enable apparmor profile from firecfg

author: netblue30 <netblue30@yahoo.com> 2019-11-15 15:36:41 -0500
committer: netblue30 <netblue30@yahoo.com> 2019-11-15 15:36:41 -0500
commit: 107b4606f33a260e2e29e4aa64eca896e327fe1e (patch)
tree: b9a3881c9eae64855789140a6716330148ddba73 /src/firecfg/main.c
parent: fixing the fix (diff)
download: firejail-107b4606f33a260e2e29e4aa64eca896e327fe1e.tar.gz
firejail-107b4606f33a260e2e29e4aa64eca896e327fe1e.tar.zst
firejail-107b4606f33a260e2e29e4aa64eca896e327fe1e.zip
1 files changed, 17 insertions, 1 deletions
diff --git a/src/firecfg/main.c b/src/firecfg/main.c
index 3f5921322..a7a175ad8 100644
--- a/src/firecfg/main.c
+++ b/src/firecfg/main.c
@@ -443,15 +443,31 @@ int main(int argc, char **argv) {
        // set new symlinks based on /usr/lib/firejail/firecfg.cfg
        set_links_firecfg();
-        // add user to firejail access database - only for root
        if (getuid() == 0) {
+                // add user to firejail access database - only for root
                printf("\nAdding user %s to Firejail access database in %s/firejail.users\n", user, SYSCONFDIR);
                // temporarily set the umask, access database must be world-readable
                mode_t orig_umask = umask(022);
                firejail_user_add(user);
                umask(orig_umask);
+                // enable firejail apparmor profile
+                struct stat s;
+                if (stat("/sbin/apparmor_parser", &s) == 0) {
+                        char *cmd;
+                        // SYSCONFDIR points to /etc/firejail, we have to go on level up (..)
+                        printf("\nLoading AppArmor profile\n");
+                        if (asprintf(&cmd, "/sbin/apparmor_parser -r /etc/apparmor.d/firejail-default %s/../apparmor.d/firejail-default", SYSCONFDIR) == -1)
+                                errExit("asprintf");
+                        int rv = system(cmd);
+                        (void) rv;
+                        free(cmd);
+                }
        }
        // set new symlinks based on ~/.config/firejail directory
        set_links_homedir(home);
author	netblue30 <netblue30@yahoo.com>	2019-11-15 15:36:41 -0500
committer	netblue30 <netblue30@yahoo.com>	2019-11-15 15:36:41 -0500
commit	107b4606f33a260e2e29e4aa64eca896e327fe1e (patch)
tree	b9a3881c9eae64855789140a6716330148ddba73 /src/firecfg/main.c
parent	fixing the fix (diff)
download	firejail-107b4606f33a260e2e29e4aa64eca896e327fe1e.tar.gz firejail-107b4606f33a260e2e29e4aa64eca896e327fe1e.tar.zst firejail-107b4606f33a260e2e29e4aa64eca896e327fe1e.zip

diff --git a/src/firecfg/main.c b/src/firecfg/main.c index 3f5921322..a7a175ad8 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c
@@ -443,15 +443,31 @@ int main(int argc, char **argv) {
443	// set new symlinks based on /usr/lib/firejail/firecfg.cfg	443	// set new symlinks based on /usr/lib/firejail/firecfg.cfg
444	set_links_firecfg();	444	set_links_firecfg();
445		445
446	// add user to firejail access database - only for root
447	if (getuid() == 0) {	446	if (getuid() == 0) {
		447	// add user to firejail access database - only for root
448	printf("\nAdding user %s to Firejail access database in %s/firejail.users\n", user, SYSCONFDIR);	448	printf("\nAdding user %s to Firejail access database in %s/firejail.users\n", user, SYSCONFDIR);
449	// temporarily set the umask, access database must be world-readable	449	// temporarily set the umask, access database must be world-readable
450	mode_t orig_umask = umask(022);	450	mode_t orig_umask = umask(022);
451	firejail_user_add(user);	451	firejail_user_add(user);
452	umask(orig_umask);	452	umask(orig_umask);
		453
		454	// enable firejail apparmor profile
		455	struct stat s;
		456	if (stat("/sbin/apparmor_parser", &s) == 0) {
		457	char *cmd;
		458
		459	// SYSCONFDIR points to /etc/firejail, we have to go on level up (..)
		460	printf("\nLoading AppArmor profile\n");
		461	if (asprintf(&cmd, "/sbin/apparmor_parser -r /etc/apparmor.d/firejail-default %s/../apparmor.d/firejail-default", SYSCONFDIR) == -1)
		462	errExit("asprintf");
		463	int rv = system(cmd);
		464	(void) rv;
		465	free(cmd);
		466	}
453	}	467	}
454		468
		469
		470
455	// set new symlinks based on ~/.config/firejail directory	471	// set new symlinks based on ~/.config/firejail directory
456	set_links_homedir(home);	472	set_links_homedir(home);
457		473