diff options
author | 2020-03-31 18:24:29 +0200 | |
---|---|---|
committer | 2020-04-06 21:26:41 +0200 | |
commit | 870c8c816fb7f99ea0fe5cc1b7cf900a857cfed7 (patch) | |
tree | 3a8fc9d53e0c41375808a136099d5bdf885753b2 /src/firejail/profile.c | |
parent | xdg-dbus-proxy socket finding and mount hardening (diff) | |
download | firejail-870c8c816fb7f99ea0fe5cc1b7cf900a857cfed7.tar.gz firejail-870c8c816fb7f99ea0fe5cc1b7cf900a857cfed7.tar.zst firejail-870c8c816fb7f99ea0fe5cc1b7cf900a857cfed7.zip |
Turn DBus profile errors into warnings
This patch also allows setting the DBus policies to filter even if
xdg-dbus-proxy is not installed. In that case, unrestricted access to the bus is
allowed, but a warning is emitted.
Diffstat (limited to 'src/firejail/profile.c')
-rw-r--r-- | src/firejail/profile.c | 24 |
1 files changed, 0 insertions, 24 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 9bfd2ff1c..0be119903 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -453,12 +453,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
453 | return 0; | 453 | return 0; |
454 | } | 454 | } |
455 | else if (strncmp(ptr, "dbus-user.talk ", 15) == 0) { | 455 | else if (strncmp(ptr, "dbus-user.talk ", 15) == 0) { |
456 | if (arg_dbus_user == DBUS_POLICY_ALLOW) { | ||
457 | fprintf(stderr, "Session DBus filtering (dbus-user filter) is " | ||
458 | "required for dbus-user.talk rules\n"); | ||
459 | exit(1); | ||
460 | } | ||
461 | |||
462 | if (!dbus_check_name(ptr + 15)) { | 456 | if (!dbus_check_name(ptr + 15)) { |
463 | printf("Invalid dbus-user.talk name: %s\n", ptr + 15); | 457 | printf("Invalid dbus-user.talk name: %s\n", ptr + 15); |
464 | exit(1); | 458 | exit(1); |
@@ -466,12 +460,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
466 | return 1; | 460 | return 1; |
467 | } | 461 | } |
468 | else if (strncmp(ptr, "dbus-user.own ", 14) == 0) { | 462 | else if (strncmp(ptr, "dbus-user.own ", 14) == 0) { |
469 | if (arg_dbus_user == DBUS_POLICY_ALLOW) { | ||
470 | fprintf(stderr, "Session DBus filtering (dbus-user filter) is " | ||
471 | "required for dbus-user.own rules\n"); | ||
472 | exit(1); | ||
473 | } | ||
474 | |||
475 | if (!dbus_check_name(ptr + 14)) { | 463 | if (!dbus_check_name(ptr + 14)) { |
476 | fprintf(stderr, "Invalid dbus-user.own name: %s\n", ptr + 14); | 464 | fprintf(stderr, "Invalid dbus-user.own name: %s\n", ptr + 14); |
477 | exit(1); | 465 | exit(1); |
@@ -495,12 +483,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
495 | return 0; | 483 | return 0; |
496 | } | 484 | } |
497 | else if (strncmp(ptr, "dbus-system.talk ", 17) == 0) { | 485 | else if (strncmp(ptr, "dbus-system.talk ", 17) == 0) { |
498 | if (arg_dbus_system == DBUS_POLICY_ALLOW) { | ||
499 | fprintf(stderr, "System DBus filtering (dbus-system filter) is " | ||
500 | "required for dbus-system.talk rules\n"); | ||
501 | exit(1); | ||
502 | } | ||
503 | |||
504 | if (!dbus_check_name(ptr + 17)) { | 486 | if (!dbus_check_name(ptr + 17)) { |
505 | fprintf(stderr, "Invalid dbus-system.talk name: %s\n", ptr + 17); | 487 | fprintf(stderr, "Invalid dbus-system.talk name: %s\n", ptr + 17); |
506 | exit(1); | 488 | exit(1); |
@@ -508,12 +490,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
508 | return 1; | 490 | return 1; |
509 | } | 491 | } |
510 | else if (strncmp(ptr, "dbus-system.own ", 16) == 0) { | 492 | else if (strncmp(ptr, "dbus-system.own ", 16) == 0) { |
511 | if (arg_dbus_system == DBUS_POLICY_ALLOW) { | ||
512 | fprintf(stderr, "System DBus filtering (dbus-system filter) is " | ||
513 | "required for dbus-system.own rules\n"); | ||
514 | exit(1); | ||
515 | } | ||
516 | |||
517 | if (!dbus_check_name(ptr + 16)) { | 493 | if (!dbus_check_name(ptr + 16)) { |
518 | fprintf(stderr, "Invalid dbus-system.own name: %s\n", ptr + 16); | 494 | fprintf(stderr, "Invalid dbus-system.own name: %s\n", ptr + 16); |
519 | exit(1); | 495 | exit(1); |