diff options
| author |  Hugo Osvaldo Barrera <hugo@barrera.io> | 2021-12-03 19:43:39 +0100 |
|---|---|---|
| committer | Hugo Osvaldo Barrera <hugo@barrera.io> | 2021-12-03 19:58:56 +0100 |
| commit | 894bf81a595304b0c1a843c85a607003fd419d1b (patch) | |
| tree | acd77f2d44128ad91dbdb921330b9811d9972c50 /src | |
| parent | Merge pull request #4735 from hlein/profile-display-gentoo (diff) | |
| download | firejail-894bf81a595304b0c1a843c85a607003fd419d1b.tar.gz firejail-894bf81a595304b0c1a843c85a607003fd419d1b.tar.zst firejail-894bf81a595304b0c1a843c85a607003fd419d1b.zip | |
Implement a `whitelist-ro` command
This is a shortcut to:
whitelist $PATH
read-only $PATH
Ideally, a great deal of usages of `whitelist` should be replaced with
this instead.
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/profile.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 756b370aa..7757c1814 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -1789,6 +1789,17 @@ void profile_read(const char *fname) { | |||
| 1789 | free(ptr); | 1789 | free(ptr); |
| 1790 | ptr = tmp; | 1790 | ptr = tmp; |
| 1791 | } | 1791 | } |
| 1792 | else if (strncmp(ptr, "whitelist-ro ", 13) == 0) { | ||
| 1793 | char *whitelist, *readonly; | ||
| 1794 | if (asprintf(&whitelist, "whitelist %s", ptr + 13) == -1) | ||
| 1795 | errExit("asprintf"); | ||
| 1796 | profile_add(whitelist); | ||
| 1797 | if (asprintf(&readonly, "read-only %s", ptr + 13) == -1) | ||
| 1798 | errExit("asprintf"); | ||
| 1799 | profile_add(readonly); | ||
| 1800 | free(ptr); | ||
| 1801 | continue; | ||
| 1802 | } | ||
| 1792 | 1803 | ||
| 1793 | // process quiet | 1804 | // process quiet |
| 1794 | // todo: a quiet in the profile file cannot be disabled by --ignore on command line | 1805 | // todo: a quiet in the profile file cannot be disabled by --ignore on command line |