deprecating --shell (#5196)

author: netblue30 <netblue30@protonmail.com> 2022-06-20 08:18:13 -0400
committer: netblue30 <netblue30@protonmail.com> 2022-06-20 08:18:13 -0400
commit: 4b4d752158e2a7164765c6c7247ef8b4d6014689 (patch)
tree: 18fa1b4e32564376b6502a1cc7b1caed27bbdc54
parent: reverting previous seccomp log fix (#5207) (diff)
download: firejail-4b4d752158e2a7164765c6c7247ef8b4d6014689.tar.gz
firejail-4b4d752158e2a7164765c6c7247ef8b4d6014689.tar.zst
firejail-4b4d752158e2a7164765c6c7247ef8b4d6014689.zip
9 files changed, 40 insertions, 133 deletions
diff --git a/src/firejail/env.c b/src/firejail/env.c
index 548e8102d..8d2b9ea5a 100644
--- a/src/firejail/env.c
+++ b/src/firejail/env.c
@@ -118,10 +118,7 @@ void env_defaults(void) {
 //      env_store_name_val("QTWEBENGINE_DISABLE_SANDBOX", "1", SETENV);
 //      env_store_name_val("MOZ_NO_REMOTE, "1", SETENV);
        env_store_name_val("container", "firejail", SETENV); // LXC sets container=lxc,
-        if (!cfg.shell)
+        env_store_name_val("SHELL", cfg.usershell, SETENV);
-                cfg.shell = cfg.usershell;
-        if (cfg.shell)
-                env_store_name_val("SHELL", cfg.shell, SETENV);
        // spawn KIO slaves inside the sandbox
        env_store_name_val("KDE_FORK_SLAVES", "1", SETENV);
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 325524379..a403767fb 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -217,7 +217,6 @@ typedef struct config_t {
        char *command_line;
        char *window_title;
        char *command_name;
-        char *shell;
        char **original_argv;
        int original_argc;
        int original_program_index;
@@ -310,7 +309,6 @@ extern char *arg_netfilter_file;	// netfilter file
 extern char *arg_netfilter6_file;       // netfilter file
 extern char *arg_netns;         // "ip netns"-created network namespace to use
 extern int arg_doubledash;      // double dash
-extern int arg_shell_none;      // run the program directly without a shell
 extern int arg_private_dev;     // private dev directory
 extern int arg_keep_dev_shm;    // preserve /dev/shm
 extern int arg_private_etc;     // private etc directory
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index 061461590..8c4cb3d4f 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -62,7 +62,7 @@ static void skel(const char *homedir) {
        disable_tab_completion(homedir);
        // zsh
-        if (!arg_shell_none && (strcmp(cfg.shell,"/usr/bin/zsh") == 0 || strcmp(cfg.shell,"/bin/zsh") == 0)) {
+        if (strcmp(cfg.usershell,"/usr/bin/zsh") == 0 || strcmp(cfg.usershell,"/bin/zsh") == 0) {
                // copy skel files
                if (asprintf(&fname, "%s/.zshrc", homedir) == -1)
                        errExit("asprintf");
@@ -86,7 +86,7 @@ static void skel(const char *homedir) {
                free(fname);
        }
        // csh
-        else if (!arg_shell_none && strcmp(cfg.shell,"/bin/csh") == 0) {
+        else if (strcmp(cfg.usershell,"/bin/csh") == 0) {
                // copy skel files
                if (asprintf(&fname, "%s/.cshrc", homedir) == -1)
                        errExit("asprintf");
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c
index 848691a56..5d6d81ae1 100644
--- a/src/firejail/fs_lib.c
+++ b/src/firejail/fs_lib.c
@@ -392,8 +392,7 @@ void fs_private_lib(void) {
        char *private_list = cfg.lib_private_keep;
        if (arg_debug || arg_debug_private_lib)
                printf("Starting private-lib processing: program %s, shell %s\n",
-                        (cfg.original_program_index > 0)? cfg.original_argv[cfg.original_program_index]: "none",
+                        (cfg.original_program_index > 0)? cfg.original_argv[cfg.original_program_index]: "none", cfg.usershell);
-                (arg_shell_none)? "none": cfg.shell);
        // create /run/firejail/mnt/lib directory
        mkdir_attr(RUN_LIB_DIR, 0755, 0, 0);
@@ -430,15 +429,15 @@ void fs_private_lib(void) {
                }
        }
-        // for the shell
+// Note: this might be used for appimages!!!
-        if (!arg_shell_none) {
+//      if (!arg_shell_none) {
-                if (arg_debug || arg_debug_private_lib)
+//              if (arg_debug || arg_debug_private_lib)
-                        printf("Installing shell libraries\n");
+//                      printf("Installing shell libraries\n");
+//
-                fslib_install_list(cfg.shell);
+//              fslib_install_list(cfg.shell);
-                // a shell is useless without some basic commands
+//              // a shell is useless without some basic commands
-                fslib_install_list("/bin/ls,/bin/cat,/bin/mv,/bin/rm");
+//              fslib_install_list("/bin/ls,/bin/cat,/bin/mv,/bin/rm");
-        }
+//      }
        // for the listed libs and directories
        if (private_list && *private_list != '\0') {
diff --git a/src/firejail/join.c b/src/firejail/join.c
index b47089b0e..7bfe47059 100644
--- a/src/firejail/join.c
+++ b/src/firejail/join.c
@@ -113,14 +113,13 @@ static void extract_command(int argc, char **argv, int index) {
 static int open_shell(void) {
        EUID_ASSERT();
-        assert(cfg.shell);
        if (arg_debug)
-                printf("Opening shell %s\n", cfg.shell);
+                printf("Opening shell %s\n", cfg.usershell);
        // file descriptor will leak if not opened with O_CLOEXEC !!
-        int fd = open(cfg.shell, O_PATH|O_CLOEXEC);
+        int fd = open(cfg.usershell, O_PATH|O_CLOEXEC);
        if (fd == -1) {
-                fprintf(stderr, "Error: cannot open shell %s\n", cfg.shell);
+                fprintf(stderr, "Error: cannot open shell %s\n", cfg.usershell);
                exit(1);
        }
@@ -411,8 +410,9 @@ void join(pid_t pid, int argc, char **argv, int index) {
        extract_x11_display(pid);
        int shfd = -1;
-        if (!arg_shell_none)
+// Note: this might be used by joining appimages!!!!
-                shfd = open_shell();
+//      if (!arg_shell_none)
+//              shfd = open_shell();
        // in user mode set caps seccomp, cpu etc.
        if (getuid() != 0) {
@@ -516,10 +516,8 @@ void join(pid_t pid, int argc, char **argv, int index) {
 #endif
                extract_command(argc, argv, index);
-                if (cfg.command_line == NULL) {
+                if (cfg.command_line == NULL)
-                        assert(cfg.shell);
+                        cfg.window_title = cfg.usershell;
-                        cfg.window_title = cfg.shell;
-                }
                else if (arg_debug)
                        printf("Extracted command #%s#\n", cfg.command_line);
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 1554209b9..6466be7d4 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -105,7 +105,6 @@ char *arg_netfilter_file = NULL;			// netfilter file
 char *arg_netfilter6_file = NULL;               // netfilter6 file
 char *arg_netns = NULL;                 // "ip netns"-created network namespace to use
 int arg_doubledash = 0;                 // double dash
-int arg_shell_none = 1;                 // run the program directly without a shell
 int arg_private_dev = 0;                        // private dev directory
 int arg_keep_dev_shm = 0;                       // preserve /dev/shm
 int arg_private_etc = 0;                        // private etc directory
@@ -799,8 +798,6 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                        if (argc <= (i+1))
                                just_run_the_shell = 1;
                        cfg.original_program_index = i + 1;
-                        if (!cfg.shell)
-                                cfg.shell = cfg.usershell;
                        // join sandbox by pid or by name
                        pid_t pid = require_pid(argv[i] + 7);
@@ -821,10 +818,6 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                                just_run_the_shell = 1;
                        cfg.original_program_index = i + 1;
-                        if (!cfg.shell)
-                                cfg.shell = cfg.usershell;
-printf("***** %d\n", just_run_the_shell);
                        // try to join by name only
                        pid_t pid;
                        if (!read_pid(argv[i] + 16, &pid)) {
@@ -847,9 +840,6 @@ printf("***** %d\n", just_run_the_shell);
                                exit(1);
                        }
-                        if (!cfg.shell)
-                                cfg.shell = cfg.usershell;
                        // join sandbox by pid or by name
                        pid_t pid = require_pid(argv[i] + 15);
                        join(pid, argc, argv, i + 1);
@@ -867,9 +857,6 @@ printf("***** %d\n", just_run_the_shell);
                        exit(1);
                }
-                if (!cfg.shell)
-                        cfg.shell = cfg.usershell;
                // join sandbox by pid or by name
                pid_t pid = require_pid(argv[i] + 18);
                join(pid, argc, argv, i + 1);
@@ -2685,45 +2672,9 @@ int main(int argc, char **argv, char **envp) {
                else if (strncmp(argv[i], "--oom=", 6) == 0) {
                        // already handled
                }
-                else if (strcmp(argv[i], "--shell=none") == 0) {
-                        fprintf(stderr, "Warning: --shell=none is done by default; the command will be deprecated\n");
-                        if (cfg.shell) {
-                                fprintf(stderr, "Error: a shell was already specified\n");
-                                return 1;
-                        }
-                }
                else if (strncmp(argv[i], "--shell=", 8) == 0) {
-                        if (arg_shell_none) {
+                        fprintf(stderr, "Warning: --shell feature has been deprecated\n");
-                                fprintf(stderr, "Error: --shell=none was already specified.\n");
+                        exit(1);
-                                return 1;
-                        }
-                        invalid_filename(argv[i] + 8, 0); // no globbing
-                        if (cfg.shell) {
-                                fprintf(stderr, "Error: only one user shell can be specified\n");
-                                return 1;
-                        }
-                        cfg.shell = argv[i] + 8;
-                        if (is_dir(cfg.shell) || strstr(cfg.shell, "..")) {
-                                fprintf(stderr, "Error: invalid shell\n");
-                                exit(1);
-                        }
-                        // access call checks as real UID/GID, not as effective UID/GID
-                        if(cfg.chrootdir) {
-                                char *shellpath;
-                                if (asprintf(&shellpath, "%s%s", cfg.chrootdir, cfg.shell) == -1)
-                                        errExit("asprintf");
-                                if (access(shellpath, X_OK)) {
-                                        fprintf(stderr, "Error: cannot access shell file in chroot\n");
-                                        exit(1);
-                                }
-                                free(shellpath);
-                        } else if (access(cfg.shell, X_OK)) {
-                                fprintf(stderr, "Error: cannot access shell file\n");
-                                exit(1);
-                        }
                }
                else if (strcmp(argv[i], "-c") == 0) {
                        arg_command = 1;
@@ -2785,9 +2736,6 @@ int main(int argc, char **argv, char **envp) {
                                cfg.command_name = strdup(argv[i]);
                                if (!cfg.command_name)
                                        errExit("strdup");
-                                // disable shell=* for appimages
-                                arg_shell_none = 0;
                        }
                        else
                                extract_command_name(i, argv);
@@ -2814,12 +2762,6 @@ int main(int argc, char **argv, char **envp) {
                }
        }
-        // prog_index could still be -1 if no program was specified
-        if (prog_index == -1 && arg_shell_none) {
-                just_run_the_shell = 1;
-                if (!cfg.shell)
-                        cfg.shell = cfg.usershell;
-        }
        // check trace configuration
        if (arg_trace && arg_tracelog) {
@@ -2863,27 +2805,18 @@ int main(int argc, char **argv, char **envp) {
                free(msg);
        }
-        // guess shell if unspecified
-        if (!arg_shell_none && !cfg.shell) {
-                cfg.shell = cfg.usershell;
-                if (!cfg.shell) {
-                        fprintf(stderr, "Error: unable to guess your shell, please set explicitly by using --shell option.\n");
-                        exit(1);
-                }
-                if (arg_debug)
-                        printf("Autoselecting %s as shell\n", cfg.shell);
-        }
        // build the sandbox command
-        if (prog_index == -1 && cfg.shell) {
+        if (prog_index == -1) {
-                assert(cfg.command_line == NULL); // runs cfg.shell
+                just_run_the_shell = 1;
+                assert(cfg.command_line == NULL); // runs the user shell
                if (arg_appimage) {
                        fprintf(stderr, "Error: no appimage archive specified\n");
                        exit(1);
                }
-                cfg.window_title = cfg.shell;
+                cfg.window_title = cfg.usershell;
-                cfg.command_name = cfg.shell;
+                cfg.command_name = cfg.usershell;
        }
        else if (arg_appimage) {
                if (arg_debug)
@@ -2907,11 +2840,8 @@ int main(int argc, char **argv, char **envp) {
        // load the profile
        if (!arg_noprofile && !custom_profile) {
-                if (arg_appimage) {
+                if (arg_appimage)
                        custom_profile = appimage_find_profile(cfg.command_name);
-                        // disable shell=* for appimages
-                        arg_shell_none = 0;
-                }
                else
                        custom_profile = profile_find_firejail(cfg.command_name, 1);
        }
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c
index 62b701c4d..f5e287e32 100644
--- a/src/firejail/no_sandbox.c
+++ b/src/firejail/no_sandbox.c
@@ -189,25 +189,15 @@ void run_no_sandbox(int argc, char **argv) {
        }
        if (prog_index == 0) {
-                // got no command, require a shell and try to execute it
-                cfg.shell = cfg.usershell;
-                if (!cfg.shell) {
-                        fprintf(stderr, "Error: unable to guess your shell, please set SHELL environment variable\n");
-                        exit(1);
-                }
                assert(cfg.command_line == NULL);
-                cfg.window_title = cfg.shell;
+                cfg.window_title = cfg.usershell;
        } else {
                // this sandbox might not allow execution of a shell
-                // force --shell=none in order to not break firecfg symbolic links
-                arg_shell_none = 1;
                build_cmdline(&cfg.command_line, &cfg.window_title, argc, argv, prog_index, true);
        }
        fwarning("an existing sandbox was detected. "
-                "%s will run without any additional sandboxing features\n", prog_index ? argv[prog_index] : cfg.shell);
+                "%s will run without any additional sandboxing features\n", prog_index ? argv[prog_index] : cfg.usershell);
        cfg.original_argv = argv;
        cfg.original_program_index = prog_index;
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index b0389fc3f..1a83a0628 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -1561,9 +1561,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                        int r = name2pid(ptr + 14, &pid);
                        EUID_USER();
                        if (!r) {
-                                if (!cfg.shell && !arg_shell_none)
-                                        cfg.shell = cfg.usershell;
                                // find first non-option arg
                                int i;
                                for (i = 1; i < cfg.original_argc && strncmp(cfg.original_argv[i], "--", 2) != 0; i++);
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 7f74635ec..6b84faf13 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -528,7 +528,7 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) {
        //****************************************
        // start the program without using a shell
        //****************************************
-        else if (arg_shell_none) {
+        else if (!arg_appimage) {
                if (arg_debug) {
                        int i;
                        for (i = cfg.original_program_index; i < cfg.original_argc; i++) {
@@ -560,17 +560,15 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) {
                execvp(cfg.original_argv[cfg.original_program_index], &cfg.original_argv[cfg.original_program_index]);
        }
        //****************************************
-        // start the program using a shell
+        // start the program using a shell (appimages)
        //****************************************
-        else {
+        else { // appimage
-                assert(cfg.shell);
                char *arg[5];
                int index = 0;
-                arg[index++] = cfg.shell;
+                arg[index++] = cfg.usershell;
                if (cfg.command_line) {
                        if (arg_debug)
-                                printf("Running %s command through %s\n", cfg.command_line, cfg.shell);
+                                printf("Running %s command through %s\n", cfg.command_line, cfg.usershell);
                        arg[index++] = "-c";
                        if (arg_doubledash)
                                arg[index++] = "--";
@@ -578,11 +576,11 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) {
                }
                else if (login_shell) {
                        if (arg_debug)
-                                printf("Starting %s login shell\n", cfg.shell);
+                                printf("Starting %s login shell\n", cfg.usershell);
                        arg[index++] = "-l";
                }
                else if (arg_debug)
-                        printf("Starting %s shell\n", cfg.shell);
+                        printf("Starting %s shell\n", cfg.usershell);
                assert(index < 5);
                arg[index] = NULL;
@@ -590,7 +588,7 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) {
                if (arg_debug) {
                        char *msg;
                        if (asprintf(&msg, "sandbox %d, execvp into %s",
-                                sandbox_pid, cfg.command_line ? cfg.command_line : cfg.shell) == -1)
+                                sandbox_pid, cfg.command_line ? cfg.command_line : cfg.usershell) == -1)
                                errExit("asprintf");
                        logmsg(msg);
                        free(msg);
author	netblue30 <netblue30@protonmail.com>	2022-06-20 08:18:13 -0400
committer	netblue30 <netblue30@protonmail.com>	2022-06-20 08:18:13 -0400
commit	4b4d752158e2a7164765c6c7247ef8b4d6014689 (patch)
tree	18fa1b4e32564376b6502a1cc7b1caed27bbdc54
parent	reverting previous seccomp log fix (#5207) (diff)
download	firejail-4b4d752158e2a7164765c6c7247ef8b4d6014689.tar.gz firejail-4b4d752158e2a7164765c6c7247ef8b4d6014689.tar.zst firejail-4b4d752158e2a7164765c6c7247ef8b4d6014689.zip

diff --git a/src/firejail/env.c b/src/firejail/env.c index 548e8102d..8d2b9ea5a 100644 --- a/src/firejail/env.c +++ b/src/firejail/env.c
@@ -118,10 +118,7 @@ void env_defaults(void) {
118	// env_store_name_val("QTWEBENGINE_DISABLE_SANDBOX", "1", SETENV);	118	// env_store_name_val("QTWEBENGINE_DISABLE_SANDBOX", "1", SETENV);
119	// env_store_name_val("MOZ_NO_REMOTE, "1", SETENV);	119	// env_store_name_val("MOZ_NO_REMOTE, "1", SETENV);
120	env_store_name_val("container", "firejail", SETENV); // LXC sets container=lxc,	120	env_store_name_val("container", "firejail", SETENV); // LXC sets container=lxc,
121	if (!cfg.shell)	121	env_store_name_val("SHELL", cfg.usershell, SETENV);
122	cfg.shell = cfg.usershell;
123	if (cfg.shell)
124	env_store_name_val("SHELL", cfg.shell, SETENV);
125		122
126	// spawn KIO slaves inside the sandbox	123	// spawn KIO slaves inside the sandbox
127	env_store_name_val("KDE_FORK_SLAVES", "1", SETENV);	124	env_store_name_val("KDE_FORK_SLAVES", "1", SETENV);


diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 325524379..a403767fb 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h
@@ -217,7 +217,6 @@ typedef struct config_t {
217	char *command_line;	217	char *command_line;
218	char *window_title;	218	char *window_title;
219	char *command_name;	219	char *command_name;
220	char *shell;
221	char **original_argv;	220	char **original_argv;
222	int original_argc;	221	int original_argc;
223	int original_program_index;	222	int original_program_index;
@@ -310,7 +309,6 @@ extern char *arg_netfilter_file; // netfilter file
310	extern char *arg_netfilter6_file; // netfilter file	309	extern char *arg_netfilter6_file; // netfilter file
311	extern char *arg_netns; // "ip netns"-created network namespace to use	310	extern char *arg_netns; // "ip netns"-created network namespace to use
312	extern int arg_doubledash; // double dash	311	extern int arg_doubledash; // double dash
313	extern int arg_shell_none; // run the program directly without a shell
314	extern int arg_private_dev; // private dev directory	312	extern int arg_private_dev; // private dev directory
315	extern int arg_keep_dev_shm; // preserve /dev/shm	313	extern int arg_keep_dev_shm; // preserve /dev/shm
316	extern int arg_private_etc; // private etc directory	314	extern int arg_private_etc; // private etc directory


diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 061461590..8c4cb3d4f 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c
@@ -62,7 +62,7 @@ static void skel(const char *homedir) {
62	disable_tab_completion(homedir);	62	disable_tab_completion(homedir);
63		63
64	// zsh	64	// zsh
65	if (!arg_shell_none && (strcmp(cfg.shell,"/usr/bin/zsh") == 0 \|\| strcmp(cfg.shell,"/bin/zsh") == 0)) {	65	if (strcmp(cfg.usershell,"/usr/bin/zsh") == 0 \|\| strcmp(cfg.usershell,"/bin/zsh") == 0) {
66	// copy skel files	66	// copy skel files
67	if (asprintf(&fname, "%s/.zshrc", homedir) == -1)	67	if (asprintf(&fname, "%s/.zshrc", homedir) == -1)
68	errExit("asprintf");	68	errExit("asprintf");
@@ -86,7 +86,7 @@ static void skel(const char *homedir) {
86	free(fname);	86	free(fname);
87	}	87	}
88	// csh	88	// csh
89	else if (!arg_shell_none && strcmp(cfg.shell,"/bin/csh") == 0) {	89	else if (strcmp(cfg.usershell,"/bin/csh") == 0) {
90	// copy skel files	90	// copy skel files
91	if (asprintf(&fname, "%s/.cshrc", homedir) == -1)	91	if (asprintf(&fname, "%s/.cshrc", homedir) == -1)
92	errExit("asprintf");	92	errExit("asprintf");


diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c index 848691a56..5d6d81ae1 100644 --- a/src/firejail/fs_lib.c +++ b/src/firejail/fs_lib.c
@@ -392,8 +392,7 @@ void fs_private_lib(void) {
392	char *private_list = cfg.lib_private_keep;	392	char *private_list = cfg.lib_private_keep;
393	if (arg_debug \|\| arg_debug_private_lib)	393	if (arg_debug \|\| arg_debug_private_lib)
394	printf("Starting private-lib processing: program %s, shell %s\n",	394	printf("Starting private-lib processing: program %s, shell %s\n",
395	(cfg.original_program_index > 0)? cfg.original_argv[cfg.original_program_index]: "none",	395	(cfg.original_program_index > 0)? cfg.original_argv[cfg.original_program_index]: "none", cfg.usershell);
396	(arg_shell_none)? "none": cfg.shell);
397		396
398	// create /run/firejail/mnt/lib directory	397	// create /run/firejail/mnt/lib directory
399	mkdir_attr(RUN_LIB_DIR, 0755, 0, 0);	398	mkdir_attr(RUN_LIB_DIR, 0755, 0, 0);
@@ -430,15 +429,15 @@ void fs_private_lib(void) {
430	}	429	}
431	}	430	}
432		431
433	// for the shell	432	// Note: this might be used for appimages!!!
434	if (!arg_shell_none) {	433	// if (!arg_shell_none) {
435	if (arg_debug \|\| arg_debug_private_lib)	434	// if (arg_debug \|\| arg_debug_private_lib)
436	printf("Installing shell libraries\n");	435	// printf("Installing shell libraries\n");
437		436	//
438	fslib_install_list(cfg.shell);	437	// fslib_install_list(cfg.shell);
439	// a shell is useless without some basic commands	438	// // a shell is useless without some basic commands
440	fslib_install_list("/bin/ls,/bin/cat,/bin/mv,/bin/rm");	439	// fslib_install_list("/bin/ls,/bin/cat,/bin/mv,/bin/rm");
441	}	440	// }
442		441
443	// for the listed libs and directories	442	// for the listed libs and directories
444	if (private_list && *private_list != '\0') {	443	if (private_list && *private_list != '\0') {


diff --git a/src/firejail/join.c b/src/firejail/join.c index b47089b0e..7bfe47059 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c
@@ -113,14 +113,13 @@ static void extract_command(int argc, char **argv, int index) {
113		113
114	static int open_shell(void) {	114	static int open_shell(void) {
115	EUID_ASSERT();	115	EUID_ASSERT();
116	assert(cfg.shell);
117		116
118	if (arg_debug)	117	if (arg_debug)
119	printf("Opening shell %s\n", cfg.shell);	118	printf("Opening shell %s\n", cfg.usershell);
120	// file descriptor will leak if not opened with O_CLOEXEC !!	119	// file descriptor will leak if not opened with O_CLOEXEC !!
121	int fd = open(cfg.shell, O_PATH\|O_CLOEXEC);	120	int fd = open(cfg.usershell, O_PATH\|O_CLOEXEC);
122	if (fd == -1) {	121	if (fd == -1) {
123	fprintf(stderr, "Error: cannot open shell %s\n", cfg.shell);	122	fprintf(stderr, "Error: cannot open shell %s\n", cfg.usershell);
124	exit(1);	123	exit(1);
125	}	124	}
126		125
@@ -411,8 +410,9 @@ void join(pid_t pid, int argc, char **argv, int index) {
411	extract_x11_display(pid);	410	extract_x11_display(pid);
412		411
413	int shfd = -1;	412	int shfd = -1;
414	if (!arg_shell_none)	413	// Note: this might be used by joining appimages!!!!
415	shfd = open_shell();	414	// if (!arg_shell_none)
		415	// shfd = open_shell();
416		416
417	// in user mode set caps seccomp, cpu etc.	417	// in user mode set caps seccomp, cpu etc.
418	if (getuid() != 0) {	418	if (getuid() != 0) {
@@ -516,10 +516,8 @@ void join(pid_t pid, int argc, char **argv, int index) {
516	#endif	516	#endif
517		517
518	extract_command(argc, argv, index);	518	extract_command(argc, argv, index);
519	if (cfg.command_line == NULL) {	519	if (cfg.command_line == NULL)
520	assert(cfg.shell);	520	cfg.window_title = cfg.usershell;
521	cfg.window_title = cfg.shell;
522	}
523	else if (arg_debug)	521	else if (arg_debug)
524	printf("Extracted command #%s#\n", cfg.command_line);	522	printf("Extracted command #%s#\n", cfg.command_line);
525		523


diff --git a/src/firejail/main.c b/src/firejail/main.c index 1554209b9..6466be7d4 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -105,7 +105,6 @@ char *arg_netfilter_file = NULL; // netfilter file
105	char *arg_netfilter6_file = NULL; // netfilter6 file	105	char *arg_netfilter6_file = NULL; // netfilter6 file
106	char *arg_netns = NULL; // "ip netns"-created network namespace to use	106	char *arg_netns = NULL; // "ip netns"-created network namespace to use
107	int arg_doubledash = 0; // double dash	107	int arg_doubledash = 0; // double dash
108	int arg_shell_none = 1; // run the program directly without a shell
109	int arg_private_dev = 0; // private dev directory	108	int arg_private_dev = 0; // private dev directory
110	int arg_keep_dev_shm = 0; // preserve /dev/shm	109	int arg_keep_dev_shm = 0; // preserve /dev/shm
111	int arg_private_etc = 0; // private etc directory	110	int arg_private_etc = 0; // private etc directory
@@ -799,8 +798,6 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
799	if (argc <= (i+1))	798	if (argc <= (i+1))
800	just_run_the_shell = 1;	799	just_run_the_shell = 1;
801	cfg.original_program_index = i + 1;	800	cfg.original_program_index = i + 1;
802	if (!cfg.shell)
803	cfg.shell = cfg.usershell;
804		801
805	// join sandbox by pid or by name	802	// join sandbox by pid or by name
806	pid_t pid = require_pid(argv[i] + 7);	803	pid_t pid = require_pid(argv[i] + 7);
@@ -821,10 +818,6 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
821	just_run_the_shell = 1;	818	just_run_the_shell = 1;
822	cfg.original_program_index = i + 1;	819	cfg.original_program_index = i + 1;
823		820
824	if (!cfg.shell)
825	cfg.shell = cfg.usershell;
826
827	printf("***** %d\n", just_run_the_shell);
828	// try to join by name only	821	// try to join by name only
829	pid_t pid;	822	pid_t pid;
830	if (!read_pid(argv[i] + 16, &pid)) {	823	if (!read_pid(argv[i] + 16, &pid)) {
@@ -847,9 +840,6 @@ printf("***** %d\n", just_run_the_shell);
847	exit(1);	840	exit(1);
848	}	841	}
849		842
850	if (!cfg.shell)
851	cfg.shell = cfg.usershell;
852
853	// join sandbox by pid or by name	843	// join sandbox by pid or by name
854	pid_t pid = require_pid(argv[i] + 15);	844	pid_t pid = require_pid(argv[i] + 15);
855	join(pid, argc, argv, i + 1);	845	join(pid, argc, argv, i + 1);
@@ -867,9 +857,6 @@ printf("***** %d\n", just_run_the_shell);
867	exit(1);	857	exit(1);
868	}	858	}
869		859
870	if (!cfg.shell)
871	cfg.shell = cfg.usershell;
872
873	// join sandbox by pid or by name	860	// join sandbox by pid or by name
874	pid_t pid = require_pid(argv[i] + 18);	861	pid_t pid = require_pid(argv[i] + 18);
875	join(pid, argc, argv, i + 1);	862	join(pid, argc, argv, i + 1);
@@ -2685,45 +2672,9 @@ int main(int argc, char argv, char envp) {
2685	else if (strncmp(argv[i], "--oom=", 6) == 0) {	2672	else if (strncmp(argv[i], "--oom=", 6) == 0) {
2686	// already handled	2673	// already handled
2687	}	2674	}
2688	else if (strcmp(argv[i], "--shell=none") == 0) {
2689	fprintf(stderr, "Warning: --shell=none is done by default; the command will be deprecated\n");
2690	if (cfg.shell) {
2691	fprintf(stderr, "Error: a shell was already specified\n");
2692	return 1;
2693	}
2694	}
2695	else if (strncmp(argv[i], "--shell=", 8) == 0) {	2675	else if (strncmp(argv[i], "--shell=", 8) == 0) {
2696	if (arg_shell_none) {	2676	fprintf(stderr, "Warning: --shell feature has been deprecated\n");
2697	fprintf(stderr, "Error: --shell=none was already specified.\n");	2677	exit(1);
2698	return 1;
2699	}
2700	invalid_filename(argv[i] + 8, 0); // no globbing
2701
2702	if (cfg.shell) {
2703	fprintf(stderr, "Error: only one user shell can be specified\n");
2704	return 1;
2705	}
2706	cfg.shell = argv[i] + 8;
2707
2708	if (is_dir(cfg.shell) \|\| strstr(cfg.shell, "..")) {
2709	fprintf(stderr, "Error: invalid shell\n");
2710	exit(1);
2711	}
2712
2713	// access call checks as real UID/GID, not as effective UID/GID
2714	if(cfg.chrootdir) {
2715	char *shellpath;
2716	if (asprintf(&shellpath, "%s%s", cfg.chrootdir, cfg.shell) == -1)
2717	errExit("asprintf");
2718	if (access(shellpath, X_OK)) {
2719	fprintf(stderr, "Error: cannot access shell file in chroot\n");
2720	exit(1);
2721	}
2722	free(shellpath);
2723	} else if (access(cfg.shell, X_OK)) {
2724	fprintf(stderr, "Error: cannot access shell file\n");
2725	exit(1);
2726	}
2727	}	2678	}
2728	else if (strcmp(argv[i], "-c") == 0) {	2679	else if (strcmp(argv[i], "-c") == 0) {
2729	arg_command = 1;	2680	arg_command = 1;
@@ -2785,9 +2736,6 @@ int main(int argc, char argv, char envp) {
2785	cfg.command_name = strdup(argv[i]);	2736	cfg.command_name = strdup(argv[i]);
2786	if (!cfg.command_name)	2737	if (!cfg.command_name)
2787	errExit("strdup");	2738	errExit("strdup");
2788
2789	// disable shell=* for appimages
2790	arg_shell_none = 0;
2791	}	2739	}
2792	else	2740	else
2793	extract_command_name(i, argv);	2741	extract_command_name(i, argv);
@@ -2814,12 +2762,6 @@ int main(int argc, char argv, char envp) {
2814	}	2762	}
2815	}	2763	}
2816		2764
2817	// prog_index could still be -1 if no program was specified
2818	if (prog_index == -1 && arg_shell_none) {
2819	just_run_the_shell = 1;
2820	if (!cfg.shell)
2821	cfg.shell = cfg.usershell;
2822	}
2823		2765
2824	// check trace configuration	2766	// check trace configuration
2825	if (arg_trace && arg_tracelog) {	2767	if (arg_trace && arg_tracelog) {
@@ -2863,27 +2805,18 @@ int main(int argc, char argv, char envp) {
2863	free(msg);	2805	free(msg);
2864	}	2806	}
2865		2807
2866	// guess shell if unspecified
2867	if (!arg_shell_none && !cfg.shell) {
2868	cfg.shell = cfg.usershell;
2869	if (!cfg.shell) {
2870	fprintf(stderr, "Error: unable to guess your shell, please set explicitly by using --shell option.\n");
2871	exit(1);
2872	}
2873	if (arg_debug)
2874	printf("Autoselecting %s as shell\n", cfg.shell);
2875	}
2876
2877	// build the sandbox command	2808	// build the sandbox command
2878	if (prog_index == -1 && cfg.shell) {	2809	if (prog_index == -1) {
2879	assert(cfg.command_line == NULL); // runs cfg.shell	2810	just_run_the_shell = 1;
		2811
		2812	assert(cfg.command_line == NULL); // runs the user shell
2880	if (arg_appimage) {	2813	if (arg_appimage) {
2881	fprintf(stderr, "Error: no appimage archive specified\n");	2814	fprintf(stderr, "Error: no appimage archive specified\n");
2882	exit(1);	2815	exit(1);
2883	}	2816	}
2884		2817
2885	cfg.window_title = cfg.shell;	2818	cfg.window_title = cfg.usershell;
2886	cfg.command_name = cfg.shell;	2819	cfg.command_name = cfg.usershell;
2887	}	2820	}
2888	else if (arg_appimage) {	2821	else if (arg_appimage) {
2889	if (arg_debug)	2822	if (arg_debug)
@@ -2907,11 +2840,8 @@ int main(int argc, char argv, char envp) {
2907		2840
2908	// load the profile	2841	// load the profile
2909	if (!arg_noprofile && !custom_profile) {	2842	if (!arg_noprofile && !custom_profile) {
2910	if (arg_appimage) {	2843	if (arg_appimage)
2911	custom_profile = appimage_find_profile(cfg.command_name);	2844	custom_profile = appimage_find_profile(cfg.command_name);
2912	// disable shell=* for appimages
2913	arg_shell_none = 0;
2914	}
2915	else	2845	else
2916	custom_profile = profile_find_firejail(cfg.command_name, 1);	2846	custom_profile = profile_find_firejail(cfg.command_name, 1);
2917	}	2847	}


diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c index 62b701c4d..f5e287e32 100644 --- a/src/firejail/no_sandbox.c +++ b/src/firejail/no_sandbox.c
@@ -189,25 +189,15 @@ void run_no_sandbox(int argc, char **argv) {
189	}	189	}
190		190
191	if (prog_index == 0) {	191	if (prog_index == 0) {
192	// got no command, require a shell and try to execute it
193	cfg.shell = cfg.usershell;
194	if (!cfg.shell) {
195	fprintf(stderr, "Error: unable to guess your shell, please set SHELL environment variable\n");
196	exit(1);
197	}
198
199	assert(cfg.command_line == NULL);	192	assert(cfg.command_line == NULL);
200	cfg.window_title = cfg.shell;	193	cfg.window_title = cfg.usershell;
201	} else {	194	} else {
202	// this sandbox might not allow execution of a shell	195	// this sandbox might not allow execution of a shell
203	// force --shell=none in order to not break firecfg symbolic links
204	arg_shell_none = 1;
205
206	build_cmdline(&cfg.command_line, &cfg.window_title, argc, argv, prog_index, true);	196	build_cmdline(&cfg.command_line, &cfg.window_title, argc, argv, prog_index, true);
207	}	197	}
208		198
209	fwarning("an existing sandbox was detected. "	199	fwarning("an existing sandbox was detected. "
210	"%s will run without any additional sandboxing features\n", prog_index ? argv[prog_index] : cfg.shell);	200	"%s will run without any additional sandboxing features\n", prog_index ? argv[prog_index] : cfg.usershell);
211		201
212	cfg.original_argv = argv;	202	cfg.original_argv = argv;
213	cfg.original_program_index = prog_index;	203	cfg.original_program_index = prog_index;


diff --git a/src/firejail/profile.c b/src/firejail/profile.c index b0389fc3f..1a83a0628 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c
@@ -1561,9 +1561,6 @@ int profile_check_line(char ptr, int lineno, const char fname) {
1561	int r = name2pid(ptr + 14, &pid);	1561	int r = name2pid(ptr + 14, &pid);
1562	EUID_USER();	1562	EUID_USER();
1563	if (!r) {	1563	if (!r) {
1564	if (!cfg.shell && !arg_shell_none)
1565	cfg.shell = cfg.usershell;
1566
1567	// find first non-option arg	1564	// find first non-option arg
1568	int i;	1565	int i;
1569	for (i = 1; i < cfg.original_argc && strncmp(cfg.original_argv[i], "--", 2) != 0; i++);	1566	for (i = 1; i < cfg.original_argc && strncmp(cfg.original_argv[i], "--", 2) != 0; i++);


diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 7f74635ec..6b84faf13 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c
@@ -528,7 +528,7 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) {
528	//****************************************	528	//****************************************
529	// start the program without using a shell	529	// start the program without using a shell
530	//****************************************	530	//****************************************
531	else if (arg_shell_none) {	531	else if (!arg_appimage) {
532	if (arg_debug) {	532	if (arg_debug) {
533	int i;	533	int i;
534	for (i = cfg.original_program_index; i < cfg.original_argc; i++) {	534	for (i = cfg.original_program_index; i < cfg.original_argc; i++) {
@@ -560,17 +560,15 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) {
560	execvp(cfg.original_argv[cfg.original_program_index], &cfg.original_argv[cfg.original_program_index]);	560	execvp(cfg.original_argv[cfg.original_program_index], &cfg.original_argv[cfg.original_program_index]);
561	}	561	}
562	//****************************************	562	//****************************************
563	// start the program using a shell	563	// start the program using a shell (appimages)
564	//****************************************	564	//****************************************
565	else {	565	else { // appimage
566	assert(cfg.shell);
567
568	char *arg[5];	566	char *arg[5];
569	int index = 0;	567	int index = 0;
570	arg[index++] = cfg.shell;	568	arg[index++] = cfg.usershell;
571	if (cfg.command_line) {	569	if (cfg.command_line) {
572	if (arg_debug)	570	if (arg_debug)
573	printf("Running %s command through %s\n", cfg.command_line, cfg.shell);	571	printf("Running %s command through %s\n", cfg.command_line, cfg.usershell);
574	arg[index++] = "-c";	572	arg[index++] = "-c";
575	if (arg_doubledash)	573	if (arg_doubledash)
576	arg[index++] = "--";	574	arg[index++] = "--";
@@ -578,11 +576,11 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) {
578	}	576	}
579	else if (login_shell) {	577	else if (login_shell) {
580	if (arg_debug)	578	if (arg_debug)
581	printf("Starting %s login shell\n", cfg.shell);	579	printf("Starting %s login shell\n", cfg.usershell);
582	arg[index++] = "-l";	580	arg[index++] = "-l";
583	}	581	}
584	else if (arg_debug)	582	else if (arg_debug)
585	printf("Starting %s shell\n", cfg.shell);	583	printf("Starting %s shell\n", cfg.usershell);
586		584
587	assert(index < 5);	585	assert(index < 5);
588	arg[index] = NULL;	586	arg[index] = NULL;
@@ -590,7 +588,7 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) {
590	if (arg_debug) {	588	if (arg_debug) {
591	char *msg;	589	char *msg;
592	if (asprintf(&msg, "sandbox %d, execvp into %s",	590	if (asprintf(&msg, "sandbox %d, execvp into %s",
593	sandbox_pid, cfg.command_line ? cfg.command_line : cfg.shell) == -1)	591	sandbox_pid, cfg.command_line ? cfg.command_line : cfg.usershell) == -1)
594	errExit("asprintf");	592	errExit("asprintf");
595	logmsg(msg);	593	logmsg(msg);
596	free(msg);	594	free(msg);