diff options
author | Kristóf Marussy <kris7topher@gmail.com> | 2020-02-27 19:55:52 +0100 |
---|---|---|
committer | Kristóf Marussy <kris7topher@gmail.com> | 2020-04-06 21:26:41 +0200 |
commit | 0afb43a5607574fa946fdfd65f3a4cfa25cfa018 (patch) | |
tree | a09eb41b57cbecfccf6e284817d0043f0bbe0ab4 /src/include/rundefs.h | |
parent | Add sbox_exec_v and SBOX_KEEP_FDS (diff) | |
download | firejail-0afb43a5607574fa946fdfd65f3a4cfa25cfa018.tar.gz firejail-0afb43a5607574fa946fdfd65f3a4cfa25cfa018.tar.zst firejail-0afb43a5607574fa946fdfd65f3a4cfa25cfa018.zip |
Add xdg-dbus-proxy support
* The proxy is forked off outside the sandbox namespace to protect the
fds of the original buses from the sandboxed process.
* The /run/firejail/dbus directory (with the sticky bit set) holds the proxy
sockets. The sockets are <parent pid>-user and <parent pid>-system for the
user and system buses, respectively. Each socket is owned by the sandbox user.
* The sockets are bind-mounted over their expected locations and the
/run/firejail/dbus directory is subsequently hidden from the sandbox.
* Upon sandbox exit, the xdg-dbus-proxy instance is terminated and the sockets
are cleaned up.
* Filter rules will be added in a future commit.
Diffstat (limited to 'src/include/rundefs.h')
-rw-r--r-- | src/include/rundefs.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/include/rundefs.h b/src/include/rundefs.h index 32f5ff12c..528d9e901 100644 --- a/src/include/rundefs.h +++ b/src/include/rundefs.h | |||
@@ -30,6 +30,7 @@ | |||
30 | #define RUN_FIREJAIL_NETWORK_DIR RUN_FIREJAIL_DIR "/network" | 30 | #define RUN_FIREJAIL_NETWORK_DIR RUN_FIREJAIL_DIR "/network" |
31 | #define RUN_FIREJAIL_BANDWIDTH_DIR RUN_FIREJAIL_DIR "/bandwidth" | 31 | #define RUN_FIREJAIL_BANDWIDTH_DIR RUN_FIREJAIL_DIR "/bandwidth" |
32 | #define RUN_FIREJAIL_PROFILE_DIR RUN_FIREJAIL_DIR "/profile" | 32 | #define RUN_FIREJAIL_PROFILE_DIR RUN_FIREJAIL_DIR "/profile" |
33 | #define RUN_FIREJAIL_DBUS_DIR RUN_FIREJAIL_DIR "/dbus" | ||
33 | #define RUN_NETWORK_LOCK_FILE RUN_FIREJAIL_DIR "/firejail-network.lock" | 34 | #define RUN_NETWORK_LOCK_FILE RUN_FIREJAIL_DIR "/firejail-network.lock" |
34 | #define RUN_DIRECTORY_LOCK_FILE RUN_FIREJAIL_DIR "/firejail-run.lock" | 35 | #define RUN_DIRECTORY_LOCK_FILE RUN_FIREJAIL_DIR "/firejail-run.lock" |
35 | #define RUN_RO_DIR RUN_FIREJAIL_DIR "/firejail.ro.dir" | 36 | #define RUN_RO_DIR RUN_FIREJAIL_DIR "/firejail.ro.dir" |