aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2016-12-24 12:54:03 -0500
committerLibravatar GitHub <noreply@github.com>2016-12-24 12:54:03 -0500
commitd4bead7957b380ebcb128abda5bc75a41a9efd48 (patch)
tree6dc20800c73b97f234f30f02a82301060c678ef1
parentMerge pull request #1002 from thewisenerd/patch-guess-shell (diff)
parentfirejail: argv: allow multiple private-* options (diff)
downloadfirejail-d4bead7957b380ebcb128abda5bc75a41a9efd48.tar.gz
firejail-d4bead7957b380ebcb128abda5bc75a41a9efd48.tar.zst
firejail-d4bead7957b380ebcb128abda5bc75a41a9efd48.zip
Merge pull request #1004 from thewisenerd/patch-multiple-private-argv
allow multiple private-argv
Diffstat
-rw-r--r--src/firejail/main.c42
-rw-r--r--src/firejail/profile.c34
2 files changed, 62 insertions, 14 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index c74fb02d2..e70e20eec 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1509,7 +1509,15 @@ int main(int argc, char **argv) {
1509 } 1509 }
1510 1510
1511 // extract private home dirname 1511 // extract private home dirname
1512 cfg.home_private_keep = argv[i] + 15; 1512 if (*(argv[i] + 15) == '\0') {
1513 fprintf(stderr, "Error: invalid private-home option\n");
1514 exit(1);
1515 }
1516 if (cfg.home_private_keep) {
1517 if ( asprintf(&cfg.home_private_keep, "%s,%s", cfg.home_private_keep, argv[i] + 15) < 0 )
1518 errExit("asprintf");
1519 } else
1520 cfg.home_private_keep = argv[i] + 15;
1513 arg_private = 1; 1521 arg_private = 1;
1514 } 1522 }
1515 else 1523 else
@@ -1526,38 +1534,54 @@ int main(int argc, char **argv) {
1526 } 1534 }
1527 1535
1528 // extract private etc list 1536 // extract private etc list
1529 cfg.etc_private_keep = argv[i] + 14; 1537 if (*(argv[i] + 14) == '\0') {
1530 if (*cfg.etc_private_keep == '\0') {
1531 fprintf(stderr, "Error: invalid private-etc option\n"); 1538 fprintf(stderr, "Error: invalid private-etc option\n");
1532 exit(1); 1539 exit(1);
1533 } 1540 }
1541 if (cfg.etc_private_keep) {
1542 if ( asprintf(&cfg.etc_private_keep, "%s,%s", cfg.etc_private_keep, argv[i] + 14) < 0 )
1543 errExit("asprintf");
1544 } else
1545 cfg.etc_private_keep = argv[i] + 14;
1534 arg_private_etc = 1; 1546 arg_private_etc = 1;
1535 } 1547 }
1536 else if (strncmp(argv[i], "--private-opt=", 14) == 0) { 1548 else if (strncmp(argv[i], "--private-opt=", 14) == 0) {
1537 // extract private opt list 1549 // extract private opt list
1538 cfg.opt_private_keep = argv[i] + 14; 1550 if (*(argv[i] + 14) == '\0') {
1539 if (*cfg.opt_private_keep == '\0') {
1540 fprintf(stderr, "Error: invalid private-opt option\n"); 1551 fprintf(stderr, "Error: invalid private-opt option\n");
1541 exit(1); 1552 exit(1);
1542 } 1553 }
1554 if (cfg.opt_private_keep) {
1555 if ( asprintf(&cfg.opt_private_keep, "%s,%s", cfg.opt_private_keep, argv[i] + 14) < 0 )
1556 errExit("asprintf");
1557 } else
1558 cfg.opt_private_keep = argv[i] + 14;
1543 arg_private_opt = 1; 1559 arg_private_opt = 1;
1544 } 1560 }
1545 else if (strncmp(argv[i], "--private-srv=", 14) == 0) { 1561 else if (strncmp(argv[i], "--private-srv=", 14) == 0) {
1546 // extract private srv list 1562 // extract private srv list
1547 cfg.srv_private_keep = argv[i] + 14; 1563 if (*(argv[i] + 14) == '\0') {
1548 if (*cfg.srv_private_keep == '\0') {
1549 fprintf(stderr, "Error: invalid private-etc option\n"); 1564 fprintf(stderr, "Error: invalid private-etc option\n");
1550 exit(1); 1565 exit(1);
1551 } 1566 }
1567 if (cfg.srv_private_keep) {
1568 if ( asprintf(&cfg.srv_private_keep, "%s,%s", cfg.srv_private_keep, argv[i] + 14) < 0 )
1569 errExit("asprintf");
1570 } else
1571 cfg.srv_private_keep = argv[i] + 14;
1552 arg_private_srv = 1; 1572 arg_private_srv = 1;
1553 } 1573 }
1554 else if (strncmp(argv[i], "--private-bin=", 14) == 0) { 1574 else if (strncmp(argv[i], "--private-bin=", 14) == 0) {
1555 // extract private bin list 1575 // extract private bin list
1556 cfg.bin_private_keep = argv[i] + 14; 1576 if (*(argv[i] + 14) == '\0') {
1557 if (*cfg.bin_private_keep == '\0') {
1558 fprintf(stderr, "Error: invalid private-bin option\n"); 1577 fprintf(stderr, "Error: invalid private-bin option\n");
1559 exit(1); 1578 exit(1);
1560 } 1579 }
1580 if (cfg.bin_private_keep) {
1581 if ( asprintf(&cfg.bin_private_keep, "%s,%s", cfg.bin_private_keep, argv[i] + 14) < 0 )
1582 errExit("asprintf");
1583 } else
1584 cfg.bin_private_keep = argv[i] + 14;
1561 arg_private_bin = 1; 1585 arg_private_bin = 1;
1562 } 1586 }
1563 else if (strcmp(argv[i], "--private-tmp") == 0) { 1587 else if (strcmp(argv[i], "--private-tmp") == 0) {
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index da3daf95a..fab4f1efa 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -179,7 +179,11 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
179 if (strncmp(ptr, "private-home ", 13) == 0) { 179 if (strncmp(ptr, "private-home ", 13) == 0) {
180#ifdef HAVE_PRIVATE_HOME 180#ifdef HAVE_PRIVATE_HOME
181 if (checkcfg(CFG_PRIVATE_HOME)) { 181 if (checkcfg(CFG_PRIVATE_HOME)) {
182 cfg.home_private_keep = ptr + 13; 182 if (cfg.home_private_keep) {
183 if ( asprintf(&cfg.home_private_keep, "%s,%s", cfg.home_private_keep, ptr + 13) < 0 )
184 errExit("asprintf");
185 } else
186 cfg.home_private_keep = ptr + 13;
183 arg_private = 1; 187 arg_private = 1;
184 } 188 }
185 else 189 else
@@ -748,7 +752,12 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
748 fprintf(stderr, "Error: --private-etc and --writable-etc are mutually exclusive\n"); 752 fprintf(stderr, "Error: --private-etc and --writable-etc are mutually exclusive\n");
749 exit(1); 753 exit(1);
750 } 754 }
751 cfg.etc_private_keep = ptr + 12; 755 if (cfg.etc_private_keep) {
756 if ( asprintf(&cfg.etc_private_keep, "%s,%s", cfg.etc_private_keep, ptr + 12) < 0 )
757 errExit("asprintf");
758 } else {
759 cfg.etc_private_keep = ptr + 12;
760 }
752 arg_private_etc = 1; 761 arg_private_etc = 1;
753 762
754 return 0; 763 return 0;
@@ -756,7 +765,12 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
756 765
757 // private /opt list of files and directories 766 // private /opt list of files and directories
758 if (strncmp(ptr, "private-opt ", 12) == 0) { 767 if (strncmp(ptr, "private-opt ", 12) == 0) {
759 cfg.opt_private_keep = ptr + 12; 768 if (cfg.opt_private_keep) {
769 if ( asprintf(&cfg.opt_private_keep, "%s,%s", cfg.opt_private_keep, ptr + 12) < 0 )
770 errExit("asprintf");
771 } else {
772 cfg.opt_private_keep = ptr + 12;
773 }
760 arg_private_opt = 1; 774 arg_private_opt = 1;
761 775
762 return 0; 776 return 0;
@@ -764,7 +778,12 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
764 778
765 // private /srv list of files and directories 779 // private /srv list of files and directories
766 if (strncmp(ptr, "private-srv ", 12) == 0) { 780 if (strncmp(ptr, "private-srv ", 12) == 0) {
767 cfg.srv_private_keep = ptr + 12; 781 if (cfg.srv_private_keep) {
782 if ( asprintf(&cfg.srv_private_keep, "%s,%s", cfg.srv_private_keep, ptr + 12) < 0 )
783 errExit("asprintf");
784 } else {
785 cfg.srv_private_keep = ptr + 12;
786 }
768 arg_private_srv = 1; 787 arg_private_srv = 1;
769 788
770 return 0; 789 return 0;
@@ -772,7 +791,12 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
772 791
773 // private /bin list of files 792 // private /bin list of files
774 if (strncmp(ptr, "private-bin ", 12) == 0) { 793 if (strncmp(ptr, "private-bin ", 12) == 0) {
775 cfg.bin_private_keep = ptr + 12; 794 if (cfg.bin_private_keep) {
795 if ( asprintf(&cfg.bin_private_keep, "%s,%s", cfg.bin_private_keep, ptr + 12) < 0 )
796 errExit("asprintf");
797 } else {
798 cfg.bin_private_keep = ptr + 12;
799 }
776 arg_private_bin = 1; 800 arg_private_bin = 1;
777 return 0; 801 return 0;
778 } 802 }
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-08 11:03:07 +0000