aboutsummaryrefslogtreecommitdiffstats
path: root/src/firejail/profile.c
diff options
context:
space:
mode:
authorLibravatar Kristóf Marussy <kris7topher@gmail.com>2020-03-31 18:24:29 +0200
committerLibravatar Kristóf Marussy <kris7topher@gmail.com>2020-04-06 21:26:41 +0200
commit870c8c816fb7f99ea0fe5cc1b7cf900a857cfed7 (patch)
tree3a8fc9d53e0c41375808a136099d5bdf885753b2 /src/firejail/profile.c
parentxdg-dbus-proxy socket finding and mount hardening (diff)
downloadfirejail-870c8c816fb7f99ea0fe5cc1b7cf900a857cfed7.tar.gz
firejail-870c8c816fb7f99ea0fe5cc1b7cf900a857cfed7.tar.zst
firejail-870c8c816fb7f99ea0fe5cc1b7cf900a857cfed7.zip
Turn DBus profile errors into warnings
This patch also allows setting the DBus policies to filter even if xdg-dbus-proxy is not installed. In that case, unrestricted access to the bus is allowed, but a warning is emitted.
Diffstat (limited to 'src/firejail/profile.c')
-rw-r--r--src/firejail/profile.c24
1 files changed, 0 insertions, 24 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 9bfd2ff1c..0be119903 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -453,12 +453,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
453 return 0; 453 return 0;
454 } 454 }
455 else if (strncmp(ptr, "dbus-user.talk ", 15) == 0) { 455 else if (strncmp(ptr, "dbus-user.talk ", 15) == 0) {
456 if (arg_dbus_user == DBUS_POLICY_ALLOW) {
457 fprintf(stderr, "Session DBus filtering (dbus-user filter) is "
458 "required for dbus-user.talk rules\n");
459 exit(1);
460 }
461
462 if (!dbus_check_name(ptr + 15)) { 456 if (!dbus_check_name(ptr + 15)) {
463 printf("Invalid dbus-user.talk name: %s\n", ptr + 15); 457 printf("Invalid dbus-user.talk name: %s\n", ptr + 15);
464 exit(1); 458 exit(1);
@@ -466,12 +460,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
466 return 1; 460 return 1;
467 } 461 }
468 else if (strncmp(ptr, "dbus-user.own ", 14) == 0) { 462 else if (strncmp(ptr, "dbus-user.own ", 14) == 0) {
469 if (arg_dbus_user == DBUS_POLICY_ALLOW) {
470 fprintf(stderr, "Session DBus filtering (dbus-user filter) is "
471 "required for dbus-user.own rules\n");
472 exit(1);
473 }
474
475 if (!dbus_check_name(ptr + 14)) { 463 if (!dbus_check_name(ptr + 14)) {
476 fprintf(stderr, "Invalid dbus-user.own name: %s\n", ptr + 14); 464 fprintf(stderr, "Invalid dbus-user.own name: %s\n", ptr + 14);
477 exit(1); 465 exit(1);
@@ -495,12 +483,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
495 return 0; 483 return 0;
496 } 484 }
497 else if (strncmp(ptr, "dbus-system.talk ", 17) == 0) { 485 else if (strncmp(ptr, "dbus-system.talk ", 17) == 0) {
498 if (arg_dbus_system == DBUS_POLICY_ALLOW) {
499 fprintf(stderr, "System DBus filtering (dbus-system filter) is "
500 "required for dbus-system.talk rules\n");
501 exit(1);
502 }
503
504 if (!dbus_check_name(ptr + 17)) { 486 if (!dbus_check_name(ptr + 17)) {
505 fprintf(stderr, "Invalid dbus-system.talk name: %s\n", ptr + 17); 487 fprintf(stderr, "Invalid dbus-system.talk name: %s\n", ptr + 17);
506 exit(1); 488 exit(1);
@@ -508,12 +490,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
508 return 1; 490 return 1;
509 } 491 }
510 else if (strncmp(ptr, "dbus-system.own ", 16) == 0) { 492 else if (strncmp(ptr, "dbus-system.own ", 16) == 0) {
511 if (arg_dbus_system == DBUS_POLICY_ALLOW) {
512 fprintf(stderr, "System DBus filtering (dbus-system filter) is "
513 "required for dbus-system.own rules\n");
514 exit(1);
515 }
516
517 if (!dbus_check_name(ptr + 16)) { 493 if (!dbus_check_name(ptr + 16)) {
518 fprintf(stderr, "Invalid dbus-system.own name: %s\n", ptr + 16); 494 fprintf(stderr, "Invalid dbus-system.own name: %s\n", ptr + 16);
519 exit(1); 495 exit(1);
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-26 08:09:41 +0000