diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-07-16 11:57:08 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-07-16 11:57:08 +0000 |
commit | 2ebb09e346544785d1b4e27d7b779a2a7476ca3e (patch) | |
tree | 9871d689a1aa76836e8cb99ad69f845ed92a8680 /src | |
parent | bleachbit.profile: allow erasing Trash contents (diff) | |
parent | feature: add doas support in firecfg and jailcheck (diff) | |
download | firejail-2ebb09e346544785d1b4e27d7b779a2a7476ca3e.tar.gz firejail-2ebb09e346544785d1b4e27d7b779a2a7476ca3e.tar.zst firejail-2ebb09e346544785d1b4e27d7b779a2a7476ca3e.zip |
Merge pull request #5900 from kmk3/firecfg-support-doas
feature: add doas support in firecfg and jailcheck
Diffstat (limited to 'src')
-rw-r--r-- | src/firecfg/desktop_files.c | 2 | ||||
-rw-r--r-- | src/firecfg/firecfg.h | 2 | ||||
-rw-r--r-- | src/firecfg/main.c | 16 | ||||
-rw-r--r-- | src/jailcheck/main.c | 2 | ||||
-rw-r--r-- | src/jailcheck/utils.c | 5 | ||||
-rw-r--r-- | src/man/firecfg.1.in | 4 | ||||
-rw-r--r-- | src/man/jailcheck.1.in | 5 |
7 files changed, 21 insertions, 15 deletions
diff --git a/src/firecfg/desktop_files.c b/src/firecfg/desktop_files.c index 963e05ff3..7ac60f70c 100644 --- a/src/firecfg/desktop_files.c +++ b/src/firecfg/desktop_files.c | |||
@@ -108,7 +108,7 @@ static int have_profile(const char *filename, const char *homedir) { | |||
108 | return rv; | 108 | return rv; |
109 | } | 109 | } |
110 | 110 | ||
111 | void fix_desktop_files(char *homedir) { | 111 | void fix_desktop_files(const char *homedir) { |
112 | assert(homedir); | 112 | assert(homedir); |
113 | struct stat sb; | 113 | struct stat sb; |
114 | 114 | ||
diff --git a/src/firecfg/firecfg.h b/src/firecfg/firecfg.h index 825bf8d03..8f74a1198 100644 --- a/src/firecfg/firecfg.h +++ b/src/firecfg/firecfg.h | |||
@@ -49,6 +49,6 @@ int is_link(const char *fname); | |||
49 | void sound(void); | 49 | void sound(void); |
50 | 50 | ||
51 | // desktop_files.c | 51 | // desktop_files.c |
52 | void fix_desktop_files(char *homedir); | 52 | void fix_desktop_files(const char *homedir); |
53 | 53 | ||
54 | #endif | 54 | #endif |
diff --git a/src/firecfg/main.c b/src/firecfg/main.c index da962c35d..4ec81c5b3 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c | |||
@@ -288,8 +288,11 @@ static void set_links_homedir(const char *homedir) { | |||
288 | free(firejail_exec); | 288 | free(firejail_exec); |
289 | } | 289 | } |
290 | 290 | ||
291 | static char *get_user(void) { | 291 | static const char *get_sudo_user(void) { |
292 | char *user = getenv("SUDO_USER"); | 292 | const char *doas_user = getenv("DOAS_USER"); |
293 | const char *sudo_user = getenv("SUDO_USER"); | ||
294 | const char *user = doas_user ? doas_user : sudo_user; | ||
295 | |||
293 | if (!user) { | 296 | if (!user) { |
294 | user = getpwuid(getuid())->pw_name; | 297 | user = getpwuid(getuid())->pw_name; |
295 | if (!user) { | 298 | if (!user) { |
@@ -301,13 +304,13 @@ static char *get_user(void) { | |||
301 | return user; | 304 | return user; |
302 | } | 305 | } |
303 | 306 | ||
304 | static char *get_homedir(const char *user, uid_t *uid, gid_t *gid) { | 307 | static const char *get_homedir(const char *user, uid_t *uid, gid_t *gid) { |
305 | // find home directory | 308 | // find home directory |
306 | struct passwd *pw = getpwnam(user); | 309 | struct passwd *pw = getpwnam(user); |
307 | if (!pw) | 310 | if (!pw) |
308 | goto errexit; | 311 | goto errexit; |
309 | 312 | ||
310 | char *home = pw->pw_dir; | 313 | const char *home = pw->pw_dir; |
311 | if (!home) | 314 | if (!home) |
312 | goto errexit; | 315 | goto errexit; |
313 | 316 | ||
@@ -326,12 +329,11 @@ int main(int argc, char **argv) { | |||
326 | int bindir_set = 0; | 329 | int bindir_set = 0; |
327 | 330 | ||
328 | // user setup | 331 | // user setup |
329 | char *user = get_user(); | 332 | const char *user = get_sudo_user(); |
330 | assert(user); | 333 | assert(user); |
331 | uid_t uid; | 334 | uid_t uid; |
332 | gid_t gid; | 335 | gid_t gid; |
333 | char *home = get_homedir(user, &uid, &gid); | 336 | const char *home = get_homedir(user, &uid, &gid); |
334 | |||
335 | 337 | ||
336 | // check for --bindir | 338 | // check for --bindir |
337 | for (i = 1; i < argc; i++) { | 339 | for (i = 1; i < argc; i++) { |
diff --git a/src/jailcheck/main.c b/src/jailcheck/main.c index 93d334c7a..6cc5cf904 100644 --- a/src/jailcheck/main.c +++ b/src/jailcheck/main.c | |||
@@ -86,7 +86,7 @@ int main(int argc, char **argv) { | |||
86 | 86 | ||
87 | // user setup | 87 | // user setup |
88 | if (getuid() != 0) { | 88 | if (getuid() != 0) { |
89 | fprintf(stderr, "Error: you need to be root (via sudo) to run this program\n"); | 89 | fprintf(stderr, "Error: you need to be root (via sudo or doas) to run this program\n"); |
90 | exit(1); | 90 | exit(1); |
91 | } | 91 | } |
92 | user_name = get_sudo_user(); | 92 | user_name = get_sudo_user(); |
diff --git a/src/jailcheck/utils.c b/src/jailcheck/utils.c index 97fe8833b..930820604 100644 --- a/src/jailcheck/utils.c +++ b/src/jailcheck/utils.c | |||
@@ -26,7 +26,10 @@ | |||
26 | #define BUFLEN 4096 | 26 | #define BUFLEN 4096 |
27 | 27 | ||
28 | char *get_sudo_user(void) { | 28 | char *get_sudo_user(void) { |
29 | char *user = getenv("SUDO_USER"); | 29 | char *doas_user = getenv("DOAS_USER"); |
30 | char *sudo_user = getenv("SUDO_USER"); | ||
31 | char *user = doas_user ? doas_user : sudo_user; | ||
32 | |||
30 | if (!user) { | 33 | if (!user) { |
31 | user = getpwuid(getuid())->pw_name; | 34 | user = getpwuid(getuid())->pw_name; |
32 | if (!user) { | 35 | if (!user) { |
diff --git a/src/man/firecfg.1.in b/src/man/firecfg.1.in index 42add6a41..a85fbc5da 100644 --- a/src/man/firecfg.1.in +++ b/src/man/firecfg.1.in | |||
@@ -23,7 +23,9 @@ The integration covers: | |||
23 | - programs started by clicking on file icons in file manager - only Cinnamon, KDE, LXDE/LXQT, MATE and XFCE | 23 | - programs started by clicking on file icons in file manager - only Cinnamon, KDE, LXDE/LXQT, MATE and XFCE |
24 | desktop managers are supported in this moment | 24 | desktop managers are supported in this moment |
25 | .RE | 25 | .RE |
26 | 26 | .PP | |
27 | Note: The examples use \fBsudo\fR, but \fBdoas\fR is also supported. | ||
28 | .PP | ||
27 | To set it up, run "sudo firecfg" after installing Firejail software. | 29 | To set it up, run "sudo firecfg" after installing Firejail software. |
28 | The same command should also be run after | 30 | The same command should also be run after |
29 | installing new programs. If the program is supported by Firejail, the symbolic link in /usr/local/bin | 31 | installing new programs. If the program is supported by Firejail, the symbolic link in /usr/local/bin |
diff --git a/src/man/jailcheck.1.in b/src/man/jailcheck.1.in index e889ea91b..eea5987b7 100644 --- a/src/man/jailcheck.1.in +++ b/src/man/jailcheck.1.in | |||
@@ -24,9 +24,8 @@ them from inside the sandbox. | |||
24 | \fB5. Seccomp test | 24 | \fB5. Seccomp test |
25 | .TP | 25 | .TP |
26 | \fB6. Networking test | 26 | \fB6. Networking test |
27 | .TP | 27 | .PP |
28 | The program is started as root using sudo. | 28 | The program should be started using \fBsudo\fR or \fBdoas\fR. |
29 | |||
30 | .SH OPTIONS | 29 | .SH OPTIONS |
31 | .TP | 30 | .TP |
32 | \fB\-\-debug | 31 | \fB\-\-debug |