diff options
author | Simo Piiroinen <simo.piiroinen@jolla.com> | 2020-11-06 10:13:35 +0200 |
---|---|---|
committer | Tomi Leppänen <tomi.leppanen@jolla.com> | 2021-02-25 16:30:56 +0200 |
commit | 5ffd9287fc12fe8fca1a7452adeb92fa9a5b0b7e (patch) | |
tree | 9414aa2c97eb7b2803e67ceae0966bf535846838 | |
parent | Add utility functions for handling comma separated lists (diff) | |
download | firejail-5ffd9287fc12fe8fca1a7452adeb92fa9a5b0b7e.tar.gz firejail-5ffd9287fc12fe8fca1a7452adeb92fa9a5b0b7e.tar.zst firejail-5ffd9287fc12fe8fca1a7452adeb92fa9a5b0b7e.zip |
Allow changing "protocol" list after initial set
Firejail uses set-once logic for "protocol" list. This makes it
impossible to accumulate list of allowed protocols from multiple
include files.
Use profile_list_augment() for maintaining list of protocols. This
implicitly means protocols can be added/removed via any number of
command line options / profile configuration files.
Signed-off-by: Simo Piiroinen <simo.piiroinen@jolla.com>
Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
-rw-r--r-- | src/firejail/main.c | 13 | ||||
-rw-r--r-- | src/firejail/profile.c | 13 |
2 files changed, 8 insertions, 18 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index ef8166204..d99e4e0b9 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1285,15 +1285,10 @@ int main(int argc, char **argv, char **envp) { | |||
1285 | #endif | 1285 | #endif |
1286 | else if (strncmp(argv[i], "--protocol=", 11) == 0) { | 1286 | else if (strncmp(argv[i], "--protocol=", 11) == 0) { |
1287 | if (checkcfg(CFG_SECCOMP)) { | 1287 | if (checkcfg(CFG_SECCOMP)) { |
1288 | if (cfg.protocol) { | 1288 | const char *add = argv[i] + 11; |
1289 | fwarning("more than one protocol list is present, \"%s\" will be installed\n", cfg.protocol); | 1289 | profile_list_augment(&cfg.protocol, add); |
1290 | } | 1290 | if (arg_debug) |
1291 | else { | 1291 | fprintf(stderr, "[option] combined protocol list: \"%s\"\n", cfg.protocol); |
1292 | // store list | ||
1293 | cfg.protocol = strdup(argv[i] + 11); | ||
1294 | if (!cfg.protocol) | ||
1295 | errExit("strdup"); | ||
1296 | } | ||
1297 | } | 1292 | } |
1298 | else | 1293 | else |
1299 | exit_err_feature("seccomp"); | 1294 | exit_err_feature("seccomp"); |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 7b5fbfedf..f3266c23e 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -911,15 +911,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
911 | 911 | ||
912 | if (strncmp(ptr, "protocol ", 9) == 0) { | 912 | if (strncmp(ptr, "protocol ", 9) == 0) { |
913 | if (checkcfg(CFG_SECCOMP)) { | 913 | if (checkcfg(CFG_SECCOMP)) { |
914 | if (cfg.protocol) { | 914 | const char *add = ptr + 9; |
915 | fwarning("more than one protocol list is present, \"%s\" will be installed\n", cfg.protocol); | 915 | profile_list_augment(&cfg.protocol, add); |
916 | return 0; | 916 | if (arg_debug) |
917 | } | 917 | fprintf(stderr, "[profile] combined protocol list: \"%s\"\n", cfg.protocol); |
918 | |||
919 | // store list | ||
920 | cfg.protocol = strdup(ptr + 9); | ||
921 | if (!cfg.protocol) | ||
922 | errExit("strdup"); | ||
923 | } | 918 | } |
924 | else | 919 | else |
925 | warning_feature_disabled("seccomp"); | 920 | warning_feature_disabled("seccomp"); |