diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-08-22 18:20:35 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-08-22 18:20:35 -0400 |
| commit | 8db0f9d8b925887df2c1a0941d53c379492d36b0 (patch) | |
| tree | 454c428e617a3647a595c92a2b995254fdf728c8 | |
| parent | allow-debuggers (diff) | |
| download | firejail-8db0f9d8b925887df2c1a0941d53c379492d36b0.tar.gz firejail-8db0f9d8b925887df2c1a0941d53c379492d36b0.tar.zst firejail-8db0f9d8b925887df2c1a0941d53c379492d36b0.zip | |
x11 command in profile files
| -rw-r--r-- | RELNOTES | 1 | ||||
| -rw-r--r-- | src/firejail/profile.c | 17 | ||||
| -rw-r--r-- | src/man/firejail-profile.txt | 3 |
3 files changed, 21 insertions, 0 deletions
| @@ -29,6 +29,7 @@ firejail (0.9.42~rc2) baseline; urgency=low | |||
| 29 | * run time support to disable remounting of /proc and /sys | 29 | * run time support to disable remounting of /proc and /sys |
| 30 | * added quiet-by-default config option in /etc/firejail/firejail.config | 30 | * added quiet-by-default config option in /etc/firejail/firejail.config |
| 31 | * added netfilter-default config option in /etc/firejail/firejail.config | 31 | * added netfilter-default config option in /etc/firejail/firejail.config |
| 32 | * added x11 command for profile files | ||
| 32 | * new profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice | 33 | * new profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice |
| 33 | * new profiles: pix, audacity, xz, xzdec, gzip, cpio, less | 34 | * new profiles: pix, audacity, xz, xzdec, gzip, cpio, less |
| 34 | * new profiles: Atom Beta, Atom, jitsi, eom, uudeview | 35 | * new profiles: Atom Beta, Atom, jitsi, eom, uudeview |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 26f434f3b..916e39892 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -613,6 +613,23 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
| 613 | arg_private = 1; | 613 | arg_private = 1; |
| 614 | return 0; | 614 | return 0; |
| 615 | } | 615 | } |
| 616 | |||
| 617 | if (strcmp(ptr, "x11") == 0) { | ||
| 618 | #ifdef HAVE_X11 | ||
| 619 | if (checkcfg(CFG_X11)) { | ||
| 620 | char *x11env = getenv("FIREJAIL_X11"); | ||
| 621 | if (x11env && strcmp(x11env, "yes") == 0) | ||
| 622 | return 0; | ||
| 623 | else { | ||
| 624 | // start x11 | ||
| 625 | x11_start(cfg.original_argc, cfg.original_argv); | ||
| 626 | exit(0); | ||
| 627 | } | ||
| 628 | } | ||
| 629 | #endif | ||
| 630 | return 0; | ||
| 631 | } | ||
| 632 | |||
| 616 | 633 | ||
| 617 | if (strncmp(ptr, "private-template ", 17) == 0) { | 634 | if (strncmp(ptr, "private-template ", 17) == 0) { |
| 618 | if (arg_private) { | 635 | if (arg_private) { |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 52802755f..e3217bbff 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
| @@ -258,6 +258,9 @@ does not result in an increase of privilege. | |||
| 258 | \fBnoroot | 258 | \fBnoroot |
| 259 | Use this command to enable an user namespace. The namespace has only one user, the current user. | 259 | Use this command to enable an user namespace. The namespace has only one user, the current user. |
| 260 | There is no root account (uid 0) defined in the namespace. | 260 | There is no root account (uid 0) defined in the namespace. |
| 261 | .TP | ||
| 262 | \fBx11 | ||
| 263 | Enable X11 sandboxing. | ||
| 261 | 264 | ||
| 262 | .SH Resource limits, CPU affinity, Control Groups | 265 | .SH Resource limits, CPU affinity, Control Groups |
| 263 | These profile entries define the limits on system resources (rlimits) for the processes inside the sandbox. | 266 | These profile entries define the limits on system resources (rlimits) for the processes inside the sandbox. |