dbus.c

author: startx2017 <vradu.startx@yandex.com> 2018-03-26 10:46:09 -0400
committer: startx2017 <vradu.startx@yandex.com> 2018-03-26 10:46:09 -0400
commit: 1ff6851a1a8dcb89f6cb4097b765167b0949a982 (patch)
tree: 7ffeaa97d13a5c2d1f1bb3232f0f6bbf18f49d2a
parent: --nodbus, first draft for #1825 (diff)
download: firejail-1ff6851a1a8dcb89f6cb4097b765167b0949a982.tar.gz
firejail-1ff6851a1a8dcb89f6cb4097b765167b0949a982.tar.zst
firejail-1ff6851a1a8dcb89f6cb4097b765167b0949a982.zip
1 files changed, 58 insertions, 0 deletions
diff --git a/src/firejail/dbus.c b/src/firejail/dbus.c
new file mode 100644
index 000000000..eee3e2a35
--- /dev/null
+++ b/src/firejail/dbus.c
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2014-2018 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#include "firejail.h"
+void dbus_session_disable(void) {
+        char *path;
+        if (asprintf(&path, "/run/user/%d/bus", getuid()) == -1)
+                errExit("asprintf");
+        char *env_var;
+        if (asprintf(&env_var, "DBUS_SESSION_BUS_ADDRESS=unix:path=%s", path) == -1)
+                errExit("asprintf");
+        // set a new environment variable: DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/<UID>/bus
+        if (setenv("DBUS_SESSION_BUS_ADDRESS", env_var, 1) == -1) {
+                fprintf(stderr, "Error: cannot modify DBUS_SESSION_BUS_ADDRESS required by --nodbus\n");
+                exit(1);
+        }
+        // blacklist the path
+        disable_file_or_dir(path);
+        free(path);
+        free(env_var);
+        // look for a possible abstract unix socket
+        // --net=none
+        if (arg_nonetwork)
+                return;
+        // --net=eth0
+        if (any_bridge_configured())
+                return;
+        // --protocol=unix
+#ifdef HAVE_SECCOMP
+        if (cfg.protocol && !strstr(cfg.protocol, "unix"))
+                return;
+#endif
+        fwarning("An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.\n");
+}
author	startx2017 <vradu.startx@yandex.com>	2018-03-26 10:46:09 -0400
committer	startx2017 <vradu.startx@yandex.com>	2018-03-26 10:46:09 -0400
commit	1ff6851a1a8dcb89f6cb4097b765167b0949a982 (patch)
tree	7ffeaa97d13a5c2d1f1bb3232f0f6bbf18f49d2a
parent	--nodbus, first draft for #1825 (diff)
download	firejail-1ff6851a1a8dcb89f6cb4097b765167b0949a982.tar.gz firejail-1ff6851a1a8dcb89f6cb4097b765167b0949a982.tar.zst firejail-1ff6851a1a8dcb89f6cb4097b765167b0949a982.zip

diff --git a/src/firejail/dbus.c b/src/firejail/dbus.c new file mode 100644 index 000000000..eee3e2a35 --- /dev/null +++ b/src/firejail/dbus.c
@@ -0,0 +1,58 @@
	1	/*
	2	* Copyright (C) 2014-2018 Firejail Authors
	3	*
	4	* This file is part of firejail project
	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License as published by
	8	* the Free Software Foundation; either version 2 of the License, or
	9	* (at your option) any later version.
	10	*
	11	* This program is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	* GNU General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU General Public License along
	17	* with this program; if not, write to the Free Software Foundation, Inc.,
	18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	19	*/
	20	#include "firejail.h"
	21
	22	void dbus_session_disable(void) {
	23	char *path;
	24	if (asprintf(&path, "/run/user/%d/bus", getuid()) == -1)
	25	errExit("asprintf");
	26	char *env_var;
	27	if (asprintf(&env_var, "DBUS_SESSION_BUS_ADDRESS=unix:path=%s", path) == -1)
	28	errExit("asprintf");
	29
	30	// set a new environment variable: DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/<UID>/bus
	31	if (setenv("DBUS_SESSION_BUS_ADDRESS", env_var, 1) == -1) {
	32	fprintf(stderr, "Error: cannot modify DBUS_SESSION_BUS_ADDRESS required by --nodbus\n");
	33	exit(1);
	34	}
	35
	36	// blacklist the path
	37	disable_file_or_dir(path);
	38	free(path);
	39	free(env_var);
	40
	41	// look for a possible abstract unix socket
	42
	43	// --net=none
	44	if (arg_nonetwork)
	45	return;
	46
	47	// --net=eth0
	48	if (any_bridge_configured())
	49	return;
	50
	51	// --protocol=unix
	52	#ifdef HAVE_SECCOMP
	53	if (cfg.protocol && !strstr(cfg.protocol, "unix"))
	54	return;
	55	#endif
	56
	57	fwarning("An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.\n");
	58	}