diff options
author | smitsohu <smitsohu@gmail.com> | 2019-06-28 15:59:33 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2019-06-28 15:59:33 +0200 |
commit | 9ed832429026b7814802da9d389e19051907c925 (patch) | |
tree | 0d2af7c0b8536d27462db766ed70c5f742b153d6 /src | |
parent | simplify octal esc conversion, minor adjustments (diff) | |
parent | Add fonts to private-etc in udiskie profile (diff) | |
download | firejail-9ed832429026b7814802da9d389e19051907c925.tar.gz firejail-9ed832429026b7814802da9d389e19051907c925.tar.zst firejail-9ed832429026b7814802da9d389e19051907c925.zip |
Merge branch 'master' of https://github.com/netblue30/firejail
Diffstat (limited to 'src')
-rw-r--r-- | src/common.mk.in | 3 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 3 | ||||
-rw-r--r-- | src/firejail/checkcfg.c | 8 | ||||
-rw-r--r-- | src/firejail/main.c | 3 | ||||
-rw-r--r-- | src/firejail/x11.c | 18 |
5 files changed, 29 insertions, 6 deletions
diff --git a/src/common.mk.in b/src/common.mk.in index b9af977ae..1b6ad91a5 100644 --- a/src/common.mk.in +++ b/src/common.mk.in | |||
@@ -20,6 +20,7 @@ HAVE_WHITELIST=@HAVE_WHITELIST@ | |||
20 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | 20 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ |
21 | HAVE_APPARMOR=@HAVE_APPARMOR@ | 21 | HAVE_APPARMOR=@HAVE_APPARMOR@ |
22 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | 22 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ |
23 | HAVE_FIRETUNNEL=@HAVE_FIRETUNNEL@ | ||
23 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | 24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ |
24 | HAVE_GCOV=@HAVE_GCOV@ | 25 | HAVE_GCOV=@HAVE_GCOV@ |
25 | 26 | ||
@@ -28,7 +29,7 @@ C_FILE_LIST = $(sort $(wildcard *.c)) | |||
28 | OBJS = $(C_FILE_LIST:.c=.o) | 29 | OBJS = $(C_FILE_LIST:.c=.o) |
29 | BINOBJS = $(foreach file, $(OBJS), $file) | 30 | BINOBJS = $(foreach file, $(OBJS), $file) |
30 | 31 | ||
31 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | 32 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_FIRETUNNEL) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security |
32 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | 33 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread |
33 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | 34 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ |
34 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | 35 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index b4efa3add..10293cb8f 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -20,6 +20,7 @@ Maelstrom | |||
20 | Maps | 20 | Maps |
21 | Mathematica | 21 | Mathematica |
22 | Natron | 22 | Natron |
23 | PPSSPPQt | ||
23 | QMediathekView | 24 | QMediathekView |
24 | QOwnNotes | 25 | QOwnNotes |
25 | Telegram | 26 | Telegram |
@@ -288,6 +289,7 @@ iridium | |||
288 | iridium-browser | 289 | iridium-browser |
289 | jd-gui | 290 | jd-gui |
290 | jdownloader | 291 | jdownloader |
292 | jerry | ||
291 | jitsi | 293 | jitsi |
292 | k3b | 294 | k3b |
293 | kaffeine | 295 | kaffeine |
@@ -402,6 +404,7 @@ netactview | |||
402 | nethack | 404 | nethack |
403 | netsurf | 405 | netsurf |
404 | neverball | 406 | neverball |
407 | neverputt | ||
405 | newsbeuter | 408 | newsbeuter |
406 | newsboat | 409 | newsboat |
407 | nheko | 410 | nheko |
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 7ca72bf30..b11d795a9 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -278,6 +278,14 @@ void print_compiletime_support(void) { | |||
278 | #endif | 278 | #endif |
279 | ); | 279 | ); |
280 | 280 | ||
281 | printf("\t- firetunnel support is %s\n", | ||
282 | #ifdef HAVE_FIRETUNNEL | ||
283 | "enabled" | ||
284 | #else | ||
285 | "disabled" | ||
286 | #endif | ||
287 | ); | ||
288 | |||
281 | printf("\t- networking support is %s\n", | 289 | printf("\t- networking support is %s\n", |
282 | #ifdef HAVE_NETWORK | 290 | #ifdef HAVE_NETWORK |
283 | "enabled" | 291 | "enabled" |
diff --git a/src/firejail/main.c b/src/firejail/main.c index c50ed4dc4..2403cafa1 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1498,6 +1498,7 @@ int main(int argc, char **argv) { | |||
1498 | exit_err_feature("overlayfs"); | 1498 | exit_err_feature("overlayfs"); |
1499 | } | 1499 | } |
1500 | #endif | 1500 | #endif |
1501 | #ifdef HAVE_FIRETUNNEL | ||
1501 | else if (strcmp(argv[i], "--tunnel") == 0) { | 1502 | else if (strcmp(argv[i], "--tunnel") == 0) { |
1502 | // try to connect to the default client side of the tunnel | 1503 | // try to connect to the default client side of the tunnel |
1503 | // if this fails, try the default server side of the tunnel | 1504 | // if this fails, try the default server side of the tunnel |
@@ -1523,7 +1524,7 @@ int main(int argc, char **argv) { | |||
1523 | exit(1); | 1524 | exit(1); |
1524 | } | 1525 | } |
1525 | } | 1526 | } |
1526 | 1527 | #endif | |
1527 | else if (strncmp(argv[i], "--profile=", 10) == 0) { | 1528 | else if (strncmp(argv[i], "--profile=", 10) == 0) { |
1528 | // multiple profile files are allowed! | 1529 | // multiple profile files are allowed! |
1529 | 1530 | ||
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 69a9a7bee..3beef3986 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -310,7 +310,7 @@ void x11_start_xvfb(int argc, char **argv) { | |||
310 | 310 | ||
311 | if (arg_debug) { | 311 | if (arg_debug) { |
312 | size_t i = 0; | 312 | size_t i = 0; |
313 | printf("\n*** Stating xvfb client:"); | 313 | printf("\n*** Starting xvfb client:"); |
314 | while (jail_argv[i]!=NULL) { | 314 | while (jail_argv[i]!=NULL) { |
315 | printf(" \"%s\"", jail_argv[i]); | 315 | printf(" \"%s\"", jail_argv[i]); |
316 | i++; | 316 | i++; |
@@ -838,7 +838,7 @@ void x11_start_xpra_old(int argc, char **argv, int display, char *display_str) { | |||
838 | 838 | ||
839 | if (arg_debug) { | 839 | if (arg_debug) { |
840 | if (n == 10) | 840 | if (n == 10) |
841 | printf("failed to stop xpra server gratefully\n"); | 841 | printf("failed to stop xpra server gracefully\n"); |
842 | else | 842 | else |
843 | printf("xpra server successfully stopped in %d secs\n", n); | 843 | printf("xpra server successfully stopped in %d secs\n", n); |
844 | } | 844 | } |
@@ -1023,6 +1023,7 @@ void x11_start_xpra(int argc, char **argv) { | |||
1023 | if (!program_in_path("xpra")) { | 1023 | if (!program_in_path("xpra")) { |
1024 | fprintf(stderr, "\nError: Xpra program was not found in /usr/bin directory, please install it:\n"); | 1024 | fprintf(stderr, "\nError: Xpra program was not found in /usr/bin directory, please install it:\n"); |
1025 | fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xpra\n"); | 1025 | fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xpra\n"); |
1026 | fprintf(stderr, " Arch: sudo pacman -S xpra\n"); | ||
1026 | exit(0); | 1027 | exit(0); |
1027 | } | 1028 | } |
1028 | 1029 | ||
@@ -1056,6 +1057,8 @@ void x11_start(int argc, char **argv) { | |||
1056 | fprintf(stderr, "\nError: Xpra or Xephyr not found in /usr/bin directory, please install one of them:\n"); | 1057 | fprintf(stderr, "\nError: Xpra or Xephyr not found in /usr/bin directory, please install one of them:\n"); |
1057 | fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xpra\n"); | 1058 | fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xpra\n"); |
1058 | fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xserver-xephyr\n"); | 1059 | fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xserver-xephyr\n"); |
1060 | fprintf(stderr, " Arch: sudo pacman -S xpra\n"); | ||
1061 | fprintf(stderr, " Arch: sudo pacman -S xorg-server-xephyr\n"); | ||
1059 | exit(0); | 1062 | exit(0); |
1060 | } | 1063 | } |
1061 | } | 1064 | } |
@@ -1087,7 +1090,8 @@ void x11_xorg(void) { | |||
1087 | struct stat s; | 1090 | struct stat s; |
1088 | if (stat("/usr/bin/xauth", &s) == -1) { | 1091 | if (stat("/usr/bin/xauth", &s) == -1) { |
1089 | fprintf(stderr, "Error: xauth utility not found in /usr/bin. Please install it:\n" | 1092 | fprintf(stderr, "Error: xauth utility not found in /usr/bin. Please install it:\n" |
1090 | " Debian/Ubuntu/Mint: sudo apt-get install xauth\n"); | 1093 | " Debian/Ubuntu/Mint: sudo apt-get install xauth\n" |
1094 | " Arch: sudo pacman -S xorg-xauth\n"); | ||
1091 | exit(1); | 1095 | exit(1); |
1092 | } | 1096 | } |
1093 | if (s.st_uid != 0 && s.st_gid != 0) { | 1097 | if (s.st_uid != 0 && s.st_gid != 0) { |
@@ -1128,8 +1132,14 @@ void x11_xorg(void) { | |||
1128 | #ifdef HAVE_GCOV | 1132 | #ifdef HAVE_GCOV |
1129 | __gcov_flush(); | 1133 | __gcov_flush(); |
1130 | #endif | 1134 | #endif |
1131 | execlp("/usr/bin/xauth", "/usr/bin/xauth", "-v", "-f", tmpfname, | 1135 | if (arg_debug) { |
1136 | execlp("/usr/bin/xauth", "/usr/bin/xauth", "-v", "-f", tmpfname, | ||
1132 | "generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL); | 1137 | "generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL); |
1138 | } | ||
1139 | else { | ||
1140 | execlp("/usr/bin/xauth", "/usr/bin/xauth", "-f", tmpfname, | ||
1141 | "generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL); | ||
1142 | } | ||
1133 | 1143 | ||
1134 | _exit(127); | 1144 | _exit(127); |
1135 | } | 1145 | } |