diff options
author | netblue30 <netblue30@yahoo.com> | 2016-10-01 16:38:07 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-10-01 16:38:07 -0400 |
commit | 2cfa7e461bdfd351ca510a389aedb46d5e69c4c5 (patch) | |
tree | 4bd021d2833edee40606ee0c71aca3cfe97ecd7a /src | |
parent | moved libx11 to libconnect (diff) | |
download | firejail-2cfa7e461bdfd351ca510a389aedb46d5e69c4c5.tar.gz firejail-2cfa7e461bdfd351ca510a389aedb46d5e69c4c5.tar.zst firejail-2cfa7e461bdfd351ca510a389aedb46d5e69c4c5.zip |
dropping requirement for network namespace when using --x11
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs.c | 2 | ||||
-rw-r--r-- | src/firejail/main.c | 4 | ||||
-rw-r--r-- | src/firejail/profile.c | 12 |
3 files changed, 15 insertions, 3 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 3dbfe3909..b40f8a3fa 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -1143,6 +1143,7 @@ int fs_check_chroot_dir(const char *rootdir) { | |||
1143 | 1143 | ||
1144 | // check x11 socket directory | 1144 | // check x11 socket directory |
1145 | if (getenv("FIREJAIL_X11")) { | 1145 | if (getenv("FIREJAIL_X11")) { |
1146 | mask_x11_abstract_socket = 1; | ||
1146 | char *name; | 1147 | char *name; |
1147 | if (asprintf(&name, "%s/tmp/.X11-unix", rootdir) == -1) | 1148 | if (asprintf(&name, "%s/tmp/.X11-unix", rootdir) == -1) |
1148 | errExit("asprintf"); | 1149 | errExit("asprintf"); |
@@ -1173,6 +1174,7 @@ void fs_chroot(const char *rootdir) { | |||
1173 | 1174 | ||
1174 | // x11 | 1175 | // x11 |
1175 | if (getenv("FIREJAIL_X11")) { | 1176 | if (getenv("FIREJAIL_X11")) { |
1177 | mask_x11_abstract_socket = 1; | ||
1176 | char *newx11; | 1178 | char *newx11; |
1177 | if (asprintf(&newx11, "%s/tmp/.X11-unix", rootdir) == -1) | 1179 | if (asprintf(&newx11, "%s/tmp/.X11-unix", rootdir) == -1) |
1178 | errExit("asprintf"); | 1180 | errExit("asprintf"); |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 8576c9ee4..91ea523ab 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -2266,6 +2266,10 @@ int main(int argc, char **argv) { | |||
2266 | fprintf(stderr, "Warning: --trace and --tracelog are mutually exclusive; --tracelog disabled\n"); | 2266 | fprintf(stderr, "Warning: --trace and --tracelog are mutually exclusive; --tracelog disabled\n"); |
2267 | } | 2267 | } |
2268 | 2268 | ||
2269 | // disable x11 abstract socket | ||
2270 | if (getenv("FIREJAIL_X11")) | ||
2271 | mask_x11_abstract_socket = 1; | ||
2272 | |||
2269 | // check user namespace (--noroot) options | 2273 | // check user namespace (--noroot) options |
2270 | if (arg_noroot) { | 2274 | if (arg_noroot) { |
2271 | if (arg_overlay) { | 2275 | if (arg_overlay) { |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 079324f14..faf6c49b6 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -667,8 +667,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
667 | #ifdef HAVE_X11 | 667 | #ifdef HAVE_X11 |
668 | if (checkcfg(CFG_X11)) { | 668 | if (checkcfg(CFG_X11)) { |
669 | char *x11env = getenv("FIREJAIL_X11"); | 669 | char *x11env = getenv("FIREJAIL_X11"); |
670 | if (x11env && strcmp(x11env, "yes") == 0) | 670 | if (x11env && strcmp(x11env, "yes") == 0) { |
671 | mask_x11_abstract_socket = 1; | ||
671 | return 0; | 672 | return 0; |
673 | } | ||
672 | else { | 674 | else { |
673 | // start x11 | 675 | // start x11 |
674 | x11_start_xephyr(cfg.original_argc, cfg.original_argv); | 676 | x11_start_xephyr(cfg.original_argc, cfg.original_argv); |
@@ -683,8 +685,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
683 | #ifdef HAVE_X11 | 685 | #ifdef HAVE_X11 |
684 | if (checkcfg(CFG_X11)) { | 686 | if (checkcfg(CFG_X11)) { |
685 | char *x11env = getenv("FIREJAIL_X11"); | 687 | char *x11env = getenv("FIREJAIL_X11"); |
686 | if (x11env && strcmp(x11env, "yes") == 0) | 688 | if (x11env && strcmp(x11env, "yes") == 0) { |
689 | mask_x11_abstract_socket = 1; | ||
687 | return 0; | 690 | return 0; |
691 | } | ||
688 | else { | 692 | else { |
689 | // start x11 | 693 | // start x11 |
690 | x11_start_xpra(cfg.original_argc, cfg.original_argv); | 694 | x11_start_xpra(cfg.original_argc, cfg.original_argv); |
@@ -699,8 +703,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
699 | #ifdef HAVE_X11 | 703 | #ifdef HAVE_X11 |
700 | if (checkcfg(CFG_X11)) { | 704 | if (checkcfg(CFG_X11)) { |
701 | char *x11env = getenv("FIREJAIL_X11"); | 705 | char *x11env = getenv("FIREJAIL_X11"); |
702 | if (x11env && strcmp(x11env, "yes") == 0) | 706 | if (x11env && strcmp(x11env, "yes") == 0) { |
707 | mask_x11_abstract_socket = 1; | ||
703 | return 0; | 708 | return 0; |
709 | } | ||
704 | else { | 710 | else { |
705 | // start x11 | 711 | // start x11 |
706 | x11_start(cfg.original_argc, cfg.original_argv); | 712 | x11_start(cfg.original_argc, cfg.original_argv); |