diff options
author | startx2017 <vradu.startx@yandex.com> | 2018-08-04 12:19:14 -0400 |
---|---|---|
committer | startx2017 <vradu.startx@yandex.com> | 2018-08-04 12:19:14 -0400 |
commit | 30e96ea29531e23620e484dfa80490d232ef6b06 (patch) | |
tree | 45cd6a57ff4c887eee914c982dac75beb71066c9 /src | |
parent | Merge branch 'master' of https://github.com/netblue30/firejail (diff) | |
download | firejail-30e96ea29531e23620e484dfa80490d232ef6b06.tar.gz firejail-30e96ea29531e23620e484dfa80490d232ef6b06.tar.zst firejail-30e96ea29531e23620e484dfa80490d232ef6b06.zip |
--ignore cleanup
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/firejail.h | 3 | ||||
-rw-r--r-- | src/firejail/main.c | 20 | ||||
-rw-r--r-- | src/firejail/profile.c | 48 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 2 | ||||
-rw-r--r-- | src/man/firejail.txt | 3 |
5 files changed, 36 insertions, 40 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 9f7936174..471f2e55c 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -451,6 +451,7 @@ void fs_chroot(const char *rootdir); | |||
451 | void fs_check_chroot_dir(const char *rootdir); | 451 | void fs_check_chroot_dir(const char *rootdir); |
452 | void fs_private_tmp(void); | 452 | void fs_private_tmp(void); |
453 | void fs_private_cache(void); | 453 | void fs_private_cache(void); |
454 | void fs_mnt(void); | ||
454 | 455 | ||
455 | // profile.c | 456 | // profile.c |
456 | // find and read the profile specified by name from dir directory | 457 | // find and read the profile specified by name from dir directory |
@@ -463,7 +464,7 @@ void profile_read(const char *fname); | |||
463 | int profile_check_line(char *ptr, int lineno, const char *fname); | 464 | int profile_check_line(char *ptr, int lineno, const char *fname); |
464 | // add a profile entry in cfg.profile list; use str to populate the list | 465 | // add a profile entry in cfg.profile list; use str to populate the list |
465 | void profile_add(char *str); | 466 | void profile_add(char *str); |
466 | void fs_mnt(void); | 467 | void profile_add_ignore(const char *str); |
467 | 468 | ||
468 | // list.c | 469 | // list.c |
469 | void list(void); | 470 | void list(void); |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 3e092a3cc..0651e2f0a 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1469,25 +1469,7 @@ int main(int argc, char **argv) { | |||
1469 | fprintf(stderr, "Error: please use --profile after --ignore\n"); | 1469 | fprintf(stderr, "Error: please use --profile after --ignore\n"); |
1470 | exit(1); | 1470 | exit(1); |
1471 | } | 1471 | } |
1472 | 1472 | profile_add_ignore(argv[i] + 9); | |
1473 | if (*(argv[i] + 9) == '\0') { | ||
1474 | fprintf(stderr, "Error: invalid ignore option\n"); | ||
1475 | exit(1); | ||
1476 | } | ||
1477 | |||
1478 | // find an empty entry in profile_ignore array | ||
1479 | int j; | ||
1480 | for (j = 0; j < MAX_PROFILE_IGNORE; j++) { | ||
1481 | if (cfg.profile_ignore[j] == NULL) | ||
1482 | break; | ||
1483 | } | ||
1484 | if (j >= MAX_PROFILE_IGNORE) { | ||
1485 | fprintf(stderr, "Error: maximum %d --ignore options are permitted\n", MAX_PROFILE_IGNORE); | ||
1486 | exit(1); | ||
1487 | } | ||
1488 | // ... and configure it | ||
1489 | else | ||
1490 | cfg.profile_ignore[j] = argv[i] + 9; | ||
1491 | } | 1473 | } |
1492 | #ifdef HAVE_CHROOT | 1474 | #ifdef HAVE_CHROOT |
1493 | else if (strncmp(argv[i], "--chroot=", 9) == 0) { | 1475 | else if (strncmp(argv[i], "--chroot=", 9) == 0) { |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 4b2fb3abd..60f3f86ee 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -87,6 +87,34 @@ static int is_in_ignore_list(char *ptr) { | |||
87 | return 0; | 87 | return 0; |
88 | } | 88 | } |
89 | 89 | ||
90 | void profile_add_ignore(const char *str) { | ||
91 | assert(str); | ||
92 | if (*str == '\0') { | ||
93 | fprintf(stderr, "Error: invalid ignore option\n"); | ||
94 | exit(1); | ||
95 | } | ||
96 | char *ptr = strdup(str); | ||
97 | if (!ptr) | ||
98 | errExit("strdup"); | ||
99 | |||
100 | // find an empty entry in profile_ignore array | ||
101 | int i; | ||
102 | for (i = 0; i < MAX_PROFILE_IGNORE; i++) { | ||
103 | if (cfg.profile_ignore[i] == NULL) | ||
104 | break; | ||
105 | } | ||
106 | if (i >= MAX_PROFILE_IGNORE) { | ||
107 | fprintf(stderr, "Error: maximum %d --ignore options are permitted\n", MAX_PROFILE_IGNORE); | ||
108 | exit(1); | ||
109 | } | ||
110 | // ... and configure it | ||
111 | else { | ||
112 | cfg.profile_ignore[i] = strdup(str); | ||
113 | if (!cfg.profile_ignore[i]) | ||
114 | errExit("strdup"); | ||
115 | } | ||
116 | } | ||
117 | |||
90 | 118 | ||
91 | // check profile line; if line == 0, this was generated from a command line option | 119 | // check profile line; if line == 0, this was generated from a command line option |
92 | // return 1 if the command is to be added to the linked list of profile commands | 120 | // return 1 if the command is to be added to the linked list of profile commands |
@@ -99,25 +127,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
99 | return 0; | 127 | return 0; |
100 | 128 | ||
101 | if (strncmp(ptr, "ignore ", 7) == 0) { | 129 | if (strncmp(ptr, "ignore ", 7) == 0) { |
102 | char *str = strdup(ptr + 7); | 130 | profile_add_ignore(ptr + 7); |
103 | if (*str == '\0') { | ||
104 | fprintf(stderr, "Error: invalid ignore option\n"); | ||
105 | exit(1); | ||
106 | } | ||
107 | // find an empty entry in profile_ignore array | ||
108 | int j; | ||
109 | for (j = 0; j < MAX_PROFILE_IGNORE; j++) { | ||
110 | if (cfg.profile_ignore[j] == NULL) | ||
111 | break; | ||
112 | } | ||
113 | if (j >= MAX_PROFILE_IGNORE) { | ||
114 | fprintf(stderr, "Error: maximum %d --ignore options are permitted\n", MAX_PROFILE_IGNORE); | ||
115 | exit(1); | ||
116 | } | ||
117 | // ... and configure it | ||
118 | else | ||
119 | cfg.profile_ignore[j] = str; | ||
120 | |||
121 | return 0; | 131 | return 0; |
122 | } | 132 | } |
123 | 133 | ||
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index e29cf4f4b..17562c503 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -113,6 +113,8 @@ Example: "nowhitelist ~/.config" | |||
113 | Ignore command. | 113 | Ignore command. |
114 | 114 | ||
115 | Example: "ignore seccomp" | 115 | Example: "ignore seccomp" |
116 | .br | ||
117 | Example: "ignore net ehh0" | ||
116 | 118 | ||
117 | .TP | 119 | .TP |
118 | \fBquiet | 120 | \fBquiet |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index f29d9cddf..c6fd9cea5 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -509,7 +509,8 @@ Ignore command in profile file. | |||
509 | Example: | 509 | Example: |
510 | .br | 510 | .br |
511 | $ firejail \-\-ignore=shell --ignore=seccomp firefox | 511 | $ firejail \-\-ignore=shell --ignore=seccomp firefox |
512 | 512 | .br | |
513 | $ firejail \-\-ignore="net eth0" firefox | ||
513 | .TP | 514 | .TP |
514 | \fB\-\-interface=interface | 515 | \fB\-\-interface=interface |
515 | Move interface in a new network namespace. Up to four --interface options can be specified. | 516 | Move interface in a new network namespace. Up to four --interface options can be specified. |