diff options
| author |  rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-03-03 12:39:08 +0100 |
|---|---|---|
| committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-03-03 12:39:08 +0100 |
| commit | c30a9031a735f43984051bca79f23a4732ce33b7 (patch) | |
| tree | e3691e49e05a2ceb2a901a9a9c601abc4c858ffa /src | |
| parent | Merge pull request #4035 from Tomin1/few_fixes (diff) | |
| download | firejail-c30a9031a735f43984051bca79f23a4732ce33b7.tar.gz firejail-c30a9031a735f43984051bca79f23a4732ce33b7.tar.zst firejail-c30a9031a735f43984051bca79f23a4732ce33b7.zip | |
Add new condition ?HAS_PRIVATE:
Idea from @vinc17fr
https://github.com/netblue30/firejail/issues/4026#issuecomment-789178572
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/profile.c | 5 | ||||
| -rw-r--r-- | src/man/firejail-profile.txt | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index f3266c23e..351b760df 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -157,6 +157,10 @@ static int check_nosound(void) { | |||
| 157 | return arg_nosound != 0; | 157 | return arg_nosound != 0; |
| 158 | } | 158 | } |
| 159 | 159 | ||
| 160 | static int check_private(void) { | ||
| 161 | return arg_private; | ||
| 162 | } | ||
| 163 | |||
| 160 | static int check_x11(void) { | 164 | static int check_x11(void) { |
| 161 | return (arg_x11_block || arg_x11_xorg || env_get("FIREJAIL_X11")); | 165 | return (arg_x11_block || arg_x11_xorg || env_get("FIREJAIL_X11")); |
| 162 | } | 166 | } |
| @@ -174,6 +178,7 @@ Cond conditionals[] = { | |||
| 174 | {"HAS_NET", check_netoptions}, | 178 | {"HAS_NET", check_netoptions}, |
| 175 | {"HAS_NODBUS", check_nodbus}, | 179 | {"HAS_NODBUS", check_nodbus}, |
| 176 | {"HAS_NOSOUND", check_nosound}, | 180 | {"HAS_NOSOUND", check_nosound}, |
| 181 | {"HAS_PRIVATE", check_private}, | ||
| 177 | {"HAS_X11", check_x11}, | 182 | {"HAS_X11", check_x11}, |
| 178 | {"BROWSER_DISABLE_U2F", check_disable_u2f}, | 183 | {"BROWSER_DISABLE_U2F", check_disable_u2f}, |
| 179 | {"BROWSER_ALLOW_DRM", check_allow_drm}, | 184 | {"BROWSER_ALLOW_DRM", check_allow_drm}, |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index b25fc9181..b0b390507 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
| @@ -103,7 +103,7 @@ Example: "?HAS_APPIMAGE: whitelist ${HOME}/special/appimage/dir" | |||
| 103 | 103 | ||
| 104 | This example will load the whitelist profile line only if the \-\-appimage option has been specified on the command line. | 104 | This example will load the whitelist profile line only if the \-\-appimage option has been specified on the command line. |
| 105 | 105 | ||
| 106 | Currently the only conditionals supported this way are HAS_APPIMAGE, HAS_NET, HAS_NODBUS, HAS_NOSOUND and HAS_X11. The conditionals BROWSER_DISABLE_U2F and BROWSER_ALLOW_DRM | 106 | Currently the only conditionals supported this way are HAS_APPIMAGE, HAS_NET, HAS_NODBUS, HAS_NOSOUND, HAS_PRIVATE and HAS_X11. The conditionals BROWSER_DISABLE_U2F and BROWSER_ALLOW_DRM |
| 107 | can be enabled or disabled globally in Firejail's configuration file. | 107 | can be enabled or disabled globally in Firejail's configuration file. |
| 108 | 108 | ||
| 109 | The profile line may be any profile line that you would normally use in a profile \fBexcept\fR for "quiet" and "include" lines. | 109 | The profile line may be any profile line that you would normally use in a profile \fBexcept\fR for "quiet" and "include" lines. |