diff options
author | smitsohu <smitsohu@gmail.com> | 2018-09-10 22:54:23 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2018-09-10 22:54:23 +0200 |
commit | 58d9899f3165bfc71c7a55a41d361e161114853d (patch) | |
tree | 7245927309ad3363155a46651c4e890ba367ffa2 /src | |
parent | small rlimits adjustment (diff) | |
download | firejail-58d9899f3165bfc71c7a55a41d361e161114853d.tar.gz firejail-58d9899f3165bfc71c7a55a41d361e161114853d.tar.zst firejail-58d9899f3165bfc71c7a55a41d361e161114853d.zip |
add switch to disable/enable private-cache
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/checkcfg.c | 8 | ||||
-rw-r--r-- | src/firejail/firejail.h | 3 | ||||
-rw-r--r-- | src/firejail/fs.c | 2 | ||||
-rw-r--r-- | src/firejail/main.c | 5 | ||||
-rw-r--r-- | src/firejail/profile.c | 5 |
5 files changed, 20 insertions, 3 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 06820ce24..50f952e91 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -323,6 +323,14 @@ int checkcfg(int val) { | |||
323 | else | 323 | else |
324 | goto errout; | 324 | goto errout; |
325 | } | 325 | } |
326 | else if (strncmp(ptr, "private-cache ", 14) == 0) { | ||
327 | if (strcmp(ptr + 14, "yes") == 0) | ||
328 | cfg_val[CFG_PRIVATE_CACHE] = 1; | ||
329 | else if (strcmp(ptr + 14, "no") == 0) | ||
330 | cfg_val[CFG_PRIVATE_CACHE] = 0; | ||
331 | else | ||
332 | goto errout; | ||
333 | } | ||
326 | else if (strncmp(ptr, "private-lib ", 12) == 0) { | 334 | else if (strncmp(ptr, "private-lib ", 12) == 0) { |
327 | if (strcmp(ptr + 12, "yes") == 0) | 335 | if (strcmp(ptr + 12, "yes") == 0) |
328 | cfg_val[CFG_PRIVATE_LIB] = 1; | 336 | cfg_val[CFG_PRIVATE_LIB] = 1; |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 051456539..389bdbbcb 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -724,6 +724,7 @@ void x11_start_xpra(int argc, char **argv); | |||
724 | void x11_start_xephyr(int argc, char **argv); | 724 | void x11_start_xephyr(int argc, char **argv); |
725 | void x11_block(void); | 725 | void x11_block(void); |
726 | void x11_start_xvfb(int argc, char **argv); | 726 | void x11_start_xvfb(int argc, char **argv); |
727 | void x11_xorg(void); | ||
727 | 728 | ||
728 | // ls.c | 729 | // ls.c |
729 | enum { | 730 | enum { |
@@ -760,6 +761,7 @@ enum { | |||
760 | CFG_PRIVATE_LIB, | 761 | CFG_PRIVATE_LIB, |
761 | CFG_APPARMOR, | 762 | CFG_APPARMOR, |
762 | CFG_DBUS, | 763 | CFG_DBUS, |
764 | CFG_PRIVATE_CACHE, | ||
763 | CFG_MAX // this should always be the last entry | 765 | CFG_MAX // this should always be the last entry |
764 | }; | 766 | }; |
765 | extern char *xephyr_screen; | 767 | extern char *xephyr_screen; |
@@ -770,7 +772,6 @@ extern char *xvfb_extra_params; | |||
770 | extern char *netfilter_default; | 772 | extern char *netfilter_default; |
771 | int checkcfg(int val); | 773 | int checkcfg(int val); |
772 | void print_compiletime_support(void); | 774 | void print_compiletime_support(void); |
773 | void x11_xorg(void); | ||
774 | 775 | ||
775 | // appimage.c | 776 | // appimage.c |
776 | void appimage_set(const char *appimage_path); | 777 | void appimage_set(const char *appimage_path); |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index fa3b3da0a..707817b1c 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -1497,6 +1497,8 @@ void fs_private_cache(void) { | |||
1497 | return; | 1497 | return; |
1498 | } | 1498 | } |
1499 | 1499 | ||
1500 | if (arg_debug) | ||
1501 | printf("Mounting tmpfs on %s\n", cache); | ||
1500 | // get a file descriptor for ~/.cache, fails if there is any symlink | 1502 | // get a file descriptor for ~/.cache, fails if there is any symlink |
1501 | int fd = safe_fd(cache, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC); | 1503 | int fd = safe_fd(cache, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC); |
1502 | if (fd == -1) | 1504 | if (fd == -1) |
diff --git a/src/firejail/main.c b/src/firejail/main.c index da052320c..7c44aca95 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1702,7 +1702,10 @@ int main(int argc, char **argv) { | |||
1702 | arg_private_tmp = 1; | 1702 | arg_private_tmp = 1; |
1703 | } | 1703 | } |
1704 | else if (strcmp(argv[i], "--private-cache") == 0) { | 1704 | else if (strcmp(argv[i], "--private-cache") == 0) { |
1705 | arg_private_cache = 1; | 1705 | if (checkcfg(CFG_PRIVATE_CACHE)) |
1706 | arg_private_cache = 1; | ||
1707 | else | ||
1708 | exit_err_feature("private-cache"); | ||
1706 | } | 1709 | } |
1707 | 1710 | ||
1708 | //************************************* | 1711 | //************************************* |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index bc5915d46..db58d2e0b 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -225,7 +225,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
225 | return 0; | 225 | return 0; |
226 | } | 226 | } |
227 | else if (strcmp(ptr, "private-cache") == 0) { | 227 | else if (strcmp(ptr, "private-cache") == 0) { |
228 | arg_private_cache = 1; | 228 | if (checkcfg(CFG_PRIVATE_CACHE)) |
229 | arg_private_cache = 1; | ||
230 | else | ||
231 | warning_feature_disabled("private-cache"); | ||
229 | return 0; | 232 | return 0; |
230 | } | 233 | } |
231 | else if (strcmp(ptr, "private-dev") == 0) { | 234 | else if (strcmp(ptr, "private-dev") == 0) { |