x11 work

4 files changed, 64 insertions, 4 deletions

diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index acb49d246..b37c3aba8 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -27,6 +27,7 @@
 #define RUN_FIREJAIL_BASEDIR    "/run"
 #define RUN_FIREJAIL_DIR        "/run/firejail"
 #define RUN_FIREJAIL_NAME_DIR   "/run/firejail/name"
+#define RUN_FIREJAIL_X11_DIR    "/run/firejail/x11"
 #define RUN_FIREJAIL_NETWORK_DIR        "/run/firejail/network"
 #define RUN_FIREJAIL_BANDWIDTH_DIR      "/run/firejail/bandwidth"
 #define RUN_NETWORK_LOCK_FILE   "/run/firejail/firejail.lock"
@@ -524,6 +525,7 @@ void fs_mkdir(const char *name);
 // x11.c
 void fs_x11(void);
 void x11_start(int argc, char **argv);
+int x11_display(void);
 
 #endif
 
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index df5e8410b..6505177d0 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -127,6 +127,17 @@ void fs_build_firejail_dir(void) {
                         errExit("chmod");
         }
         
+        if (stat(RUN_FIREJAIL_X11_DIR, &s)) {
+                if (arg_debug)
+                        printf("Creating %s directory\n", RUN_FIREJAIL_X11_DIR);
+                if (mkdir(RUN_FIREJAIL_X11_DIR, 0755) == -1)
+                        errExit("mkdir");
+                if (chown(RUN_FIREJAIL_X11_DIR, 0, 0) < 0)
+                        errExit("chown");
+                if (chmod(RUN_FIREJAIL_X11_DIR, 0755) < 0)
+                        errExit("chmod");
+        }
+        
         create_empty_dir();
         create_empty_file();
 }
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 5a8f564f4..9e0be7bfa 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -106,6 +106,8 @@ pid_t sandbox_pid;
 
 static void set_name_file(uid_t pid);
 static void delete_name_file(uid_t pid);
+static void set_x11_file(uid_t pid, int display);
+static void delete_x11_file(uid_t pid);
 
 static void myexit(int rv) {
         logmsg("exiting...");
@@ -116,6 +118,7 @@ static void myexit(int rv) {
         bandwidth_shm_del_file(sandbox_pid);            // bandwidth file
         network_shm_del_file(sandbox_pid);              // network map file
         delete_name_file(sandbox_pid);
+        delete_x11_file(sandbox_pid);
         
         exit(rv); 
 }
@@ -511,6 +514,36 @@ static void delete_name_file(uid_t pid) {
         (void) rv;
 }
 
+static void set_x11_file(uid_t pid, int display) {
+        char *fname;
+        if (asprintf(&fname, "%s/%d", RUN_FIREJAIL_X11_DIR, pid) == -1)
+                errExit("asprintf");
+
+        // the file is deleted first
+        FILE *fp = fopen(fname, "w");
+        if (!fp) {
+                fprintf(stderr, "Error: cannot create %s\n", fname);
+                exit(1);
+        }
+        fprintf(fp, "%d\n", display);
+        fclose(fp);
+        
+        // mode and ownership
+        if (chown(fname, 0, 0) == -1)
+                errExit("chown");
+        if (chmod(fname, 0644) == -1)
+                errExit("chmod");
+        
+}
+
+static void delete_x11_file(uid_t pid) {
+        char *fname;
+        if (asprintf(&fname, "%s/%d", RUN_FIREJAIL_X11_DIR, pid) == -1)
+                errExit("asprintf");
+        int rv = unlink(fname);
+        (void) rv;
+}
+
 //*******************************************
 // Main program
 //*******************************************
@@ -1554,6 +1587,9 @@ int main(int argc, char **argv) {
         EUID_ROOT();
         if (cfg.name)
                 set_name_file(sandbox_pid);
+        int display = x11_display();
+        if (display > 0)
+                set_x11_file(sandbox_pid, display);
         EUID_USER();
         
         // clone environment
diff --git a/src/firejail/x11.c b/src/firejail/x11.c
index c3515cc82..980a4dbca 100644
--- a/src/firejail/x11.c
+++ b/src/firejail/x11.c
@@ -26,12 +26,12 @@
 #include <dirent.h>
 #include <sys/mount.h>
 
-void fs_x11(void) {
-#ifdef HAVE_X11
+// return display number, -1 if not configured
+int x11_display(void) {
         // extract display
         char *d = getenv("DISPLAY");
         if (!d)
-                return;
+                return - 1;
         
         int display;
         int rv = sscanf(d, ":%d", &display);
@@ -39,6 +39,15 @@ void fs_x11(void) {
                 return;
         if (arg_debug)
                 printf("DISPLAY %s, %d\n", d, display);
+        
+        return display;
+}
+
+void fs_x11(void) {
+#ifdef HAVE_X11
+        int display = x11_display();
+        if (display <= 0)
+                return;
 
         char *x11file;
         if (asprintf(&x11file, "/tmp/.X11-unix/X%d", display) == -1)
@@ -48,7 +57,7 @@ void fs_x11(void) {
                 return;
 
         // keep a copy of real /tmp/.X11-unix directory in WHITELIST_TMP_DIR
-        rv = mkdir(RUN_WHITELIST_X11_DIR, 1777);
+        int rv = mkdir(RUN_WHITELIST_X11_DIR, 1777);
         if (rv == -1)
                 errExit("mkdir");
         if (chown(RUN_WHITELIST_X11_DIR, 0, 0) < 0)
@@ -178,6 +187,7 @@ void x11_start(int argc, char **argv) {
                 exit(1);
         }
         sleep(1);
+
         if (arg_debug) {
                 printf("X11 sockets: "); fflush(0);
                 int rv = system("ls /tmp/.X11-unix");
@@ -213,6 +223,7 @@ void x11_start(int argc, char **argv) {
         
         if (!arg_quiet)
                 printf("Xpra server pid %d, client pid %d\n", server, client);
+
         exit(0);
 }
 #endif