diff options
author | Glenn Washburn <development@efficientek.com> | 2018-10-09 05:41:17 -0500 |
---|---|---|
committer | Glenn Washburn <development@efficientek.com> | 2018-10-15 23:47:44 -0500 |
commit | ffd51a5c78549839465085ab6480bd5b6642d637 (patch) | |
tree | 12fd33bfca7100fd2ace3d5c5a3c00b3e117ab6a /src | |
parent | rename expand_home -> expand_macros to better reflect usage and remove unneed... (diff) | |
download | firejail-ffd51a5c78549839465085ab6480bd5b6642d637.tar.gz firejail-ffd51a5c78549839465085ab6480bd5b6642d637.tar.zst firejail-ffd51a5c78549839465085ab6480bd5b6642d637.zip |
Allow specifying a profile "name" with the profile option (eg. --profile=firefox).
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/firejail.h | 3 | ||||
-rw-r--r-- | src/firejail/main.c | 57 | ||||
-rw-r--r-- | src/firejail/profile.c | 33 |
3 files changed, 58 insertions, 35 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 85a4fbddb..8145c1bb5 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -458,7 +458,8 @@ void fs_mnt(const int enforce); | |||
458 | 458 | ||
459 | // profile.c | 459 | // profile.c |
460 | // find and read the profile specified by name from dir directory | 460 | // find and read the profile specified by name from dir directory |
461 | int profile_find(const char *name, const char *dir); | 461 | int profile_find(const char *name, const char *dir, int add_ext); |
462 | int profile_find_firejail(const char *name, int add_ext); | ||
462 | // read a profile file | 463 | // read a profile file |
463 | void profile_read(const char *fname); | 464 | void profile_read(const char *fname); |
464 | // check profile line; if line == 0, this was generated from a command line option | 465 | // check profile line; if line == 0, this was generated from a command line option |
diff --git a/src/firejail/main.c b/src/firejail/main.c index e0a149085..680ce5800 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1485,8 +1485,33 @@ int main(int argc, char **argv) { | |||
1485 | if (!ppath) | 1485 | if (!ppath) |
1486 | errExit("strdup"); | 1486 | errExit("strdup"); |
1487 | 1487 | ||
1488 | profile_read(ppath); | 1488 | if (access(ppath, R_OK)) { |
1489 | custom_profile = 1; | 1489 | char *ptr = ppath; |
1490 | while (*ptr != '/' && *ptr != '.' && *ptr != '\0') | ||
1491 | ptr++; | ||
1492 | // profile path contains no / or . chars, | ||
1493 | // assume its a profile name | ||
1494 | if (*ptr != '\0') { | ||
1495 | fprintf(stderr, "Error: inaccessible profile file: %s\n", ppath); | ||
1496 | exit(1); | ||
1497 | } | ||
1498 | |||
1499 | // profile was not read in previously, try to see if | ||
1500 | // we were given a profile name. | ||
1501 | if (!profile_find_firejail(ppath, 1)) { | ||
1502 | // do not fall through to default profile, | ||
1503 | // because the user should be notified that | ||
1504 | // given profile arg could not be used. | ||
1505 | fprintf(stderr, "Error: no profile with name \"%s\" found.\n", ppath); | ||
1506 | exit(1); | ||
1507 | } | ||
1508 | else | ||
1509 | custom_profile = 1; | ||
1510 | } | ||
1511 | else { | ||
1512 | profile_read(ppath); | ||
1513 | custom_profile = 1; | ||
1514 | } | ||
1490 | free(ppath); | 1515 | free(ppath); |
1491 | } | 1516 | } |
1492 | else if (strcmp(argv[i], "--noprofile") == 0) { | 1517 | else if (strcmp(argv[i], "--noprofile") == 0) { |
@@ -2327,21 +2352,8 @@ int main(int argc, char **argv) { | |||
2327 | 2352 | ||
2328 | 2353 | ||
2329 | // load the profile | 2354 | // load the profile |
2330 | if (!arg_noprofile) { | 2355 | if (!arg_noprofile && !custom_profile) { |
2331 | if (!custom_profile) { | 2356 | custom_profile = profile_find_firejail(cfg.command_name, 1); |
2332 | // look for a profile in ~/.config/firejail directory | ||
2333 | char *usercfgdir; | ||
2334 | if (asprintf(&usercfgdir, "%s/.config/firejail", cfg.homedir) == -1) | ||
2335 | errExit("asprintf"); | ||
2336 | int rv = profile_find(cfg.command_name, usercfgdir); | ||
2337 | free(usercfgdir); | ||
2338 | custom_profile = rv; | ||
2339 | } | ||
2340 | if (!custom_profile) { | ||
2341 | // look for a user profile in /etc/firejail directory | ||
2342 | int rv = profile_find(cfg.command_name, SYSCONFDIR); | ||
2343 | custom_profile = rv; | ||
2344 | } | ||
2345 | } | 2357 | } |
2346 | 2358 | ||
2347 | // use default.profile as the default | 2359 | // use default.profile as the default |
@@ -2352,16 +2364,7 @@ int main(int argc, char **argv) { | |||
2352 | if (arg_debug) | 2364 | if (arg_debug) |
2353 | printf("Attempting to find %s.profile...\n", profile_name); | 2365 | printf("Attempting to find %s.profile...\n", profile_name); |
2354 | 2366 | ||
2355 | // look for the profile in ~/.config/firejail directory | 2367 | custom_profile = profile_find_firejail(profile_name, 1); |
2356 | char *usercfgdir; | ||
2357 | if (asprintf(&usercfgdir, "%s/.config/firejail", cfg.homedir) == -1) | ||
2358 | errExit("asprintf"); | ||
2359 | custom_profile = profile_find(profile_name, usercfgdir); | ||
2360 | free(usercfgdir); | ||
2361 | |||
2362 | if (!custom_profile) | ||
2363 | // look for the profile in /etc/firejail directory | ||
2364 | custom_profile = profile_find(profile_name, SYSCONFDIR); | ||
2365 | 2368 | ||
2366 | if (!custom_profile) { | 2369 | if (!custom_profile) { |
2367 | fprintf(stderr, "Error: no default.profile installed\n"); | 2370 | fprintf(stderr, "Error: no default.profile installed\n"); |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index f70c0c9d1..4fc710f39 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -25,26 +25,29 @@ extern char *xephyr_screen; | |||
25 | #define MAX_READ 8192 // line buffer for profile files | 25 | #define MAX_READ 8192 // line buffer for profile files |
26 | 26 | ||
27 | // find and read the profile specified by name from dir directory | 27 | // find and read the profile specified by name from dir directory |
28 | int profile_find(const char *name, const char *dir) { | 28 | int profile_find(const char *name, const char *dir, int add_ext) { |
29 | EUID_ASSERT(); | 29 | EUID_ASSERT(); |
30 | assert(name); | 30 | assert(name); |
31 | assert(dir); | 31 | assert(dir); |
32 | 32 | ||
33 | int rv = 0; | 33 | int rv = 0; |
34 | DIR *dp; | 34 | DIR *dp; |
35 | char *pname; | 35 | char *pname = NULL; |
36 | if (asprintf(&pname, "%s.profile", name) == -1) | 36 | if (add_ext) |
37 | errExit("asprintf"); | 37 | if (asprintf(&pname, "%s.profile", name) == -1) |
38 | errExit("asprintf"); | ||
39 | else | ||
40 | name = pname; | ||
38 | 41 | ||
39 | dp = opendir (dir); | 42 | dp = opendir (dir); |
40 | if (dp != NULL) { | 43 | if (dp != NULL) { |
41 | struct dirent *ep; | 44 | struct dirent *ep; |
42 | while ((ep = readdir(dp)) != NULL) { | 45 | while ((ep = readdir(dp)) != NULL) { |
43 | if (strcmp(ep->d_name, pname) == 0) { | 46 | if (strcmp(ep->d_name, name) == 0) { |
44 | if (arg_debug) | 47 | if (arg_debug) |
45 | printf("Found %s profile in %s directory\n", name, dir); | 48 | printf("Found %s profile in %s directory\n", name, dir); |
46 | char *etcpname; | 49 | char *etcpname; |
47 | if (asprintf(&etcpname, "%s/%s", dir, pname) == -1) | 50 | if (asprintf(&etcpname, "%s/%s", dir, name) == -1) |
48 | errExit("asprintf"); | 51 | errExit("asprintf"); |
49 | profile_read(etcpname); | 52 | profile_read(etcpname); |
50 | free(etcpname); | 53 | free(etcpname); |
@@ -55,10 +58,26 @@ int profile_find(const char *name, const char *dir) { | |||
55 | (void) closedir (dp); | 58 | (void) closedir (dp); |
56 | } | 59 | } |
57 | 60 | ||
58 | free(pname); | 61 | if (pname) |
62 | free(pname); | ||
59 | return rv; | 63 | return rv; |
60 | } | 64 | } |
61 | 65 | ||
66 | // search and read the profile specified by name from firejail directories | ||
67 | int profile_find_firejail(const char *name, int add_ext) { | ||
68 | // look for a profile in ~/.config/firejail directory | ||
69 | char *usercfgdir; | ||
70 | if (asprintf(&usercfgdir, "%s/.config/firejail", cfg.homedir) == -1) | ||
71 | errExit("asprintf"); | ||
72 | int rv = profile_find(name, usercfgdir, add_ext); | ||
73 | free(usercfgdir); | ||
74 | |||
75 | if (!rv) | ||
76 | // look for a user profile in /etc/firejail directory | ||
77 | rv = profile_find(name, SYSCONFDIR, add_ext); | ||
78 | |||
79 | return rv; | ||
80 | } | ||
62 | 81 | ||
63 | //*************************************************** | 82 | //*************************************************** |
64 | // run-time profiles | 83 | // run-time profiles |