aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2015-11-12 12:00:41 -0500
committerLibravatar netblue30 <netblue30@yahoo.com>2015-11-12 12:00:41 -0500
commitb6d388d2beb532ee2b94354287516ac4b5f2bfcd (patch)
treee78e84961bda0a6f74ac8c40696ced2ac0e09bec
parentremoved private.keep (deprecated) (diff)
downloadfirejail-b6d388d2beb532ee2b94354287516ac4b5f2bfcd.tar.gz
firejail-b6d388d2beb532ee2b94354287516ac4b5f2bfcd.tar.zst
firejail-b6d388d2beb532ee2b94354287516ac4b5f2bfcd.zip
removed exclude-token from profile include
Diffstat
-rw-r--r--src/firejail/firejail.h2
-rw-r--r--src/firejail/main.c2
-rw-r--r--src/firejail/profile.c34
-rw-r--r--src/man/firejail-profile.txt11
-rw-r--r--todo2
5 files changed, 8 insertions, 43 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index e3334bd2e..23ed11626 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -266,7 +266,7 @@ int fs_check_chroot_dir(const char *rootdir);
266// find and read the profile specified by name from dir directory 266// find and read the profile specified by name from dir directory
267int profile_find(const char *name, const char *dir); 267int profile_find(const char *name, const char *dir);
268// read a profile file 268// read a profile file
269void profile_read(const char *fname, const char *skip1, const char *skip2); 269void profile_read(const char *fname);
270// check profile line; if line == 0, this was generated from a command line option 270// check profile line; if line == 0, this was generated from a command line option
271// return 1 if the command is to be added to the linked list of profile commands 271// return 1 if the command is to be added to the linked list of profile commands
272// return 0 if the command was already executed inside the function 272// return 0 if the command was already executed inside the function
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 37bf22cae..601999db5 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -720,7 +720,7 @@ int main(int argc, char **argv) {
720 return 1; 720 return 1;
721 } 721 }
722 722
723 profile_read(argv[i] + 10, NULL, NULL); 723 profile_read(argv[i] + 10);
724 custom_profile = 1; 724 custom_profile = 1;
725 } 725 }
726 else if (strcmp(argv[i], "--noprofile") == 0) { 726 else if (strcmp(argv[i], "--noprofile") == 0) {
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index caa43288b..5ab6bc776 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -44,7 +44,7 @@ int profile_find(const char *name, const char *dir) {
44 char *etcpname; 44 char *etcpname;
45 if (asprintf(&etcpname, "%s/%s", dir, pname) == -1) 45 if (asprintf(&etcpname, "%s/%s", dir, pname) == -1)
46 errExit("asprintf"); 46 errExit("asprintf");
47 profile_read(etcpname, NULL, NULL); 47 profile_read(etcpname);
48 free(etcpname); 48 free(etcpname);
49 rv = 1; 49 rv = 1;
50 break; 50 break;
@@ -414,8 +414,7 @@ void profile_add(char *str) {
414 414
415// read a profile file 415// read a profile file
416static int include_level = 0; 416static int include_level = 0;
417// skip1, skip2 - if the string is found in the line, the line is not interpreted 417void profile_read(const char *fname) {
418void profile_read(const char *fname, const char *skip1, const char *skip2) {
419 // exit program if maximum include level was reached 418 // exit program if maximum include level was reached
420 if (include_level > MAX_INCLUDE_LEVEL) { 419 if (include_level > MAX_INCLUDE_LEVEL) {
421 fprintf(stderr, "Error: maximum profile include level was reached\n"); 420 fprintf(stderr, "Error: maximum profile include level was reached\n");
@@ -459,25 +458,12 @@ void profile_read(const char *fname, const char *skip1, const char *skip2) {
459 458
460 // extract profile filename and new skip params 459 // extract profile filename and new skip params
461 char *newprofile = ptr + 8; // profile name 460 char *newprofile = ptr + 8; // profile name
462 char *newskip1 = NULL; // new skip1
463 char *newskip2 = NULL; // new skip2
464 char *p = newprofile;
465 while (*p != '\0') {
466 if (*p == ' ') {
467 *p = '\0';
468 if (newskip1 == NULL)
469 newskip1 = p + 1;
470 else if (newskip2 == NULL)
471 newskip2 = p + 1;
472 }
473 p++;
474 }
475 461
476 // expand ${HOME}/ in front of the new profile file 462 // expand ${HOME}/ in front of the new profile file
477 char *newprofile2 = expand_home(newprofile, cfg.homedir); 463 char *newprofile2 = expand_home(newprofile, cfg.homedir);
478 464
479 // recursivity 465 // recursivity
480 profile_read((newprofile2)? newprofile2:newprofile, newskip1, newskip2); 466 profile_read((newprofile2)? newprofile2:newprofile);
481 include_level--; 467 include_level--;
482 if (newprofile2) 468 if (newprofile2)
483 free(newprofile2); 469 free(newprofile2);
@@ -485,20 +471,6 @@ void profile_read(const char *fname, const char *skip1, const char *skip2) {
485 continue; 471 continue;
486 } 472 }
487 473
488 // skip
489 if (skip1) {
490 if (strstr(ptr, skip1)) {
491 free(ptr);
492 continue;
493 }
494 }
495 if (skip2) {
496 if (strstr(ptr, skip2)) {
497 free(ptr);
498 continue;
499 }
500 }
501
502 // verify syntax, exit in case of error 474 // verify syntax, exit in case of error
503 if (profile_check_line(ptr, lineno)) 475 if (profile_check_line(ptr, lineno))
504 profile_add(ptr); 476 profile_add(ptr);
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 02a54e685..3377b2eb7 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -70,21 +70,16 @@ Scripting commands:
70# this is a comment 70# this is a comment
71 71
72.TP 72.TP
73\f\include other.profile exclude-token 73\f\include other.profile
74Include other.profile file. exclude-token disables blacklist commands in other.profile 74Include other.profile file.
75if exclude-token word is found in the name section of blacklist command.
76exclude-token is optional.
77 75
78Example: "include /etc/firejail/disable-common.inc .filezilla" 76Example: "include /etc/firejail/disable-common.inc"
79loads disable-common.inc file disables "blacklist ${HOME}/.filezilla" command in this file.
80 77
81other.profile file name can be prefixed with ${HOME}. This will force Firejail to look for the 78other.profile file name can be prefixed with ${HOME}. This will force Firejail to look for the
82file in user home directory. 79file in user home directory.
83 80
84Example: "include ${HOME}/myprofiles/profile1" will load "~/myprofiles/profile1" file. 81Example: "include ${HOME}/myprofiles/profile1" will load "~/myprofiles/profile1" file.
85 82
86Note: exclude-token is deprecated, use noblacklist command instead.
87
88.TP 83.TP
89\f\noblacklist file_name 84\f\noblacklist file_name
90If the file name matches file_name, the file will not be blacklisted in any blacklist commands that follow. 85If the file name matches file_name, the file will not be blacklisted in any blacklist commands that follow.
diff --git a/todo b/todo
index cd0b33e8f..01901dcfa 100644
--- a/todo
+++ b/todo
@@ -27,8 +27,6 @@ Warning: failed to unmount /sys
27Child process initialized 27Child process initialized
28$ 28$
29 29
304. Remove exclude-token from profile include in 0.9.34 (deprecated in 0.9.30)
31
325. Add IRC clients: KVIrc (KDE), BitchX (CLI), Smuxi, Konversation (KDE), HexChat, Irssi (CLI), WeeChat (CLI) 305. Add IRC clients: KVIrc (KDE), BitchX (CLI), Smuxi, Konversation (KDE), HexChat, Irssi (CLI), WeeChat (CLI)
33RSS: Liferea, akregator (KDE), newsbeuter (CLI), rawdog, 31RSS: Liferea, akregator (KDE), newsbeuter (CLI), rawdog,
34 32
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-19 15:55:07 +0000