diff options
| author |  Simo Piiroinen <simo.piiroinen@jolla.com> | 2020-11-06 10:13:35 +0200 |
|---|---|---|
| committer |  Tomi Leppänen <tomi.leppanen@jolla.com> | 2021-02-25 16:30:56 +0200 |
| commit | 5ffd9287fc12fe8fca1a7452adeb92fa9a5b0b7e (patch) | |
| tree | 9414aa2c97eb7b2803e67ceae0966bf535846838 | |
| parent | Add utility functions for handling comma separated lists (diff) | |
| download | firejail-5ffd9287.tar.gz firejail-5ffd9287.tar.zst firejail-5ffd9287.zip | |
Allow changing "protocol" list after initial set
Firejail uses set-once logic for "protocol" list. This makes it
impossible to accumulate list of allowed protocols from multiple
include files.
Use profile_list_augment() for maintaining list of protocols. This
implicitly means protocols can be added/removed via any number of
command line options / profile configuration files.
Signed-off-by: Simo Piiroinen <simo.piiroinen@jolla.com>
Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
| -rw-r--r-- | src/firejail/main.c | 13 | ||||
| -rw-r--r-- | src/firejail/profile.c | 13 |
2 files changed, 8 insertions, 18 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index ef8166204..d99e4e0b9 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -1285,15 +1285,10 @@ int main(int argc, char **argv, char **envp) { | |||
| 1285 | #endif | 1285 | #endif |
| 1286 | else if (strncmp(argv[i], "--protocol=", 11) == 0) { | 1286 | else if (strncmp(argv[i], "--protocol=", 11) == 0) { |
| 1287 | if (checkcfg(CFG_SECCOMP)) { | 1287 | if (checkcfg(CFG_SECCOMP)) { |
| 1288 | if (cfg.protocol) { | 1288 | const char *add = argv[i] + 11; |
| 1289 | fwarning("more than one protocol list is present, \"%s\" will be installed\n", cfg.protocol); | 1289 | profile_list_augment(&cfg.protocol, add); |
| 1290 | } | 1290 | if (arg_debug) |
| 1291 | else { | 1291 | fprintf(stderr, "[option] combined protocol list: \"%s\"\n", cfg.protocol); |
| 1292 | // store list | ||
| 1293 | cfg.protocol = strdup(argv[i] + 11); | ||
| 1294 | if (!cfg.protocol) | ||
| 1295 | errExit("strdup"); | ||
| 1296 | } | ||
| 1297 | } | 1292 | } |
| 1298 | else | 1293 | else |
| 1299 | exit_err_feature("seccomp"); | 1294 | exit_err_feature("seccomp"); |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 7b5fbfedf..f3266c23e 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -911,15 +911,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
| 911 | 911 | ||
| 912 | if (strncmp(ptr, "protocol ", 9) == 0) { | 912 | if (strncmp(ptr, "protocol ", 9) == 0) { |
| 913 | if (checkcfg(CFG_SECCOMP)) { | 913 | if (checkcfg(CFG_SECCOMP)) { |
| 914 | if (cfg.protocol) { | 914 | const char *add = ptr + 9; |
| 915 | fwarning("more than one protocol list is present, \"%s\" will be installed\n", cfg.protocol); | 915 | profile_list_augment(&cfg.protocol, add); |
| 916 | return 0; | 916 | if (arg_debug) |
| 917 | } | 917 | fprintf(stderr, "[profile] combined protocol list: \"%s\"\n", cfg.protocol); |
| 918 | |||
| 919 | // store list | ||
| 920 | cfg.protocol = strdup(ptr + 9); | ||
| 921 | if (!cfg.protocol) | ||
| 922 | errExit("strdup"); | ||
| 923 | } | 918 | } |
| 924 | else | 919 | else |
| 925 | warning_feature_disabled("seccomp"); | 920 | warning_feature_disabled("seccomp"); |