diff options
author | netblue30 <netblue30@yahoo.com> | 2019-05-17 10:53:37 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-05-17 10:53:37 -0500 |
commit | 0347e4d7efd4b0331bcb6ffef0f4e6f0af8af7e2 (patch) | |
tree | 31f79cd173b668b30443e3be848a36d0ce22501e /src | |
parent | Fix overridden DBUS_SESSION_BUS_ADDRESS with nodbus (diff) | |
parent | Merge pull request #2694 from laomaiweng/propagate-quiet (diff) | |
download | firejail-0347e4d7efd4b0331bcb6ffef0f4e6f0af8af7e2.tar.gz firejail-0347e4d7efd4b0331bcb6ffef0f4e6f0af8af7e2.tar.zst firejail-0347e4d7efd4b0331bcb6ffef0f4e6f0af8af7e2.zip |
Merge branch 'master' into nodbus-enhancements
Diffstat (limited to 'src')
-rw-r--r-- | src/firecfg/firecfg.config | 1 | ||||
-rw-r--r-- | src/firejail/dbus.c | 7 | ||||
-rw-r--r-- | src/firejail/env.c | 5 | ||||
-rw-r--r-- | src/firejail/firejail.h | 2 | ||||
-rw-r--r-- | src/firejail/fs.c | 4 | ||||
-rw-r--r-- | src/firejail/fs_home.c | 6 | ||||
-rw-r--r-- | src/firejail/fs_whitelist.c | 6 | ||||
-rw-r--r-- | src/firejail/main.c | 3 | ||||
-rw-r--r-- | src/firejail/mountinfo.c | 4 | ||||
-rw-r--r-- | src/firejail/pulseaudio.c | 4 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 2 | ||||
-rw-r--r-- | src/firejail/util.c | 4 | ||||
-rw-r--r-- | src/firejail/x11.c | 4 | ||||
-rw-r--r-- | src/man/firejail.txt | 8 |
14 files changed, 51 insertions, 9 deletions
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 2d4902b91..aba0e9f60 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -92,6 +92,7 @@ calligraplanwork | |||
92 | calligrasheets | 92 | calligrasheets |
93 | calligrastage | 93 | calligrastage |
94 | calligrawords | 94 | calligrawords |
95 | cantata | ||
95 | catfish | 96 | catfish |
96 | celluloid | 97 | celluloid |
97 | checkbashisms | 98 | checkbashisms |
diff --git a/src/firejail/dbus.c b/src/firejail/dbus.c index 94d872ca5..b856ff809 100644 --- a/src/firejail/dbus.c +++ b/src/firejail/dbus.c | |||
@@ -19,7 +19,7 @@ | |||
19 | */ | 19 | */ |
20 | #include "firejail.h" | 20 | #include "firejail.h" |
21 | 21 | ||
22 | void dbus_session_disable(void) { | 22 | void dbus_disable(void) { |
23 | if (!checkcfg(CFG_DBUS)) { | 23 | if (!checkcfg(CFG_DBUS)) { |
24 | fwarning("D-Bus handling is disabled in Firejail configuration file\n"); | 24 | fwarning("D-Bus handling is disabled in Firejail configuration file\n"); |
25 | return; | 25 | return; |
@@ -43,12 +43,17 @@ void dbus_session_disable(void) { | |||
43 | free(path); | 43 | free(path); |
44 | free(env_var); | 44 | free(env_var); |
45 | 45 | ||
46 | |||
46 | // blacklist the dbus-launch user directory | 47 | // blacklist the dbus-launch user directory |
47 | if (asprintf(&path, "%s/.dbus", cfg.homedir) == -1) | 48 | if (asprintf(&path, "%s/.dbus", cfg.homedir) == -1) |
48 | errExit("asprintf"); | 49 | errExit("asprintf"); |
49 | disable_file_or_dir(path); | 50 | disable_file_or_dir(path); |
50 | free(path); | 51 | free(path); |
51 | 52 | ||
53 | // blacklist also system D-Bus socket | ||
54 | disable_file_or_dir("/run/dbus/system_bus_socket"); | ||
55 | |||
56 | |||
52 | // look for a possible abstract unix socket | 57 | // look for a possible abstract unix socket |
53 | 58 | ||
54 | // --net=none | 59 | // --net=none |
diff --git a/src/firejail/env.c b/src/firejail/env.c index 2e9f516ba..f15e1362f 100644 --- a/src/firejail/env.c +++ b/src/firejail/env.c | |||
@@ -160,6 +160,11 @@ void env_defaults(void) { | |||
160 | // set the window title | 160 | // set the window title |
161 | if (!arg_quiet) | 161 | if (!arg_quiet) |
162 | printf("\033]0;firejail %s\007", cfg.window_title); | 162 | printf("\033]0;firejail %s\007", cfg.window_title); |
163 | |||
164 | // pass --quiet as an environment variable, in case the command calls further firejailed commands | ||
165 | if (arg_quiet) | ||
166 | setenv("FIREJAIL_QUIET", "yes", 1); | ||
167 | |||
163 | fflush(0); | 168 | fflush(0); |
164 | } | 169 | } |
165 | 170 | ||
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 2e04084e3..e0f3a6a16 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -782,6 +782,6 @@ void set_x11_run_file(pid_t pid, int display); | |||
782 | void set_profile_run_file(pid_t pid, const char *fname); | 782 | void set_profile_run_file(pid_t pid, const char *fname); |
783 | 783 | ||
784 | // dbus.c | 784 | // dbus.c |
785 | void dbus_session_disable(void); | 785 | void dbus_disable(void); |
786 | 786 | ||
787 | #endif | 787 | #endif |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index f9d968427..bf7c0a4b2 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -27,7 +27,11 @@ | |||
27 | #include <glob.h> | 27 | #include <glob.h> |
28 | #include <dirent.h> | 28 | #include <dirent.h> |
29 | #include <errno.h> | 29 | #include <errno.h> |
30 | |||
30 | #include <fcntl.h> | 31 | #include <fcntl.h> |
32 | #ifndef O_PATH | ||
33 | # define O_PATH 010000000 | ||
34 | #endif | ||
31 | 35 | ||
32 | #define MAX_BUF 4096 | 36 | #define MAX_BUF 4096 |
33 | #define EMPTY_STRING ("") | 37 | #define EMPTY_STRING ("") |
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index e35bf073d..b44d09acc 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -22,7 +22,6 @@ | |||
22 | #include <linux/limits.h> | 22 | #include <linux/limits.h> |
23 | #include <glob.h> | 23 | #include <glob.h> |
24 | #include <dirent.h> | 24 | #include <dirent.h> |
25 | #include <fcntl.h> | ||
26 | #include <errno.h> | 25 | #include <errno.h> |
27 | #include <sys/stat.h> | 26 | #include <sys/stat.h> |
28 | #include <sys/types.h> | 27 | #include <sys/types.h> |
@@ -31,6 +30,11 @@ | |||
31 | #include <grp.h> | 30 | #include <grp.h> |
32 | //#include <ftw.h> | 31 | //#include <ftw.h> |
33 | 32 | ||
33 | #include <fcntl.h> | ||
34 | #ifndef O_PATH | ||
35 | # define O_PATH 010000000 | ||
36 | #endif | ||
37 | |||
34 | static void skel(const char *homedir, uid_t u, gid_t g) { | 38 | static void skel(const char *homedir, uid_t u, gid_t g) { |
35 | char *fname; | 39 | char *fname; |
36 | 40 | ||
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index d128065d3..bce44b9e5 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -24,9 +24,13 @@ | |||
24 | #include <fnmatch.h> | 24 | #include <fnmatch.h> |
25 | #include <glob.h> | 25 | #include <glob.h> |
26 | #include <dirent.h> | 26 | #include <dirent.h> |
27 | #include <fcntl.h> | ||
28 | #include <errno.h> | 27 | #include <errno.h> |
29 | 28 | ||
29 | #include <fcntl.h> | ||
30 | #ifndef O_PATH | ||
31 | # define O_PATH 010000000 | ||
32 | #endif | ||
33 | |||
30 | // mountinfo functionality test; | 34 | // mountinfo functionality test; |
31 | // 1. enable TEST_MOUNTINFO definition | 35 | // 1. enable TEST_MOUNTINFO definition |
32 | // 2. run firejail --whitelist=/any/directory | 36 | // 2. run firejail --whitelist=/any/directory |
diff --git a/src/firejail/main.c b/src/firejail/main.c index ece4c2cb5..f3dc72944 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -907,7 +907,8 @@ int main(int argc, char **argv) { | |||
907 | 907 | ||
908 | // get starting timestamp, process --quiet | 908 | // get starting timestamp, process --quiet |
909 | start_timestamp = getticks(); | 909 | start_timestamp = getticks(); |
910 | if (check_arg(argc, argv, "--quiet", 1)) | 910 | char *env_quiet = getenv("FIREJAIL_QUIET"); |
911 | if (check_arg(argc, argv, "--quiet", 1) || (env_quiet && strcmp(env_quiet, "yes") == 0)) | ||
911 | arg_quiet = 1; | 912 | arg_quiet = 1; |
912 | 913 | ||
913 | // cleanup at exit | 914 | // cleanup at exit |
diff --git a/src/firejail/mountinfo.c b/src/firejail/mountinfo.c index 0717b2044..7369ad247 100644 --- a/src/firejail/mountinfo.c +++ b/src/firejail/mountinfo.c | |||
@@ -19,7 +19,11 @@ | |||
19 | */ | 19 | */ |
20 | 20 | ||
21 | #include "firejail.h" | 21 | #include "firejail.h" |
22 | |||
22 | #include <fcntl.h> | 23 | #include <fcntl.h> |
24 | #ifndef O_PATH | ||
25 | # define O_PATH 010000000 | ||
26 | #endif | ||
23 | 27 | ||
24 | #define MAX_BUF 4096 | 28 | #define MAX_BUF 4096 |
25 | 29 | ||
diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c index 26beaf35a..e3f237b8e 100644 --- a/src/firejail/pulseaudio.c +++ b/src/firejail/pulseaudio.c | |||
@@ -24,7 +24,11 @@ | |||
24 | #include <sys/mount.h> | 24 | #include <sys/mount.h> |
25 | #include <dirent.h> | 25 | #include <dirent.h> |
26 | #include <sys/wait.h> | 26 | #include <sys/wait.h> |
27 | |||
27 | #include <fcntl.h> | 28 | #include <fcntl.h> |
29 | #ifndef O_PATH | ||
30 | # define O_PATH 010000000 | ||
31 | #endif | ||
28 | 32 | ||
29 | // disable pulseaudio socket | 33 | // disable pulseaudio socket |
30 | void pulseaudio_disable(void) { | 34 | void pulseaudio_disable(void) { |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 101a16d00..9f0a5f25c 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -923,7 +923,7 @@ int sandbox(void* sandbox_arg) { | |||
923 | // Session D-BUS | 923 | // Session D-BUS |
924 | //**************************** | 924 | //**************************** |
925 | if (arg_nodbus) | 925 | if (arg_nodbus) |
926 | dbus_session_disable(); | 926 | dbus_disable(); |
927 | 927 | ||
928 | 928 | ||
929 | //**************************** | 929 | //**************************** |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 3e2cd13d5..fff0bbf2f 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -29,7 +29,11 @@ | |||
29 | #include <sys/ioctl.h> | 29 | #include <sys/ioctl.h> |
30 | #include <termios.h> | 30 | #include <termios.h> |
31 | #include <sys/wait.h> | 31 | #include <sys/wait.h> |
32 | |||
32 | #include <fcntl.h> | 33 | #include <fcntl.h> |
34 | #ifndef O_PATH | ||
35 | # define O_PATH 010000000 | ||
36 | #endif | ||
33 | 37 | ||
34 | #define MAX_GROUPS 1024 | 38 | #define MAX_GROUPS 1024 |
35 | #define MAXBUF 4098 | 39 | #define MAXBUF 4098 |
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index b0ed10b30..9d821d980 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -31,7 +31,11 @@ | |||
31 | #include <sys/wait.h> | 31 | #include <sys/wait.h> |
32 | #include <errno.h> | 32 | #include <errno.h> |
33 | #include <limits.h> | 33 | #include <limits.h> |
34 | |||
34 | #include <fcntl.h> | 35 | #include <fcntl.h> |
36 | #ifndef O_PATH | ||
37 | # define O_PATH 010000000 | ||
38 | #endif | ||
35 | 39 | ||
36 | 40 | ||
37 | // Parse the DISPLAY environment variable and return a display number. | 41 | // Parse the DISPLAY environment variable and return a display number. |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 1b56dedcd..8f6948ef4 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1107,9 +1107,11 @@ $ nc dict.org 2628 | |||
1107 | .br | 1107 | .br |
1108 | .TP | 1108 | .TP |
1109 | \fB\-\-nodbus | 1109 | \fB\-\-nodbus |
1110 | Disable D-Bus access. Only the regular UNIX socket is handled by this command. To | 1110 | Disable D-Bus access (both system and session buses). Only the regular |
1111 | disable the abstract socket you would need to request a new network namespace using | 1111 | UNIX sockets are handled by this command. To disable the abstract |
1112 | \-\-net command. Another option is to remove unix from \-\-protocol set. | 1112 | sockets you would need to request a new network namespace using |
1113 | \-\-net command. Another option is to remove unix from \-\-protocol | ||
1114 | set. | ||
1113 | .br | 1115 | .br |
1114 | 1116 | ||
1115 | .br | 1117 | .br |