diff options
| author |  netblue30 <netblue30@protonmail.com> | 2021-02-25 06:57:57 -0500 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2021-02-25 06:57:57 -0500 |
| commit | 85c9b7704be737f033263e5b72a642b79c5ffa44 (patch) | |
| tree | 033316d85f74d45f40b13ec7906127fd9faf10bc /src | |
| parent | Fixup 0e31d020, torbrowser-launcher missing path (diff) | |
| parent | fix firecfg links in restrictive sandboxes (diff) | |
| download | firejail-85c9b7704be737f033263e5b72a642b79c5ffa44.tar.gz firejail-85c9b7704be737f033263e5b72a642b79c5ffa44.tar.zst firejail-85c9b7704be737f033263e5b72a642b79c5ffa44.zip | |
Merge pull request #4007 from smitsohu/privatelib5
fix firecfg links in restrictive sandboxes
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/no_sandbox.c | 58 |
1 files changed, 23 insertions, 35 deletions
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c index 3120fe527..60a82821e 100644 --- a/src/firejail/no_sandbox.c +++ b/src/firejail/no_sandbox.c | |||
| @@ -168,29 +168,17 @@ void run_no_sandbox(int argc, char **argv) { | |||
| 168 | errExit("setresuid"); | 168 | errExit("setresuid"); |
| 169 | 169 | ||
| 170 | // process limited subset of options | 170 | // process limited subset of options |
| 171 | // and find first non option arg: | ||
| 172 | // - first argument not starting with --, | ||
| 173 | // - whatever follows after -c (example: firejail -c ls) | ||
| 174 | int prog_index = 0; | ||
| 171 | int i; | 175 | int i; |
| 172 | for (i = 0; i < argc; i++) { | 176 | for (i = 1; i < argc; i++) { |
| 173 | if (strcmp(argv[i], "--debug") == 0) | 177 | if (strcmp(argv[i], "--debug") == 0) |
| 174 | arg_debug = 1; | 178 | arg_debug = 1; |
| 175 | else if (strncmp(argv[i], "--shell=", 8) == 0) | 179 | else if (strncmp(argv[i], "--shell=", 8) == 0) |
| 176 | fwarning("shell-related command line options are disregarded - using SHELL environment variable\n"); | 180 | fwarning("shell-related command line options are disregarded\n"); |
| 177 | } | 181 | else if (strcmp(argv[i], "-c") == 0) { |
| 178 | |||
| 179 | // use $SHELL to get shell used in sandbox, guess shell otherwise | ||
| 180 | cfg.shell = guess_shell(); | ||
| 181 | if (!cfg.shell) { | ||
| 182 | fprintf(stderr, "Error: unable to guess your shell, please set SHELL environment variable\n"); | ||
| 183 | exit(1); | ||
| 184 | } | ||
| 185 | else if (arg_debug) | ||
| 186 | printf("Selecting %s as shell\n", cfg.shell); | ||
| 187 | |||
| 188 | int prog_index = 0; | ||
| 189 | // find first non option arg: | ||
| 190 | // - first argument not starting with --, | ||
| 191 | // - whatever follows after -c (example: firejail -c ls) | ||
| 192 | for (i = 1; i < argc; i++) { | ||
| 193 | if (strcmp(argv[i], "-c") == 0) { | ||
| 194 | prog_index = i + 1; | 182 | prog_index = i + 1; |
| 195 | if (prog_index == argc) { | 183 | if (prog_index == argc) { |
| 196 | fprintf(stderr, "Error: option -c requires an argument\n"); | 184 | fprintf(stderr, "Error: option -c requires an argument\n"); |
| @@ -199,36 +187,36 @@ void run_no_sandbox(int argc, char **argv) { | |||
| 199 | break; | 187 | break; |
| 200 | } | 188 | } |
| 201 | // check first argument not starting with -- | 189 | // check first argument not starting with -- |
| 202 | if (strncmp(argv[i],"--",2) != 0) { | 190 | else if (strncmp(argv[i],"--",2) != 0) { |
| 203 | prog_index = i; | 191 | prog_index = i; |
| 204 | break; | 192 | break; |
| 205 | } | 193 | } |
| 206 | } | 194 | } |
| 207 | 195 | ||
| 208 | // if shell is /usr/bin/firejail, replace it with /bin/bash | ||
| 209 | // if (strcmp(cfg.shell, PATH_FIREJAIL) == 0) { | ||
| 210 | // cfg.shell = "/bin/bash"; | ||
| 211 | // prog_index = 0; | ||
| 212 | // } | ||
| 213 | |||
| 214 | if (prog_index == 0) { | 196 | if (prog_index == 0) { |
| 215 | assert(cfg.command_line == NULL); // runs cfg.shell | 197 | // got no command, require a shell and try to execute it |
| 198 | cfg.shell = guess_shell(); | ||
| 199 | if (!cfg.shell) { | ||
| 200 | fprintf(stderr, "Error: unable to guess your shell, please set SHELL environment variable\n"); | ||
| 201 | exit(1); | ||
| 202 | } | ||
| 203 | |||
| 204 | assert(cfg.command_line == NULL); | ||
| 216 | cfg.window_title = cfg.shell; | 205 | cfg.window_title = cfg.shell; |
| 217 | } else { | 206 | } else { |
| 207 | // this sandbox might not allow execution of a shell | ||
| 208 | // force --shell=none in order to not break firecfg symbolic links | ||
| 209 | arg_shell_none = 1; | ||
| 210 | |||
| 218 | build_cmdline(&cfg.command_line, &cfg.window_title, argc, argv, prog_index); | 211 | build_cmdline(&cfg.command_line, &cfg.window_title, argc, argv, prog_index); |
| 219 | } | 212 | } |
| 220 | 213 | ||
| 214 | fwarning("an existing sandbox was detected. " | ||
| 215 | "%s will run without any additional sandboxing features\n", prog_index ? argv[prog_index] : cfg.shell); | ||
| 216 | |||
| 221 | cfg.original_argv = argv; | 217 | cfg.original_argv = argv; |
| 222 | cfg.original_program_index = prog_index; | 218 | cfg.original_program_index = prog_index; |
| 223 | 219 | ||
| 224 | char *command; | ||
| 225 | if (prog_index == 0) | ||
| 226 | command = cfg.shell; | ||
| 227 | else | ||
| 228 | command = argv[prog_index]; | ||
| 229 | fwarning("an existing sandbox was detected. " | ||
| 230 | "%s will run without any additional sandboxing features\n", command); | ||
| 231 | |||
| 232 | arg_quiet = 1; | 220 | arg_quiet = 1; |
| 233 | 221 | ||
| 234 | start_application(1, -1, NULL); | 222 | start_application(1, -1, NULL); |