diff options
author | netblue30 <netblue30@yahoo.com> | 2019-11-15 15:36:41 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2019-11-15 15:36:41 -0500 |
commit | 107b4606f33a260e2e29e4aa64eca896e327fe1e (patch) | |
tree | b9a3881c9eae64855789140a6716330148ddba73 /src/firecfg/main.c | |
parent | fixing the fix (diff) | |
download | firejail-107b4606f33a260e2e29e4aa64eca896e327fe1e.tar.gz firejail-107b4606f33a260e2e29e4aa64eca896e327fe1e.tar.zst firejail-107b4606f33a260e2e29e4aa64eca896e327fe1e.zip |
enable apparmor profile from firecfg
Diffstat (limited to 'src/firecfg/main.c')
-rw-r--r-- | src/firecfg/main.c | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/src/firecfg/main.c b/src/firecfg/main.c index 3f5921322..a7a175ad8 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c | |||
@@ -443,15 +443,31 @@ int main(int argc, char **argv) { | |||
443 | // set new symlinks based on /usr/lib/firejail/firecfg.cfg | 443 | // set new symlinks based on /usr/lib/firejail/firecfg.cfg |
444 | set_links_firecfg(); | 444 | set_links_firecfg(); |
445 | 445 | ||
446 | // add user to firejail access database - only for root | ||
447 | if (getuid() == 0) { | 446 | if (getuid() == 0) { |
447 | // add user to firejail access database - only for root | ||
448 | printf("\nAdding user %s to Firejail access database in %s/firejail.users\n", user, SYSCONFDIR); | 448 | printf("\nAdding user %s to Firejail access database in %s/firejail.users\n", user, SYSCONFDIR); |
449 | // temporarily set the umask, access database must be world-readable | 449 | // temporarily set the umask, access database must be world-readable |
450 | mode_t orig_umask = umask(022); | 450 | mode_t orig_umask = umask(022); |
451 | firejail_user_add(user); | 451 | firejail_user_add(user); |
452 | umask(orig_umask); | 452 | umask(orig_umask); |
453 | |||
454 | // enable firejail apparmor profile | ||
455 | struct stat s; | ||
456 | if (stat("/sbin/apparmor_parser", &s) == 0) { | ||
457 | char *cmd; | ||
458 | |||
459 | // SYSCONFDIR points to /etc/firejail, we have to go on level up (..) | ||
460 | printf("\nLoading AppArmor profile\n"); | ||
461 | if (asprintf(&cmd, "/sbin/apparmor_parser -r /etc/apparmor.d/firejail-default %s/../apparmor.d/firejail-default", SYSCONFDIR) == -1) | ||
462 | errExit("asprintf"); | ||
463 | int rv = system(cmd); | ||
464 | (void) rv; | ||
465 | free(cmd); | ||
466 | } | ||
453 | } | 467 | } |
454 | 468 | ||
469 | |||
470 | |||
455 | // set new symlinks based on ~/.config/firejail directory | 471 | // set new symlinks based on ~/.config/firejail directory |
456 | set_links_homedir(home); | 472 | set_links_homedir(home); |
457 | 473 | ||