support trailing comments on profile lines

5 files changed, 67 insertions, 4 deletions

diff --git a/RELNOTES b/RELNOTES
index 91d99012c..786a1afcd 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -18,6 +18,7 @@ firejail (0.9.65) baseline; urgency=low
   * compile time: --enable-lts
   * subdirs support in private-etc
   * input devices support in private-dev, --no-input
+  * support trailing comments on profile lines
   * new profiles: vmware-view, display-im6.q16, ipcalc, ipcalc-ng
   * ebook-convert, ebook-edit, ebook-meta, ebook-polish, lzop,
   * avidemux, calligragemini, vmware-player, vmware-workstation
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index dd4506ac1..38e94c074 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -1714,13 +1714,17 @@ void profile_read(const char *fname) {
         int lineno = 0;
         while (fgets(buf, MAX_READ, fp)) {
                 ++lineno;
+
+                // remove comments
+                char *ptr = strchr(buf, '#');
+                if (ptr)
+                        *ptr = '\0';
+
                 // remove empty space - ptr in allocated memory
-                char *ptr = line_remove_spaces(buf);
+                ptr = line_remove_spaces(buf);
                 if (ptr == NULL)
                         continue;
-
-                // comments
-                if (*ptr == '#' || *ptr == '\0') {
+                if (*ptr == '\0') {
                         free(ptr);
                         continue;
                 }
diff --git a/test/profiles/comment.profile b/test/profiles/comment.profile
new file mode 100644
index 000000000..4a907a408
--- /dev/null
+++ b/test/profiles/comment.profile
@@ -0,0 +1,3 @@
+# this is a comment
+net none # this is another comment
+private # some other comment
diff --git a/test/profiles/profile_comment.exp b/test/profiles/profile_comment.exp
new file mode 100755
index 000000000..a2be510c1
--- /dev/null
+++ b/test/profiles/profile_comment.exp
@@ -0,0 +1,52 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2021 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "rm -fr /tmp/firejailtest*\r"
+send -- "rm -fr /tmp/firejail-strace*\r"
+send -- "rm -fr /tmp/firejail-trace*\r"
+sleep 1
+
+send -- "firejail --profile=comment.profile /usr/bin/true\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Parent is shutting down"
+}
+sleep 2
+
+send -- "firejail --build=/tmp/firejailtest.profile /usr/bin/true\r"
+sleep 1
+
+send -- "cat /tmp/firejailtest.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "seccomp"
+}
+after 100
+
+send -- "firejail --profile=/tmp/firejailtest.profile /usr/bin/true\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Child process initialized"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Parent is shutting down"
+}
+after 100
+
+send -- "rm -fr /tmp/firejailtest*\r"
+send -- "rm -fr /tmp/firejail-strace*\r"
+send -- "rm -fr /tmp/firejail-trace*\r"
+after 100
+
+puts "\nall done\n"
diff --git a/test/profiles/profiles.sh b/test/profiles/profiles.sh
index a5f74f2e2..cbc6fa4d9 100755
--- a/test/profiles/profiles.sh
+++ b/test/profiles/profiles.sh
@@ -7,6 +7,9 @@ export MALLOC_CHECK_=3
 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
 export LC_ALL=C
 
+echo "TESTING: profile comments (test/profiles/profilecomment.exp)"
+./profile_comment.exp
+
 echo "TESTING: profile conditional (test/profiles/conditional.exp)"
 ./conditional.exp