diff options
author | netblue30 <netblue30@yahoo.com> | 2020-09-09 08:30:24 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2020-09-09 08:30:24 -0400 |
commit | 833db940c6fe8b991906014a92cc5e23a98d1177 (patch) | |
tree | cee3fd2679fabd155a10449208dc1f86bde41ba3 /src/firejail/profile.c | |
parent | profstats: track dbus-system none (diff) | |
download | firejail-833db940c6fe8b991906014a92cc5e23a98d1177.tar.gz firejail-833db940c6fe8b991906014a92cc5e23a98d1177.tar.zst firejail-833db940c6fe8b991906014a92cc5e23a98d1177.zip |
disable dbus proxy at compile time (default enabled) - part 1
Diffstat (limited to 'src/firejail/profile.c')
-rw-r--r-- | src/firejail/profile.c | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 8eaae9a30..f6ef934db 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -430,11 +430,14 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
430 | return 0; | 430 | return 0; |
431 | } | 431 | } |
432 | else if (strcmp(ptr, "nodbus") == 0) { | 432 | else if (strcmp(ptr, "nodbus") == 0) { |
433 | #ifdef HAVE_DBUSPROXY | ||
433 | arg_dbus_user = DBUS_POLICY_BLOCK; | 434 | arg_dbus_user = DBUS_POLICY_BLOCK; |
434 | arg_dbus_system = DBUS_POLICY_BLOCK; | 435 | arg_dbus_system = DBUS_POLICY_BLOCK; |
436 | #endif | ||
435 | return 0; | 437 | return 0; |
436 | } | 438 | } |
437 | else if (strncmp("dbus-user ", ptr, 10) == 0) { | 439 | else if (strncmp("dbus-user ", ptr, 10) == 0) { |
440 | #ifdef HAVE_DBUSPROXY | ||
438 | ptr += 10; | 441 | ptr += 10; |
439 | if (strcmp("filter", ptr) == 0) { | 442 | if (strcmp("filter", ptr) == 0) { |
440 | if (arg_dbus_user == DBUS_POLICY_BLOCK) { | 443 | if (arg_dbus_user == DBUS_POLICY_BLOCK) { |
@@ -452,44 +455,56 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
452 | fprintf(stderr, "Unknown dbus-user policy: %s\n", ptr); | 455 | fprintf(stderr, "Unknown dbus-user policy: %s\n", ptr); |
453 | exit(1); | 456 | exit(1); |
454 | } | 457 | } |
458 | #endif | ||
455 | return 0; | 459 | return 0; |
456 | } | 460 | } |
457 | else if (strncmp(ptr, "dbus-user.see ", 14) == 0) { | 461 | else if (strncmp(ptr, "dbus-user.see ", 14) == 0) { |
462 | #ifdef HAVE_DBUSPROXY | ||
458 | if (!dbus_check_name(ptr + 14)) { | 463 | if (!dbus_check_name(ptr + 14)) { |
459 | printf("Invalid dbus-user.see name: %s\n", ptr + 15); | 464 | printf("Invalid dbus-user.see name: %s\n", ptr + 15); |
460 | exit(1); | 465 | exit(1); |
461 | } | 466 | } |
467 | #endif | ||
462 | return 1; | 468 | return 1; |
463 | } | 469 | } |
464 | else if (strncmp(ptr, "dbus-user.talk ", 15) == 0) { | 470 | else if (strncmp(ptr, "dbus-user.talk ", 15) == 0) { |
471 | #ifdef HAVE_DBUSPROXY | ||
465 | if (!dbus_check_name(ptr + 15)) { | 472 | if (!dbus_check_name(ptr + 15)) { |
466 | printf("Invalid dbus-user.talk name: %s\n", ptr + 15); | 473 | printf("Invalid dbus-user.talk name: %s\n", ptr + 15); |
467 | exit(1); | 474 | exit(1); |
468 | } | 475 | } |
476 | #endif | ||
469 | return 1; | 477 | return 1; |
470 | } | 478 | } |
471 | else if (strncmp(ptr, "dbus-user.own ", 14) == 0) { | 479 | else if (strncmp(ptr, "dbus-user.own ", 14) == 0) { |
480 | #ifdef HAVE_DBUSPROXY | ||
472 | if (!dbus_check_name(ptr + 14)) { | 481 | if (!dbus_check_name(ptr + 14)) { |
473 | fprintf(stderr, "Invalid dbus-user.own name: %s\n", ptr + 14); | 482 | fprintf(stderr, "Invalid dbus-user.own name: %s\n", ptr + 14); |
474 | exit(1); | 483 | exit(1); |
475 | } | 484 | } |
485 | #endif | ||
476 | return 1; | 486 | return 1; |
477 | } | 487 | } |
478 | else if (strncmp(ptr, "dbus-user.call ", 15) == 0) { | 488 | else if (strncmp(ptr, "dbus-user.call ", 15) == 0) { |
489 | #ifdef HAVE_DBUSPROXY | ||
479 | if (!dbus_check_call_rule(ptr + 15)) { | 490 | if (!dbus_check_call_rule(ptr + 15)) { |
480 | fprintf(stderr, "Invalid dbus-user.call rule: %s\n", ptr + 15); | 491 | fprintf(stderr, "Invalid dbus-user.call rule: %s\n", ptr + 15); |
481 | exit(1); | 492 | exit(1); |
482 | } | 493 | } |
494 | #endif | ||
483 | return 1; | 495 | return 1; |
484 | } | 496 | } |
485 | else if (strncmp(ptr, "dbus-user.broadcast ", 20) == 0) { | 497 | else if (strncmp(ptr, "dbus-user.broadcast ", 20) == 0) { |
498 | #ifdef HAVE_DBUSPROXY | ||
486 | if (!dbus_check_call_rule(ptr + 20)) { | 499 | if (!dbus_check_call_rule(ptr + 20)) { |
487 | fprintf(stderr, "Invalid dbus-user.broadcast rule: %s\n", ptr + 20); | 500 | fprintf(stderr, "Invalid dbus-user.broadcast rule: %s\n", ptr + 20); |
488 | exit(1); | 501 | exit(1); |
489 | } | 502 | } |
503 | #endif | ||
490 | return 1; | 504 | return 1; |
491 | } | 505 | } |
492 | else if (strncmp("dbus-system ", ptr, 12) == 0) { | 506 | else if (strncmp("dbus-system ", ptr, 12) == 0) { |
507 | #ifdef HAVE_DBUSPROXY | ||
493 | ptr += 12; | 508 | ptr += 12; |
494 | if (strcmp("filter", ptr) == 0) { | 509 | if (strcmp("filter", ptr) == 0) { |
495 | if (arg_dbus_system == DBUS_POLICY_BLOCK) { | 510 | if (arg_dbus_system == DBUS_POLICY_BLOCK) { |
@@ -507,41 +522,52 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
507 | fprintf(stderr, "Unknown dbus-system policy: %s\n", ptr); | 522 | fprintf(stderr, "Unknown dbus-system policy: %s\n", ptr); |
508 | exit(1); | 523 | exit(1); |
509 | } | 524 | } |
525 | #endif | ||
510 | return 0; | 526 | return 0; |
511 | } | 527 | } |
512 | else if (strncmp(ptr, "dbus-system.see ", 16) == 0) { | 528 | else if (strncmp(ptr, "dbus-system.see ", 16) == 0) { |
529 | #ifdef HAVE_DBUSPROXY | ||
513 | if (!dbus_check_name(ptr + 16)) { | 530 | if (!dbus_check_name(ptr + 16)) { |
514 | fprintf(stderr, "Invalid dbus-system.see name: %s\n", ptr + 17); | 531 | fprintf(stderr, "Invalid dbus-system.see name: %s\n", ptr + 17); |
515 | exit(1); | 532 | exit(1); |
516 | } | 533 | } |
534 | #endif | ||
517 | return 1; | 535 | return 1; |
518 | } | 536 | } |
519 | else if (strncmp(ptr, "dbus-system.talk ", 17) == 0) { | 537 | else if (strncmp(ptr, "dbus-system.talk ", 17) == 0) { |
538 | #ifdef HAVE_DBUSPROXY | ||
520 | if (!dbus_check_name(ptr + 17)) { | 539 | if (!dbus_check_name(ptr + 17)) { |
521 | fprintf(stderr, "Invalid dbus-system.talk name: %s\n", ptr + 17); | 540 | fprintf(stderr, "Invalid dbus-system.talk name: %s\n", ptr + 17); |
522 | exit(1); | 541 | exit(1); |
523 | } | 542 | } |
543 | #endif | ||
524 | return 1; | 544 | return 1; |
525 | } | 545 | } |
526 | else if (strncmp(ptr, "dbus-system.own ", 16) == 0) { | 546 | else if (strncmp(ptr, "dbus-system.own ", 16) == 0) { |
547 | #ifdef HAVE_DBUSPROXY | ||
527 | if (!dbus_check_name(ptr + 16)) { | 548 | if (!dbus_check_name(ptr + 16)) { |
528 | fprintf(stderr, "Invalid dbus-system.own name: %s\n", ptr + 16); | 549 | fprintf(stderr, "Invalid dbus-system.own name: %s\n", ptr + 16); |
529 | exit(1); | 550 | exit(1); |
530 | } | 551 | } |
552 | #endif | ||
531 | return 1; | 553 | return 1; |
532 | } | 554 | } |
533 | else if (strncmp(ptr, "dbus-system.call ", 17) == 0) { | 555 | else if (strncmp(ptr, "dbus-system.call ", 17) == 0) { |
556 | #ifdef HAVE_DBUSPROXY | ||
534 | if (!dbus_check_call_rule(ptr + 17)) { | 557 | if (!dbus_check_call_rule(ptr + 17)) { |
535 | fprintf(stderr, "Invalid dbus-system.call rule: %s\n", ptr + 17); | 558 | fprintf(stderr, "Invalid dbus-system.call rule: %s\n", ptr + 17); |
536 | exit(1); | 559 | exit(1); |
537 | } | 560 | } |
561 | #endif | ||
538 | return 1; | 562 | return 1; |
539 | } | 563 | } |
540 | else if (strncmp(ptr, "dbus-system.broadcast ", 22) == 0) { | 564 | else if (strncmp(ptr, "dbus-system.broadcast ", 22) == 0) { |
565 | #ifdef HAVE_DBUSPROXY | ||
541 | if (!dbus_check_call_rule(ptr + 22)) { | 566 | if (!dbus_check_call_rule(ptr + 22)) { |
542 | fprintf(stderr, "Invalid dbus-system.broadcast rule: %s\n", ptr + 22); | 567 | fprintf(stderr, "Invalid dbus-system.broadcast rule: %s\n", ptr + 22); |
543 | exit(1); | 568 | exit(1); |
544 | } | 569 | } |
570 | #endif | ||
545 | return 1; | 571 | return 1; |
546 | } | 572 | } |
547 | else if (strcmp(ptr, "nou2f") == 0) { | 573 | else if (strcmp(ptr, "nou2f") == 0) { |