diff options
| author |  Chiraag Nataraj <chiraag.nataraj@gmail.com> | 2018-06-12 14:03:24 -0400 |
|---|---|---|
| committer | Chiraag Nataraj <chiraag.nataraj@gmail.com> | 2018-06-12 14:03:24 -0400 |
| commit | 71a3b97ce5c6990b06ec674e4739ce6dfcab6b40 (patch) | |
| tree | dae6348a6b97406a1048be18822ac461d965cbfb /src/firejail | |
| parent | Add --nousb option (diff) | |
| download | firejail-71a3b97ce5c6990b06ec674e4739ce6dfcab6b40.tar.gz firejail-71a3b97ce5c6990b06ec674e4739ce6dfcab6b40.tar.zst firejail-71a3b97ce5c6990b06ec674e4739ce6dfcab6b40.zip | |
Change --nousb to --nou2f per suggestion on last commit.
Diffstat (limited to 'src/firejail')
| -rw-r--r-- | src/firejail/firejail.h | 4 | ||||
| -rw-r--r-- | src/firejail/fs_dev.c | 30 | ||||
| -rw-r--r-- | src/firejail/main.c | 6 | ||||
| -rw-r--r-- | src/firejail/profile.c | 4 | ||||
| -rw-r--r-- | src/firejail/sandbox.c | 4 | ||||
| -rw-r--r-- | src/firejail/usage.c | 1 |
6 files changed, 25 insertions, 24 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 565983341..d18cd112f 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
| @@ -383,7 +383,7 @@ extern int arg_noprofile; // use default.profile if none other found/specified | |||
| 383 | extern int arg_memory_deny_write_execute; // block writable and executable memory | 383 | extern int arg_memory_deny_write_execute; // block writable and executable memory |
| 384 | extern int arg_notv; // --notv | 384 | extern int arg_notv; // --notv |
| 385 | extern int arg_nodvd; // --nodvd | 385 | extern int arg_nodvd; // --nodvd |
| 386 | extern int arg_nousb; // --nousb | 386 | extern int arg_nou2f; // --nou2f |
| 387 | extern int arg_nodbus; // -nodbus | 387 | extern int arg_nodbus; // -nodbus |
| 388 | 388 | ||
| 389 | extern int login_shell; | 389 | extern int login_shell; |
| @@ -558,7 +558,7 @@ void fs_dev_disable_3d(void); | |||
| 558 | void fs_dev_disable_video(void); | 558 | void fs_dev_disable_video(void); |
| 559 | void fs_dev_disable_tv(void); | 559 | void fs_dev_disable_tv(void); |
| 560 | void fs_dev_disable_dvd(void); | 560 | void fs_dev_disable_dvd(void); |
| 561 | void fs_dev_disable_usb(void); | 561 | void fs_dev_disable_u2f(void); |
| 562 | 562 | ||
| 563 | // fs_home.c | 563 | // fs_home.c |
| 564 | // private mode (--private) | 564 | // private mode (--private) |
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c index f58ebe399..9e287bf27 100644 --- a/src/firejail/fs_dev.c +++ b/src/firejail/fs_dev.c | |||
| @@ -39,7 +39,7 @@ typedef enum { | |||
| 39 | DEV_VIDEO, | 39 | DEV_VIDEO, |
| 40 | DEV_TV, | 40 | DEV_TV, |
| 41 | DEV_DVD, | 41 | DEV_DVD, |
| 42 | DEV_USB, | 42 | DEV_U2F, |
| 43 | } DEV_TYPE; | 43 | } DEV_TYPE; |
| 44 | 44 | ||
| 45 | 45 | ||
| @@ -77,17 +77,17 @@ static DevEntry dev[] = { | |||
| 77 | {"/dev/video9", RUN_DEV_DIR "/video9", DEV_VIDEO}, | 77 | {"/dev/video9", RUN_DEV_DIR "/video9", DEV_VIDEO}, |
| 78 | {"/dev/dvb", RUN_DEV_DIR "/dvb", DEV_TV}, // DVB (Digital Video Broadcasting) - TV device | 78 | {"/dev/dvb", RUN_DEV_DIR "/dvb", DEV_TV}, // DVB (Digital Video Broadcasting) - TV device |
| 79 | {"/dev/sr0", RUN_DEV_DIR "/sr0", DEV_DVD}, // for DVD and audio CD players | 79 | {"/dev/sr0", RUN_DEV_DIR "/sr0", DEV_DVD}, // for DVD and audio CD players |
| 80 | {"/dev/hidraw0", RUN_DEV_DIR "/hidraw0", DEV_USB}, | 80 | {"/dev/hidraw0", RUN_DEV_DIR "/hidraw0", DEV_U2F}, |
| 81 | {"/dev/hidraw1", RUN_DEV_DIR "/hidraw1", DEV_USB}, | 81 | {"/dev/hidraw1", RUN_DEV_DIR "/hidraw1", DEV_U2F}, |
| 82 | {"/dev/hidraw2", RUN_DEV_DIR "/hidraw2", DEV_USB}, | 82 | {"/dev/hidraw2", RUN_DEV_DIR "/hidraw2", DEV_U2F}, |
| 83 | {"/dev/hidraw3", RUN_DEV_DIR "/hidraw3", DEV_USB}, | 83 | {"/dev/hidraw3", RUN_DEV_DIR "/hidraw3", DEV_U2F}, |
| 84 | {"/dev/hidraw4", RUN_DEV_DIR "/hidraw4", DEV_USB}, | 84 | {"/dev/hidraw4", RUN_DEV_DIR "/hidraw4", DEV_U2F}, |
| 85 | {"/dev/hidraw5", RUN_DEV_DIR "/hidraw5", DEV_USB}, | 85 | {"/dev/hidraw5", RUN_DEV_DIR "/hidraw5", DEV_U2F}, |
| 86 | {"/dev/hidraw6", RUN_DEV_DIR "/hidraw6", DEV_USB}, | 86 | {"/dev/hidraw6", RUN_DEV_DIR "/hidraw6", DEV_U2F}, |
| 87 | {"/dev/hidraw7", RUN_DEV_DIR "/hidraw7", DEV_USB}, | 87 | {"/dev/hidraw7", RUN_DEV_DIR "/hidraw7", DEV_U2F}, |
| 88 | {"/dev/hidraw8", RUN_DEV_DIR "/hidraw8", DEV_USB}, | 88 | {"/dev/hidraw8", RUN_DEV_DIR "/hidraw8", DEV_U2F}, |
| 89 | {"/dev/hidraw9", RUN_DEV_DIR "/hidraw9", DEV_USB}, | 89 | {"/dev/hidraw9", RUN_DEV_DIR "/hidraw9", DEV_U2F}, |
| 90 | {"/dev/usb", RUN_DEV_DIR "/usb", DEV_USB}, // USB devices such as Yubikey, U2F | 90 | {"/dev/usb", RUN_DEV_DIR "/usb", DEV_U2F}, // USB devices such as Yubikey, U2F |
| 91 | {NULL, NULL, DEV_NONE} | 91 | {NULL, NULL, DEV_NONE} |
| 92 | }; | 92 | }; |
| 93 | 93 | ||
| @@ -102,7 +102,7 @@ static void deventry_mount(void) { | |||
| 102 | (dev[i].type == DEV_VIDEO && arg_novideo == 0) || | 102 | (dev[i].type == DEV_VIDEO && arg_novideo == 0) || |
| 103 | (dev[i].type == DEV_TV && arg_notv == 0) || | 103 | (dev[i].type == DEV_TV && arg_notv == 0) || |
| 104 | (dev[i].type == DEV_DVD && arg_nodvd == 0) || | 104 | (dev[i].type == DEV_DVD && arg_nodvd == 0) || |
| 105 | (dev[i].type == DEV_USB && arg_nousb == 0)) { | 105 | (dev[i].type == DEV_U2F && arg_nou2f == 0)) { |
| 106 | 106 | ||
| 107 | int dir = is_dir(dev[i].run_fname); | 107 | int dir = is_dir(dev[i].run_fname); |
| 108 | if (arg_debug) | 108 | if (arg_debug) |
| @@ -371,10 +371,10 @@ void fs_dev_disable_dvd(void) { | |||
| 371 | } | 371 | } |
| 372 | } | 372 | } |
| 373 | 373 | ||
| 374 | void fs_dev_disable_usb(void) { | 374 | void fs_dev_disable_u2f(void) { |
| 375 | int i = 0; | 375 | int i = 0; |
| 376 | while (dev[i].dev_fname != NULL) { | 376 | while (dev[i].dev_fname != NULL) { |
| 377 | if (dev[i].type == DEV_USB) | 377 | if (dev[i].type == DEV_U2F) |
| 378 | disable_file_or_dir(dev[i].dev_fname); | 378 | disable_file_or_dir(dev[i].dev_fname); |
| 379 | i++; | 379 | i++; |
| 380 | } | 380 | } |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 51f875e91..ce28c62da 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -123,7 +123,7 @@ int arg_memory_deny_write_execute = 0; // block writable and executable memory | |||
| 123 | int arg_notv = 0; // --notv | 123 | int arg_notv = 0; // --notv |
| 124 | int arg_nodvd = 0; // --nodvd | 124 | int arg_nodvd = 0; // --nodvd |
| 125 | int arg_nodbus = 0; // -nodbus | 125 | int arg_nodbus = 0; // -nodbus |
| 126 | int arg_nousb = 0; // --nousb | 126 | int arg_nou2f = 0; // --nou2f |
| 127 | int login_shell = 0; | 127 | int login_shell = 0; |
| 128 | 128 | ||
| 129 | 129 | ||
| @@ -1723,8 +1723,8 @@ int main(int argc, char **argv) { | |||
| 1723 | arg_notv = 1; | 1723 | arg_notv = 1; |
| 1724 | else if (strcmp(argv[i], "--nodvd") == 0) | 1724 | else if (strcmp(argv[i], "--nodvd") == 0) |
| 1725 | arg_nodvd = 1; | 1725 | arg_nodvd = 1; |
| 1726 | else if (strcmp(argv[i], "--nousb") == 0) | 1726 | else if (strcmp(argv[i], "--nou2f") == 0) |
| 1727 | arg_nousb = 1; | 1727 | arg_nou2f = 1; |
| 1728 | else if (strcmp(argv[i], "--nodbus") == 0) | 1728 | else if (strcmp(argv[i], "--nodbus") == 0) |
| 1729 | arg_nodbus = 1; | 1729 | arg_nodbus = 1; |
| 1730 | 1730 | ||
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 8c393cab5..7d03a7c34 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -257,8 +257,8 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
| 257 | arg_nodbus = 1; | 257 | arg_nodbus = 1; |
| 258 | return 0; | 258 | return 0; |
| 259 | } | 259 | } |
| 260 | else if (strcmp(ptr, "nousb") == 0) { | 260 | else if (strcmp(ptr, "nou2f") == 0) { |
| 261 | arg_nousb = 1; | 261 | arg_nou2f = 1; |
| 262 | return 0; | 262 | return 0; |
| 263 | } | 263 | } |
| 264 | else if (strcmp(ptr, "netfilter") == 0) { | 264 | else if (strcmp(ptr, "netfilter") == 0) { |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index c22d65122..a1400db34 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
| @@ -908,8 +908,8 @@ int sandbox(void* sandbox_arg) { | |||
| 908 | if (arg_nodvd) | 908 | if (arg_nodvd) |
| 909 | fs_dev_disable_dvd(); | 909 | fs_dev_disable_dvd(); |
| 910 | 910 | ||
| 911 | if (arg_nousb) | 911 | if (arg_nou2f) |
| 912 | fs_dev_disable_usb(); | 912 | fs_dev_disable_u2f(); |
| 913 | 913 | ||
| 914 | if (arg_novideo) | 914 | if (arg_novideo) |
| 915 | fs_dev_disable_video(); | 915 | fs_dev_disable_video(); |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 88614298e..0289278d2 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
| @@ -138,6 +138,7 @@ static char *usage_str = | |||
| 138 | " --nosound - disable sound system.\n" | 138 | " --nosound - disable sound system.\n" |
| 139 | " --noautopulse - disable automatic ~/.config/pulse init.\n" | 139 | " --noautopulse - disable automatic ~/.config/pulse init.\n" |
| 140 | " --novideo - disable video devices.\n" | 140 | " --novideo - disable video devices.\n" |
| 141 | " --nou2f - disable U2F devices.\n" | ||
| 141 | " --nowhitelist=filename - disable whitelist for file or directory .\n" | 142 | " --nowhitelist=filename - disable whitelist for file or directory .\n" |
| 142 | " --output=logfile - stdout logging and log rotation.\n" | 143 | " --output=logfile - stdout logging and log rotation.\n" |
| 143 | " --output-stderr=logfile - stdout and stderr logging and log rotation.\n" | 144 | " --output-stderr=logfile - stdout and stderr logging and log rotation.\n" |