Merge pull request #2712 from apmorton/features/private-cwd

Add private-cwd option to control working directory within jail

1 files changed, 13 insertions, 1 deletions

diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 55d3cf5b0..8d228fae6 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -338,7 +338,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                 arg_private = 1;
                 return 0;
         }
-        if (strncmp(ptr, "private-home ", 13) == 0) {
+        else if (strncmp(ptr, "private-home ", 13) == 0) {
 #ifdef HAVE_PRIVATE_HOME
                 if (checkcfg(CFG_PRIVATE_HOME)) {
                         if (cfg.home_private_keep) {
@@ -353,6 +353,18 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 #endif
                 return 0;
         }
+        else if (strcmp(ptr, "private-cwd") == 0) {
+                cfg.cwd = NULL;
+                arg_private_cwd = 1;
+                return 0;
+        }
+        else if (strncmp(ptr, "private-cwd ", 12) == 0) {
+                cfg.cwd = strdup(ptr + 12);
+
+                fs_check_private_cwd();
+                arg_private_cwd = 1;
+                return 0;
+        }
         else if (strcmp(ptr, "allusers") == 0) {
                 arg_allusers = 1;
                 return 0;