diff options
author | Kristóf Marussy <kris7topher@gmail.com> | 2020-02-23 22:57:17 +0100 |
---|---|---|
committer | Kristóf Marussy <kris7topher@gmail.com> | 2020-04-06 20:36:12 +0200 |
commit | 6fc8a559ded2cc8cf263288ef111d8876673e2fb (patch) | |
tree | ba607f654b20ab7036767441103c95a448e4f88c /src/firejail/profile.c | |
parent | Allow changing error action in seccomp filters (diff) | |
download | firejail-6fc8a559ded2cc8cf263288ef111d8876673e2fb.tar.gz firejail-6fc8a559ded2cc8cf263288ef111d8876673e2fb.tar.zst firejail-6fc8a559ded2cc8cf263288ef111d8876673e2fb.zip |
Add --dbus-user and --dbus-system options
Allow setting a separate policy for the user and system buses.
For now, the filter policy is equivalent to the none (block) policy.
Future commits will add more configuration options and filters.
Diffstat (limited to 'src/firejail/profile.c')
-rw-r--r-- | src/firejail/profile.c | 35 |
1 files changed, 32 insertions, 3 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index d709a7951..14533ce08 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -150,7 +150,7 @@ static int check_netoptions(void) { | |||
150 | } | 150 | } |
151 | 151 | ||
152 | static int check_nodbus(void) { | 152 | static int check_nodbus(void) { |
153 | return arg_nodbus != 0; | 153 | return arg_dbus_user != DBUS_POLICY_ALLOW || arg_dbus_system != DBUS_POLICY_ALLOW; |
154 | } | 154 | } |
155 | 155 | ||
156 | static int check_nosound(void) { | 156 | static int check_nosound(void) { |
@@ -432,11 +432,40 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
432 | return 0; | 432 | return 0; |
433 | } | 433 | } |
434 | else if (strcmp(ptr, "nodbus") == 0) { | 434 | else if (strcmp(ptr, "nodbus") == 0) { |
435 | arg_nodbus = 1; | 435 | arg_dbus_user = DBUS_POLICY_BLOCK; |
436 | arg_dbus_system = DBUS_POLICY_BLOCK; | ||
437 | return 0; | ||
438 | } | ||
439 | else if (strncmp("dbus-user ", ptr, 10) == 0) { | ||
440 | ptr += 10; | ||
441 | if (strcmp("allow", ptr) == 0) { | ||
442 | arg_dbus_user = DBUS_POLICY_ALLOW; | ||
443 | } else if (strcmp("filter", ptr) == 0) { | ||
444 | arg_dbus_user = DBUS_POLICY_FILTER; | ||
445 | } else if (strcmp("none", ptr) == 0) { | ||
446 | arg_dbus_user = DBUS_POLICY_BLOCK; | ||
447 | } else { | ||
448 | fprintf(stderr, "Unknown dbus-user policy: %s\n", ptr); | ||
449 | exit(1); | ||
450 | } | ||
451 | return 0; | ||
452 | } | ||
453 | else if (strncmp("dbus-system ", ptr, 12) == 0) { | ||
454 | ptr += 12; | ||
455 | if (strcmp("allow", ptr) == 0) { | ||
456 | arg_dbus_system = DBUS_POLICY_ALLOW; | ||
457 | } else if (strcmp("filter", ptr) == 0) { | ||
458 | arg_dbus_system = DBUS_POLICY_FILTER; | ||
459 | } else if (strcmp("none", ptr) == 0) { | ||
460 | arg_dbus_system = DBUS_POLICY_BLOCK; | ||
461 | } else { | ||
462 | fprintf(stderr, "Unknown dbus-system policy: %s\n", ptr); | ||
463 | exit(1); | ||
464 | } | ||
436 | return 0; | 465 | return 0; |
437 | } | 466 | } |
438 | else if (strcmp(ptr, "nou2f") == 0) { | 467 | else if (strcmp(ptr, "nou2f") == 0) { |
439 | arg_nou2f = 1; | 468 | arg_nou2f = 1; |
440 | return 0; | 469 | return 0; |
441 | } | 470 | } |
442 | else if (strcmp(ptr, "netfilter") == 0) { | 471 | else if (strcmp(ptr, "netfilter") == 0) { |