aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar Simo Piiroinen <simo.piiroinen@jolla.com>2020-11-06 10:13:35 +0200
committerLibravatar Tomi Leppänen <tomi.leppanen@jolla.com>2021-02-25 16:30:56 +0200
commit5ffd9287fc12fe8fca1a7452adeb92fa9a5b0b7e (patch)
tree9414aa2c97eb7b2803e67ceae0966bf535846838
parentAdd utility functions for handling comma separated lists (diff)
downloadfirejail-5ffd9287.tar.gz
firejail-5ffd9287.tar.zst
firejail-5ffd9287.zip
Allow changing "protocol" list after initial set
Firejail uses set-once logic for "protocol" list. This makes it impossible to accumulate list of allowed protocols from multiple include files. Use profile_list_augment() for maintaining list of protocols. This implicitly means protocols can be added/removed via any number of command line options / profile configuration files. Signed-off-by: Simo Piiroinen <simo.piiroinen@jolla.com> Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
-rw-r--r--src/firejail/main.c13
-rw-r--r--src/firejail/profile.c13
2 files changed, 8 insertions, 18 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index ef8166204..d99e4e0b9 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1285,15 +1285,10 @@ int main(int argc, char **argv, char **envp) {
1285#endif 1285#endif
1286 else if (strncmp(argv[i], "--protocol=", 11) == 0) { 1286 else if (strncmp(argv[i], "--protocol=", 11) == 0) {
1287 if (checkcfg(CFG_SECCOMP)) { 1287 if (checkcfg(CFG_SECCOMP)) {
1288 if (cfg.protocol) { 1288 const char *add = argv[i] + 11;
1289 fwarning("more than one protocol list is present, \"%s\" will be installed\n", cfg.protocol); 1289 profile_list_augment(&cfg.protocol, add);
1290 } 1290 if (arg_debug)
1291 else { 1291 fprintf(stderr, "[option] combined protocol list: \"%s\"\n", cfg.protocol);
1292 // store list
1293 cfg.protocol = strdup(argv[i] + 11);
1294 if (!cfg.protocol)
1295 errExit("strdup");
1296 }
1297 } 1292 }
1298 else 1293 else
1299 exit_err_feature("seccomp"); 1294 exit_err_feature("seccomp");
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 7b5fbfedf..f3266c23e 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -911,15 +911,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
911 911
912 if (strncmp(ptr, "protocol ", 9) == 0) { 912 if (strncmp(ptr, "protocol ", 9) == 0) {
913 if (checkcfg(CFG_SECCOMP)) { 913 if (checkcfg(CFG_SECCOMP)) {
914 if (cfg.protocol) { 914 const char *add = ptr + 9;
915 fwarning("more than one protocol list is present, \"%s\" will be installed\n", cfg.protocol); 915 profile_list_augment(&cfg.protocol, add);
916 return 0; 916 if (arg_debug)
917 } 917 fprintf(stderr, "[profile] combined protocol list: \"%s\"\n", cfg.protocol);
918
919 // store list
920 cfg.protocol = strdup(ptr + 9);
921 if (!cfg.protocol)
922 errExit("strdup");
923 } 918 }
924 else 919 else
925 warning_feature_disabled("seccomp"); 920 warning_feature_disabled("seccomp");