |
| 142 | } conditionals[] = { | 142 | } conditionals[] = { |
| 143 | {"HAS_APPIMAGE", strlen("HAS_APPIMAGE"), arg_appimage!=0}, | 143 | {"HAS_APPIMAGE", strlen("HAS_APPIMAGE"), arg_appimage!=0}, |
| 144 | {"HAS_NODBUS", strlen("HAS_NODBUS"), arg_nodbus!=0}, | ||
| 144 | {"BROWSER_DISABLE_U2F", strlen("BROWSER_DISABLE_U2F"), checkcfg(CFG_BROWSER_DISABLE_U2F)!=0}, | 145 | {"BROWSER_DISABLE_U2F", strlen("BROWSER_DISABLE_U2F"), checkcfg(CFG_BROWSER_DISABLE_U2F)!=0}, |
| 145 | NULL | 146 | NULL |
| 146 | }, *cond = conditionals; | 147 | }, *cond = conditionals; |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 4e22796c9..dde815d05 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
| @@ -94,7 +94,7 @@ Example: "?HAS_APPIMAGE: whitelist ${HOME}/special/appimage/dir" | |||
| 94 | 94 | ||
| 95 | This example will load the whitelist profile line only if the \-\-appimage option has been specified on the command line. | 95 | This example will load the whitelist profile line only if the \-\-appimage option has been specified on the command line. |
| 96 | 96 | ||
| 97 | Currently the only conditionals supported are HAS_APPIMAGE and BROWSER_DISABLE_U2F. | 97 | Currently the only conditionals supported are HAS_APPIMAGE, HAS_NODBUS and BROWSER_DISABLE_U2F. |
| 98 | 98 | ||
| 99 | The profile line may be any profile line that you would normally use in a profile \fBexcept\fR for "quiet" and "include" lines. | 99 | The profile line may be any profile line that you would normally use in a profile \fBexcept\fR for "quiet" and "include" lines. |
| 100 | 100 | ||