diff options
author | netblue30 <netblue30@yahoo.com> | 2018-02-19 10:11:39 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-02-19 10:11:39 -0500 |
commit | 23e5d5e94bbed9ab9e788108227d5e50959e12cd (patch) | |
tree | 642eb79e1d2960c1577e261abf96d7daa64a06e3 /src | |
parent | new video demo (diff) | |
download | firejail-23e5d5e94bbed9ab9e788108227d5e50959e12cd.tar.gz firejail-23e5d5e94bbed9ab9e788108227d5e50959e12cd.tar.zst firejail-23e5d5e94bbed9ab9e788108227d5e50959e12cd.zip |
added support to disable apparmor globally in /etc/firejail/firejail.config
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/checkcfg.c | 9 | ||||
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 2 |
3 files changed, 11 insertions, 1 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 2629fb3ec..0d77c199b 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -103,6 +103,15 @@ int checkcfg(int val) { | |||
103 | else | 103 | else |
104 | goto errout; | 104 | goto errout; |
105 | } | 105 | } |
106 | // apparmor | ||
107 | else if (strncmp(ptr, "apparmor ", 9) == 0) { | ||
108 | if (strcmp(ptr + 9, "yes") == 0) | ||
109 | cfg_val[CFG_APPARMOR] = 1; | ||
110 | else if (strcmp(ptr + 9, "no") == 0) | ||
111 | cfg_val[CFG_APPARMOR] = 0; | ||
112 | else | ||
113 | goto errout; | ||
114 | } | ||
106 | // bind | 115 | // bind |
107 | else if (strncmp(ptr, "bind ", 5) == 0) { | 116 | else if (strncmp(ptr, "bind ", 5) == 0) { |
108 | if (strcmp(ptr + 5, "yes") == 0) | 117 | if (strcmp(ptr + 5, "yes") == 0) |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index e8dc390d4..ca3b73ffc 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -742,6 +742,7 @@ enum { | |||
742 | CFG_ARP_PROBES, | 742 | CFG_ARP_PROBES, |
743 | CFG_XPRA_ATTACH, | 743 | CFG_XPRA_ATTACH, |
744 | CFG_PRIVATE_LIB, | 744 | CFG_PRIVATE_LIB, |
745 | CFG_APPARMOR, | ||
745 | CFG_MAX // this should always be the last entry | 746 | CFG_MAX // this should always be the last entry |
746 | }; | 747 | }; |
747 | extern char *xephyr_screen; | 748 | extern char *xephyr_screen; |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 47bb94a52..503d822a9 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -1065,7 +1065,7 @@ int sandbox(void* sandbox_arg) { | |||
1065 | 1065 | ||
1066 | if (app_pid == 0) { | 1066 | if (app_pid == 0) { |
1067 | #ifdef HAVE_APPARMOR | 1067 | #ifdef HAVE_APPARMOR |
1068 | if (arg_apparmor) { | 1068 | if (checkcfg(CFG_APPARMOR) && arg_apparmor) { |
1069 | errno = 0; | 1069 | errno = 0; |
1070 | if (aa_change_onexec("firejail-default")) { | 1070 | if (aa_change_onexec("firejail-default")) { |
1071 | fwarning("Cannot confine the application using AppArmor.\n" | 1071 | fwarning("Cannot confine the application using AppArmor.\n" |