aboutsummaryrefslogtreecommitdiffstats
path: root/src/firejail/profile.c
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2020-09-09 08:30:24 -0400
committerLibravatar netblue30 <netblue30@yahoo.com>2020-09-09 08:30:24 -0400
commit833db940c6fe8b991906014a92cc5e23a98d1177 (patch)
treecee3fd2679fabd155a10449208dc1f86bde41ba3 /src/firejail/profile.c
parentprofstats: track dbus-system none (diff)
downloadfirejail-833db940c6fe8b991906014a92cc5e23a98d1177.tar.gz
firejail-833db940c6fe8b991906014a92cc5e23a98d1177.tar.zst
firejail-833db940c6fe8b991906014a92cc5e23a98d1177.zip
disable dbus proxy at compile time (default enabled) - part 1
Diffstat (limited to 'src/firejail/profile.c')
-rw-r--r--src/firejail/profile.c26
1 files changed, 26 insertions, 0 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 8eaae9a30..f6ef934db 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -430,11 +430,14 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
430 return 0; 430 return 0;
431 } 431 }
432 else if (strcmp(ptr, "nodbus") == 0) { 432 else if (strcmp(ptr, "nodbus") == 0) {
433#ifdef HAVE_DBUSPROXY
433 arg_dbus_user = DBUS_POLICY_BLOCK; 434 arg_dbus_user = DBUS_POLICY_BLOCK;
434 arg_dbus_system = DBUS_POLICY_BLOCK; 435 arg_dbus_system = DBUS_POLICY_BLOCK;
436#endif
435 return 0; 437 return 0;
436 } 438 }
437 else if (strncmp("dbus-user ", ptr, 10) == 0) { 439 else if (strncmp("dbus-user ", ptr, 10) == 0) {
440#ifdef HAVE_DBUSPROXY
438 ptr += 10; 441 ptr += 10;
439 if (strcmp("filter", ptr) == 0) { 442 if (strcmp("filter", ptr) == 0) {
440 if (arg_dbus_user == DBUS_POLICY_BLOCK) { 443 if (arg_dbus_user == DBUS_POLICY_BLOCK) {
@@ -452,44 +455,56 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
452 fprintf(stderr, "Unknown dbus-user policy: %s\n", ptr); 455 fprintf(stderr, "Unknown dbus-user policy: %s\n", ptr);
453 exit(1); 456 exit(1);
454 } 457 }
458#endif
455 return 0; 459 return 0;
456 } 460 }
457 else if (strncmp(ptr, "dbus-user.see ", 14) == 0) { 461 else if (strncmp(ptr, "dbus-user.see ", 14) == 0) {
462#ifdef HAVE_DBUSPROXY
458 if (!dbus_check_name(ptr + 14)) { 463 if (!dbus_check_name(ptr + 14)) {
459 printf("Invalid dbus-user.see name: %s\n", ptr + 15); 464 printf("Invalid dbus-user.see name: %s\n", ptr + 15);
460 exit(1); 465 exit(1);
461 } 466 }
467#endif
462 return 1; 468 return 1;
463 } 469 }
464 else if (strncmp(ptr, "dbus-user.talk ", 15) == 0) { 470 else if (strncmp(ptr, "dbus-user.talk ", 15) == 0) {
471#ifdef HAVE_DBUSPROXY
465 if (!dbus_check_name(ptr + 15)) { 472 if (!dbus_check_name(ptr + 15)) {
466 printf("Invalid dbus-user.talk name: %s\n", ptr + 15); 473 printf("Invalid dbus-user.talk name: %s\n", ptr + 15);
467 exit(1); 474 exit(1);
468 } 475 }
476#endif
469 return 1; 477 return 1;
470 } 478 }
471 else if (strncmp(ptr, "dbus-user.own ", 14) == 0) { 479 else if (strncmp(ptr, "dbus-user.own ", 14) == 0) {
480#ifdef HAVE_DBUSPROXY
472 if (!dbus_check_name(ptr + 14)) { 481 if (!dbus_check_name(ptr + 14)) {
473 fprintf(stderr, "Invalid dbus-user.own name: %s\n", ptr + 14); 482 fprintf(stderr, "Invalid dbus-user.own name: %s\n", ptr + 14);
474 exit(1); 483 exit(1);
475 } 484 }
485#endif
476 return 1; 486 return 1;
477 } 487 }
478 else if (strncmp(ptr, "dbus-user.call ", 15) == 0) { 488 else if (strncmp(ptr, "dbus-user.call ", 15) == 0) {
489#ifdef HAVE_DBUSPROXY
479 if (!dbus_check_call_rule(ptr + 15)) { 490 if (!dbus_check_call_rule(ptr + 15)) {
480 fprintf(stderr, "Invalid dbus-user.call rule: %s\n", ptr + 15); 491 fprintf(stderr, "Invalid dbus-user.call rule: %s\n", ptr + 15);
481 exit(1); 492 exit(1);
482 } 493 }
494#endif
483 return 1; 495 return 1;
484 } 496 }
485 else if (strncmp(ptr, "dbus-user.broadcast ", 20) == 0) { 497 else if (strncmp(ptr, "dbus-user.broadcast ", 20) == 0) {
498#ifdef HAVE_DBUSPROXY
486 if (!dbus_check_call_rule(ptr + 20)) { 499 if (!dbus_check_call_rule(ptr + 20)) {
487 fprintf(stderr, "Invalid dbus-user.broadcast rule: %s\n", ptr + 20); 500 fprintf(stderr, "Invalid dbus-user.broadcast rule: %s\n", ptr + 20);
488 exit(1); 501 exit(1);
489 } 502 }
503#endif
490 return 1; 504 return 1;
491 } 505 }
492 else if (strncmp("dbus-system ", ptr, 12) == 0) { 506 else if (strncmp("dbus-system ", ptr, 12) == 0) {
507#ifdef HAVE_DBUSPROXY
493 ptr += 12; 508 ptr += 12;
494 if (strcmp("filter", ptr) == 0) { 509 if (strcmp("filter", ptr) == 0) {
495 if (arg_dbus_system == DBUS_POLICY_BLOCK) { 510 if (arg_dbus_system == DBUS_POLICY_BLOCK) {
@@ -507,41 +522,52 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
507 fprintf(stderr, "Unknown dbus-system policy: %s\n", ptr); 522 fprintf(stderr, "Unknown dbus-system policy: %s\n", ptr);
508 exit(1); 523 exit(1);
509 } 524 }
525#endif
510 return 0; 526 return 0;
511 } 527 }
512 else if (strncmp(ptr, "dbus-system.see ", 16) == 0) { 528 else if (strncmp(ptr, "dbus-system.see ", 16) == 0) {
529#ifdef HAVE_DBUSPROXY
513 if (!dbus_check_name(ptr + 16)) { 530 if (!dbus_check_name(ptr + 16)) {
514 fprintf(stderr, "Invalid dbus-system.see name: %s\n", ptr + 17); 531 fprintf(stderr, "Invalid dbus-system.see name: %s\n", ptr + 17);
515 exit(1); 532 exit(1);
516 } 533 }
534#endif
517 return 1; 535 return 1;
518 } 536 }
519 else if (strncmp(ptr, "dbus-system.talk ", 17) == 0) { 537 else if (strncmp(ptr, "dbus-system.talk ", 17) == 0) {
538#ifdef HAVE_DBUSPROXY
520 if (!dbus_check_name(ptr + 17)) { 539 if (!dbus_check_name(ptr + 17)) {
521 fprintf(stderr, "Invalid dbus-system.talk name: %s\n", ptr + 17); 540 fprintf(stderr, "Invalid dbus-system.talk name: %s\n", ptr + 17);
522 exit(1); 541 exit(1);
523 } 542 }
543#endif
524 return 1; 544 return 1;
525 } 545 }
526 else if (strncmp(ptr, "dbus-system.own ", 16) == 0) { 546 else if (strncmp(ptr, "dbus-system.own ", 16) == 0) {
547#ifdef HAVE_DBUSPROXY
527 if (!dbus_check_name(ptr + 16)) { 548 if (!dbus_check_name(ptr + 16)) {
528 fprintf(stderr, "Invalid dbus-system.own name: %s\n", ptr + 16); 549 fprintf(stderr, "Invalid dbus-system.own name: %s\n", ptr + 16);
529 exit(1); 550 exit(1);
530 } 551 }
552#endif
531 return 1; 553 return 1;
532 } 554 }
533 else if (strncmp(ptr, "dbus-system.call ", 17) == 0) { 555 else if (strncmp(ptr, "dbus-system.call ", 17) == 0) {
556#ifdef HAVE_DBUSPROXY
534 if (!dbus_check_call_rule(ptr + 17)) { 557 if (!dbus_check_call_rule(ptr + 17)) {
535 fprintf(stderr, "Invalid dbus-system.call rule: %s\n", ptr + 17); 558 fprintf(stderr, "Invalid dbus-system.call rule: %s\n", ptr + 17);
536 exit(1); 559 exit(1);
537 } 560 }
561#endif
538 return 1; 562 return 1;
539 } 563 }
540 else if (strncmp(ptr, "dbus-system.broadcast ", 22) == 0) { 564 else if (strncmp(ptr, "dbus-system.broadcast ", 22) == 0) {
565#ifdef HAVE_DBUSPROXY
541 if (!dbus_check_call_rule(ptr + 22)) { 566 if (!dbus_check_call_rule(ptr + 22)) {
542 fprintf(stderr, "Invalid dbus-system.broadcast rule: %s\n", ptr + 22); 567 fprintf(stderr, "Invalid dbus-system.broadcast rule: %s\n", ptr + 22);
543 exit(1); 568 exit(1);
544 } 569 }
570#endif
545 return 1; 571 return 1;
546 } 572 }
547 else if (strcmp(ptr, "nou2f") == 0) { 573 else if (strcmp(ptr, "nou2f") == 0) {
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-26 07:54:21 +0000