appimage: automatically detect profile

author: netblue30 <netblue30@protonmail.com> 2021-06-14 10:15:35 -0400
committer: netblue30 <netblue30@protonmail.com> 2021-06-14 10:15:35 -0400
commit: e770ab6d858bf8594edb012b1df6b899efb37e94 (patch)
tree: b34d2690c822d8b8879d164e9c948051f580120c
parent: mention new tin profile in readme/relnotes (diff)
download: firejail-e770ab6d858bf8594edb012b1df6b899efb37e94.tar.gz
firejail-e770ab6d858bf8594edb012b1df6b899efb37e94.tar.zst
firejail-e770ab6d858bf8594edb012b1df6b899efb37e94.zip
4 files changed, 43 insertions, 3 deletions
diff --git a/README b/README
index 7310d22da..b8c0aef44 100644
--- a/README
+++ b/README
@@ -500,6 +500,7 @@ Jean-Philippe Eisenbarth (https://github.com/jpeisenbarth)
        - fixed spotify.profile
 Jeff Squyres (https://github.com/jsquyres)
        - various manpage fixes
+        - cmdline.c: optionally quote the resulting command line
 Jericho (https://github.com/attritionorg)
        - spelling
 Jesse Smith (https://github.com/slicer69)
diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c
index 6b9fed765..d194eeafb 100644
--- a/src/firejail/appimage.c
+++ b/src/firejail/appimage.c
@@ -30,6 +30,7 @@
 static char *devloop = NULL;    // device file
 static long unsigned size = 0;  // offset into appimage file
+#define MAXBUF 4096
 #ifdef LOOP_CTL_GET_FREE        // test for older kernels; this definition is found in /usr/include/linux/loop.h
 static void err_loop(void) {
@@ -38,6 +39,32 @@ static void err_loop(void) {
 }
 #endif
+// return 1 if found
+int appimage_find_profile(const char *archive) {
+        assert(archive);
+        assert(strlen(archive));
+        // try to match the name of the archive with the list of programs in /usr/lib/firejail/firecfg.config
+        FILE *fp = fopen(LIBDIR "/firejail/firecfg.config", "r");
+        if (!fp) {
+                fprintf(stderr, "Error: cannot find %s, firejail is not correctly installed\n", LIBDIR "/firejail/firecfg.config");
+                exit(1);
+        }
+        char buf[MAXBUF];
+        while (fgets(buf, MAXBUF, fp)) {
+                if (*buf == '#')
+                        continue;
+                char *ptr = strchr(buf, '\n');
+                if (ptr)
+                        *ptr = '\0';
+                if (strcasestr(archive, buf))
+                        return profile_find_firejail(buf, 1);
+        }
+        return 0;
+}
 void appimage_set(const char *appimage) {
        assert(appimage);
        assert(devloop == NULL);        // don't call this twice!
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index c442a97bf..622be4d97 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -5,7 +5,7 @@
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation; eithe r version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
@@ -815,6 +815,7 @@ int checkcfg(int val);
 void print_compiletime_support(void);
 // appimage.c
+int appimage_find_profile(const char *archive);
 void appimage_set(const char *appimage_path);
 void appimage_mount(void);
 void appimage_clear(void);
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 12ac01de7..c6dda268d 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -2819,6 +2819,11 @@ int main(int argc, char **argv, char **envp) {
        // build the sandbox command
        if (prog_index == -1 && cfg.shell) {
                assert(cfg.command_line == NULL); // runs cfg.shell
+                if (arg_appimage) {
+                        fprintf(stderr, "Error: no appimage archive specified\n");
+                        exit(1);
+                }
                cfg.window_title = cfg.shell;
                cfg.command_name = cfg.shell;
        }
@@ -2844,7 +2849,13 @@ int main(int argc, char **argv, char **envp) {
        // load the profile
        if (!arg_noprofile && !custom_profile) {
-                custom_profile = profile_find_firejail(cfg.command_name, 1);
+                if (arg_appimage) {
+                        custom_profile = appimage_find_profile(cfg.command_name);
+                        // disable shell=* for appimages
+                        arg_shell_none = 0;
+                }
+                else
+                        custom_profile = profile_find_firejail(cfg.command_name, 1);
        }
        // use default.profile as the default
@@ -2858,7 +2869,7 @@ int main(int argc, char **argv, char **envp) {
                custom_profile = profile_find_firejail(profile_name, 1);
                if (!custom_profile) {
-                        fprintf(stderr, "Error: no default.profile installed\n");
+                        fprintf(stderr, "Error: no %s installed\n", profile_name);
                        exit(1);
                }
author	netblue30 <netblue30@protonmail.com>	2021-06-14 10:15:35 -0400
committer	netblue30 <netblue30@protonmail.com>	2021-06-14 10:15:35 -0400
commit	e770ab6d858bf8594edb012b1df6b899efb37e94 (patch)
tree	b34d2690c822d8b8879d164e9c948051f580120c
parent	mention new tin profile in readme/relnotes (diff)
download	firejail-e770ab6d858bf8594edb012b1df6b899efb37e94.tar.gz firejail-e770ab6d858bf8594edb012b1df6b899efb37e94.tar.zst firejail-e770ab6d858bf8594edb012b1df6b899efb37e94.zip