aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar thewisenerd <thewisenerd@protonmail.com>2016-12-24 07:10:24 +0530
committerLibravatar thewisenerd <thewisenerd@protonmail.com>2016-12-24 07:16:31 +0530
commitef75c0c22e35bc1cb5339519871de8e1dc4ed5c7 (patch)
tree27bd8776bc9d15c48d14160e4802cd470de38a35
parentfirejail: private-* : check, then assign. (diff)
downloadfirejail-ef75c0c22e35bc1cb5339519871de8e1dc4ed5c7.tar.gz
firejail-ef75c0c22e35bc1cb5339519871de8e1dc4ed5c7.tar.zst
firejail-ef75c0c22e35bc1cb5339519871de8e1dc4ed5c7.zip
firejail: profile: allow multiple private-* options
Diffstat
-rw-r--r--src/firejail/profile.c34
1 files changed, 29 insertions, 5 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index da3daf95a..fab4f1efa 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -179,7 +179,11 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
179 if (strncmp(ptr, "private-home ", 13) == 0) { 179 if (strncmp(ptr, "private-home ", 13) == 0) {
180#ifdef HAVE_PRIVATE_HOME 180#ifdef HAVE_PRIVATE_HOME
181 if (checkcfg(CFG_PRIVATE_HOME)) { 181 if (checkcfg(CFG_PRIVATE_HOME)) {
182 cfg.home_private_keep = ptr + 13; 182 if (cfg.home_private_keep) {
183 if ( asprintf(&cfg.home_private_keep, "%s,%s", cfg.home_private_keep, ptr + 13) < 0 )
184 errExit("asprintf");
185 } else
186 cfg.home_private_keep = ptr + 13;
183 arg_private = 1; 187 arg_private = 1;
184 } 188 }
185 else 189 else
@@ -748,7 +752,12 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
748 fprintf(stderr, "Error: --private-etc and --writable-etc are mutually exclusive\n"); 752 fprintf(stderr, "Error: --private-etc and --writable-etc are mutually exclusive\n");
749 exit(1); 753 exit(1);
750 } 754 }
751 cfg.etc_private_keep = ptr + 12; 755 if (cfg.etc_private_keep) {
756 if ( asprintf(&cfg.etc_private_keep, "%s,%s", cfg.etc_private_keep, ptr + 12) < 0 )
757 errExit("asprintf");
758 } else {
759 cfg.etc_private_keep = ptr + 12;
760 }
752 arg_private_etc = 1; 761 arg_private_etc = 1;
753 762
754 return 0; 763 return 0;
@@ -756,7 +765,12 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
756 765
757 // private /opt list of files and directories 766 // private /opt list of files and directories
758 if (strncmp(ptr, "private-opt ", 12) == 0) { 767 if (strncmp(ptr, "private-opt ", 12) == 0) {
759 cfg.opt_private_keep = ptr + 12; 768 if (cfg.opt_private_keep) {
769 if ( asprintf(&cfg.opt_private_keep, "%s,%s", cfg.opt_private_keep, ptr + 12) < 0 )
770 errExit("asprintf");
771 } else {
772 cfg.opt_private_keep = ptr + 12;
773 }
760 arg_private_opt = 1; 774 arg_private_opt = 1;
761 775
762 return 0; 776 return 0;
@@ -764,7 +778,12 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
764 778
765 // private /srv list of files and directories 779 // private /srv list of files and directories
766 if (strncmp(ptr, "private-srv ", 12) == 0) { 780 if (strncmp(ptr, "private-srv ", 12) == 0) {
767 cfg.srv_private_keep = ptr + 12; 781 if (cfg.srv_private_keep) {
782 if ( asprintf(&cfg.srv_private_keep, "%s,%s", cfg.srv_private_keep, ptr + 12) < 0 )
783 errExit("asprintf");
784 } else {
785 cfg.srv_private_keep = ptr + 12;
786 }
768 arg_private_srv = 1; 787 arg_private_srv = 1;
769 788
770 return 0; 789 return 0;
@@ -772,7 +791,12 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
772 791
773 // private /bin list of files 792 // private /bin list of files
774 if (strncmp(ptr, "private-bin ", 12) == 0) { 793 if (strncmp(ptr, "private-bin ", 12) == 0) {
775 cfg.bin_private_keep = ptr + 12; 794 if (cfg.bin_private_keep) {
795 if ( asprintf(&cfg.bin_private_keep, "%s,%s", cfg.bin_private_keep, ptr + 12) < 0 )
796 errExit("asprintf");
797 } else {
798 cfg.bin_private_keep = ptr + 12;
799 }
776 arg_private_bin = 1; 800 arg_private_bin = 1;
777 return 0; 801 return 0;
778 } 802 }
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-08 10:10:51 +0000