modif: --output split in two commands, --output and --output-stderr; fix for #1458

6 files changed, 30 insertions, 8 deletions

diff --git a/README.md b/README.md
index 63ee3f51a..58656e710 100644
--- a/README.md
+++ b/README.md
@@ -112,6 +112,10 @@ Use this issue to request new profiles: [#1139](https://github.com/netblue30/fir
               Example:
               $ firejail --net=eth0 --x11=xephyr --xephyr-screen=640x480 fire‐
               fox
+
+       --output-stderr=logfile
+              Similar to --output, but stderr is also stored.
+
 `````
 
 ## /etc/firejail/firejail.config
diff --git a/RELNOTES b/RELNOTES
index 8122d5abb..8b29b734a 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,5 +1,6 @@
 firejail (0.9.49) baseline; urgency=low
   * work in progress!
+  * modif: --output split in two commands: --output and --output-stderr
   * feature: per-profile disable-mnt (--disable-mnt)
   * feature: per-profile support to set X11 Xephyr screen size (--xephyr-screen)
   * enhancement: /proc/sys mounting
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 31857ee57..407902676 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1022,7 +1022,7 @@ int main(int argc, char **argv) {
         }
         else {
                 // check --output option and execute it;
-                check_output(argc, argv); // the function will not return if --output option was found
+                check_output(argc, argv); // the function will not return if --output or --output-stderr option was found
         }
 
 
diff --git a/src/firejail/output.c b/src/firejail/output.c
index 9fb4ad6b1..abdfa4d3b 100644
--- a/src/firejail/output.c
+++ b/src/firejail/output.c
@@ -27,12 +27,18 @@ void check_output(int argc, char **argv) {
 
         int i;
         int outindex = 0;
-
+        int enable_stderr = 0;
+        
         for (i = 1; i < argc; i++) {
                 if (strncmp(argv[i], "--output=", 9) == 0) {
                         outindex = i;
                         break;
                 }
+                if (strncmp(argv[i], "--output-stderr=", 16) == 0) {
+                        outindex = i;
+                        enable_stderr = 1;
+                        break;
+                }
         }
         if (!outindex)
                 return;
@@ -40,9 +46,9 @@ void check_output(int argc, char **argv) {
 
         // check filename
         drop_privs(0);
-        char *outfile = NULL;
-        invalid_filename(argv[outindex] + 9);
-        outfile = argv[outindex] + 9;
+        char *outfile = argv[outindex];
+        outfile += (enable_stderr)? 16:9;
+        invalid_filename(outfile);
 
         // do not accept directories, links, and files with ".."
         if (strstr(outfile, "..") || is_link(outfile) || is_dir(outfile)) {
@@ -80,9 +86,15 @@ void check_output(int argc, char **argv) {
         for (i = 0; i < argc; i++) {
                 if (strncmp(argv[i], "--output=", 9) == 0)
                         continue;
+                if (strncmp(argv[i], "--output-stderr=", 16) == 0)
+                        continue;
                 ptr += sprintf(ptr, "%s ", argv[i]);
         }
-        sprintf(ptr, "2>&1 | %s/firejail/ftee %s", LIBDIR, outfile);
+        
+        if (enable_stderr)
+                sprintf(ptr, "2>&1 | %s/firejail/ftee %s", LIBDIR, outfile);
+        else
+                sprintf(ptr, " | %s/firejail/ftee %s", LIBDIR, outfile);
 
         // run command
         char *a[4];
diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index 71bb6f24e..b9ab00eae 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -134,11 +134,12 @@ void usage(void) {
         printf("    --novideo - disable video devices.\n");
         printf("    --nowhitelist=filename - disable whitelist for file or directory .\n");
         printf("    --output=logfile - stdout logging and log rotation.\n");
+        printf("    --output-stderr=logfile - stdout and stderr logging and log rotation.\n");
         printf("    --overlay - mount a filesystem overlay on top of the current filesystem.\n");
         printf("    --overlay-named=name - mount a filesystem overlay on top of the current\n");
         printf("\tfilesystem, and store it in name directory.\n");
-        printf("    --overlay-tmpfs - mount a temporary filesystem overlay on top of the current\n");
-        printf("\tfilesystem.\n");
+        printf("    --overlay-tmpfs - mount a temporary filesystem overlay on top of the\n");
+        printf("\tcurrent filesystem.\n");
         printf("    --overlay-clean - clean all overlays stored in $HOME/.firejail directory.\n");
         printf("    --private - temporary home directory.\n");
         printf("    --private=directory - use directory as user home.\n");
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index e7b427e7e..2c8dca09a 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1139,6 +1139,10 @@ $ ls -l sandboxlog*
 -rw-r--r-- 1 netblue netblue 511488 Jun  2 07:48 sandboxlog.5
 
 .TP
+\fB\-\-output-stderr=logfile
+Similar to \-\-output, but stderr is also stored.
+
+.TP
 \fB\-\-overlay
 Mount a filesystem overlay on top of the current filesystem.  Unlike the regular filesystem container,
 the system directories are mounted read-write. All filesystem modifications go into the overlay.