diff options
| author |  netblue30 <netblue30@yahoo.com> | 2020-10-01 11:10:24 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2020-10-01 11:10:24 -0400 |
| commit | f1478ee98c4b27854be9758b68418d5908e836db (patch) | |
| tree | 42fbbbaea098a47660248701f836b64a3b120f8d /src | |
| parent | document private-bin and private-lib disabled by default when running appimag... (diff) | |
| download | firejail-f1478ee98c4b27854be9758b68418d5908e836db.tar.gz firejail-f1478ee98c4b27854be9758b68418d5908e836db.tar.zst firejail-f1478ee98c4b27854be9758b68418d5908e836db.zip | |
don't execute include disable-shell.inc for appimages (#3530)
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/main.c | 5 | ||||
| -rw-r--r-- | src/firejail/profile.c | 14 |
2 files changed, 18 insertions, 1 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index da842e17b..5cc2d4123 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -1047,6 +1047,11 @@ int main(int argc, char **argv, char **envp) { | |||
| 1047 | EUID_USER(); | 1047 | EUID_USER(); |
| 1048 | 1048 | ||
| 1049 | 1049 | ||
| 1050 | // for appimages we need to remove "include disable-shell.inc from the profile | ||
| 1051 | // a --profile command can show up before --appimage | ||
| 1052 | if (check_arg(argc, argv, "--appimage", 1)) | ||
| 1053 | arg_appimage = 1; | ||
| 1054 | |||
| 1050 | // process allow-debuggers | 1055 | // process allow-debuggers |
| 1051 | if (check_arg(argc, argv, "--allow-debuggers", 1)) { | 1056 | if (check_arg(argc, argv, "--allow-debuggers", 1)) { |
| 1052 | // check kernel version | 1057 | // check kernel version |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index e010d968d..ea8dfbbe0 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -1611,6 +1611,7 @@ void profile_add(char *str) { | |||
| 1611 | // read a profile file | 1611 | // read a profile file |
| 1612 | static int include_level = 0; | 1612 | static int include_level = 0; |
| 1613 | void profile_read(const char *fname) { | 1613 | void profile_read(const char *fname) { |
| 1614 | printf("fname #%s#\n", fname); | ||
| 1614 | EUID_ASSERT(); | 1615 | EUID_ASSERT(); |
| 1615 | 1616 | ||
| 1616 | // exit program if maximum include level was reached | 1617 | // exit program if maximum include level was reached |
| @@ -1636,7 +1637,7 @@ void profile_read(const char *fname) { | |||
| 1636 | exit(1); | 1637 | exit(1); |
| 1637 | } | 1638 | } |
| 1638 | 1639 | ||
| 1639 | // allow debuggers | 1640 | // --allow-debuggers - skip disable-devel.inc file |
| 1640 | if (arg_allow_debuggers) { | 1641 | if (arg_allow_debuggers) { |
| 1641 | char *tmp = strrchr(fname, '/'); | 1642 | char *tmp = strrchr(fname, '/'); |
| 1642 | if (tmp && *(tmp + 1) != '\0') { | 1643 | if (tmp && *(tmp + 1) != '\0') { |
| @@ -1645,6 +1646,17 @@ void profile_read(const char *fname) { | |||
| 1645 | return; | 1646 | return; |
| 1646 | } | 1647 | } |
| 1647 | } | 1648 | } |
| 1649 | // --appimage - skip disable-shell.inc file | ||
| 1650 | if (arg_appimage) { | ||
| 1651 | printf("here %d\n", __LINE__); | ||
| 1652 | char *tmp = strrchr(fname, '/'); | ||
| 1653 | if (tmp && *(tmp + 1) != '\0') { | ||
| 1654 | tmp++; | ||
| 1655 | if (strcmp(tmp, "disable-shell.inc") == 0) | ||
| 1656 | return; | ||
| 1657 | } | ||
| 1658 | } | ||
| 1659 | printf("here %d\n", __LINE__); | ||
| 1648 | 1660 | ||
| 1649 | // open profile file: | 1661 | // open profile file: |
| 1650 | FILE *fp = fopen(fname, "r"); | 1662 | FILE *fp = fopen(fname, "r"); |