diff options
author | netblue30 <netblue30@yahoo.com> | 2016-12-24 12:54:03 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-12-24 12:54:03 -0500 |
commit | d4bead7957b380ebcb128abda5bc75a41a9efd48 (patch) | |
tree | 6dc20800c73b97f234f30f02a82301060c678ef1 /src | |
parent | Merge pull request #1002 from thewisenerd/patch-guess-shell (diff) | |
parent | firejail: argv: allow multiple private-* options (diff) | |
download | firejail-d4bead7957b380ebcb128abda5bc75a41a9efd48.tar.gz firejail-d4bead7957b380ebcb128abda5bc75a41a9efd48.tar.zst firejail-d4bead7957b380ebcb128abda5bc75a41a9efd48.zip |
Merge pull request #1004 from thewisenerd/patch-multiple-private-argv
allow multiple private-argv
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 42 | ||||
-rw-r--r-- | src/firejail/profile.c | 34 |
2 files changed, 62 insertions, 14 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index c74fb02d2..e70e20eec 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1509,7 +1509,15 @@ int main(int argc, char **argv) { | |||
1509 | } | 1509 | } |
1510 | 1510 | ||
1511 | // extract private home dirname | 1511 | // extract private home dirname |
1512 | cfg.home_private_keep = argv[i] + 15; | 1512 | if (*(argv[i] + 15) == '\0') { |
1513 | fprintf(stderr, "Error: invalid private-home option\n"); | ||
1514 | exit(1); | ||
1515 | } | ||
1516 | if (cfg.home_private_keep) { | ||
1517 | if ( asprintf(&cfg.home_private_keep, "%s,%s", cfg.home_private_keep, argv[i] + 15) < 0 ) | ||
1518 | errExit("asprintf"); | ||
1519 | } else | ||
1520 | cfg.home_private_keep = argv[i] + 15; | ||
1513 | arg_private = 1; | 1521 | arg_private = 1; |
1514 | } | 1522 | } |
1515 | else | 1523 | else |
@@ -1526,38 +1534,54 @@ int main(int argc, char **argv) { | |||
1526 | } | 1534 | } |
1527 | 1535 | ||
1528 | // extract private etc list | 1536 | // extract private etc list |
1529 | cfg.etc_private_keep = argv[i] + 14; | 1537 | if (*(argv[i] + 14) == '\0') { |
1530 | if (*cfg.etc_private_keep == '\0') { | ||
1531 | fprintf(stderr, "Error: invalid private-etc option\n"); | 1538 | fprintf(stderr, "Error: invalid private-etc option\n"); |
1532 | exit(1); | 1539 | exit(1); |
1533 | } | 1540 | } |
1541 | if (cfg.etc_private_keep) { | ||
1542 | if ( asprintf(&cfg.etc_private_keep, "%s,%s", cfg.etc_private_keep, argv[i] + 14) < 0 ) | ||
1543 | errExit("asprintf"); | ||
1544 | } else | ||
1545 | cfg.etc_private_keep = argv[i] + 14; | ||
1534 | arg_private_etc = 1; | 1546 | arg_private_etc = 1; |
1535 | } | 1547 | } |
1536 | else if (strncmp(argv[i], "--private-opt=", 14) == 0) { | 1548 | else if (strncmp(argv[i], "--private-opt=", 14) == 0) { |
1537 | // extract private opt list | 1549 | // extract private opt list |
1538 | cfg.opt_private_keep = argv[i] + 14; | 1550 | if (*(argv[i] + 14) == '\0') { |
1539 | if (*cfg.opt_private_keep == '\0') { | ||
1540 | fprintf(stderr, "Error: invalid private-opt option\n"); | 1551 | fprintf(stderr, "Error: invalid private-opt option\n"); |
1541 | exit(1); | 1552 | exit(1); |
1542 | } | 1553 | } |
1554 | if (cfg.opt_private_keep) { | ||
1555 | if ( asprintf(&cfg.opt_private_keep, "%s,%s", cfg.opt_private_keep, argv[i] + 14) < 0 ) | ||
1556 | errExit("asprintf"); | ||
1557 | } else | ||
1558 | cfg.opt_private_keep = argv[i] + 14; | ||
1543 | arg_private_opt = 1; | 1559 | arg_private_opt = 1; |
1544 | } | 1560 | } |
1545 | else if (strncmp(argv[i], "--private-srv=", 14) == 0) { | 1561 | else if (strncmp(argv[i], "--private-srv=", 14) == 0) { |
1546 | // extract private srv list | 1562 | // extract private srv list |
1547 | cfg.srv_private_keep = argv[i] + 14; | 1563 | if (*(argv[i] + 14) == '\0') { |
1548 | if (*cfg.srv_private_keep == '\0') { | ||
1549 | fprintf(stderr, "Error: invalid private-etc option\n"); | 1564 | fprintf(stderr, "Error: invalid private-etc option\n"); |
1550 | exit(1); | 1565 | exit(1); |
1551 | } | 1566 | } |
1567 | if (cfg.srv_private_keep) { | ||
1568 | if ( asprintf(&cfg.srv_private_keep, "%s,%s", cfg.srv_private_keep, argv[i] + 14) < 0 ) | ||
1569 | errExit("asprintf"); | ||
1570 | } else | ||
1571 | cfg.srv_private_keep = argv[i] + 14; | ||
1552 | arg_private_srv = 1; | 1572 | arg_private_srv = 1; |
1553 | } | 1573 | } |
1554 | else if (strncmp(argv[i], "--private-bin=", 14) == 0) { | 1574 | else if (strncmp(argv[i], "--private-bin=", 14) == 0) { |
1555 | // extract private bin list | 1575 | // extract private bin list |
1556 | cfg.bin_private_keep = argv[i] + 14; | 1576 | if (*(argv[i] + 14) == '\0') { |
1557 | if (*cfg.bin_private_keep == '\0') { | ||
1558 | fprintf(stderr, "Error: invalid private-bin option\n"); | 1577 | fprintf(stderr, "Error: invalid private-bin option\n"); |
1559 | exit(1); | 1578 | exit(1); |
1560 | } | 1579 | } |
1580 | if (cfg.bin_private_keep) { | ||
1581 | if ( asprintf(&cfg.bin_private_keep, "%s,%s", cfg.bin_private_keep, argv[i] + 14) < 0 ) | ||
1582 | errExit("asprintf"); | ||
1583 | } else | ||
1584 | cfg.bin_private_keep = argv[i] + 14; | ||
1561 | arg_private_bin = 1; | 1585 | arg_private_bin = 1; |
1562 | } | 1586 | } |
1563 | else if (strcmp(argv[i], "--private-tmp") == 0) { | 1587 | else if (strcmp(argv[i], "--private-tmp") == 0) { |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index da3daf95a..fab4f1efa 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -179,7 +179,11 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
179 | if (strncmp(ptr, "private-home ", 13) == 0) { | 179 | if (strncmp(ptr, "private-home ", 13) == 0) { |
180 | #ifdef HAVE_PRIVATE_HOME | 180 | #ifdef HAVE_PRIVATE_HOME |
181 | if (checkcfg(CFG_PRIVATE_HOME)) { | 181 | if (checkcfg(CFG_PRIVATE_HOME)) { |
182 | cfg.home_private_keep = ptr + 13; | 182 | if (cfg.home_private_keep) { |
183 | if ( asprintf(&cfg.home_private_keep, "%s,%s", cfg.home_private_keep, ptr + 13) < 0 ) | ||
184 | errExit("asprintf"); | ||
185 | } else | ||
186 | cfg.home_private_keep = ptr + 13; | ||
183 | arg_private = 1; | 187 | arg_private = 1; |
184 | } | 188 | } |
185 | else | 189 | else |
@@ -748,7 +752,12 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
748 | fprintf(stderr, "Error: --private-etc and --writable-etc are mutually exclusive\n"); | 752 | fprintf(stderr, "Error: --private-etc and --writable-etc are mutually exclusive\n"); |
749 | exit(1); | 753 | exit(1); |
750 | } | 754 | } |
751 | cfg.etc_private_keep = ptr + 12; | 755 | if (cfg.etc_private_keep) { |
756 | if ( asprintf(&cfg.etc_private_keep, "%s,%s", cfg.etc_private_keep, ptr + 12) < 0 ) | ||
757 | errExit("asprintf"); | ||
758 | } else { | ||
759 | cfg.etc_private_keep = ptr + 12; | ||
760 | } | ||
752 | arg_private_etc = 1; | 761 | arg_private_etc = 1; |
753 | 762 | ||
754 | return 0; | 763 | return 0; |
@@ -756,7 +765,12 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
756 | 765 | ||
757 | // private /opt list of files and directories | 766 | // private /opt list of files and directories |
758 | if (strncmp(ptr, "private-opt ", 12) == 0) { | 767 | if (strncmp(ptr, "private-opt ", 12) == 0) { |
759 | cfg.opt_private_keep = ptr + 12; | 768 | if (cfg.opt_private_keep) { |
769 | if ( asprintf(&cfg.opt_private_keep, "%s,%s", cfg.opt_private_keep, ptr + 12) < 0 ) | ||
770 | errExit("asprintf"); | ||
771 | } else { | ||
772 | cfg.opt_private_keep = ptr + 12; | ||
773 | } | ||
760 | arg_private_opt = 1; | 774 | arg_private_opt = 1; |
761 | 775 | ||
762 | return 0; | 776 | return 0; |
@@ -764,7 +778,12 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
764 | 778 | ||
765 | // private /srv list of files and directories | 779 | // private /srv list of files and directories |
766 | if (strncmp(ptr, "private-srv ", 12) == 0) { | 780 | if (strncmp(ptr, "private-srv ", 12) == 0) { |
767 | cfg.srv_private_keep = ptr + 12; | 781 | if (cfg.srv_private_keep) { |
782 | if ( asprintf(&cfg.srv_private_keep, "%s,%s", cfg.srv_private_keep, ptr + 12) < 0 ) | ||
783 | errExit("asprintf"); | ||
784 | } else { | ||
785 | cfg.srv_private_keep = ptr + 12; | ||
786 | } | ||
768 | arg_private_srv = 1; | 787 | arg_private_srv = 1; |
769 | 788 | ||
770 | return 0; | 789 | return 0; |
@@ -772,7 +791,12 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
772 | 791 | ||
773 | // private /bin list of files | 792 | // private /bin list of files |
774 | if (strncmp(ptr, "private-bin ", 12) == 0) { | 793 | if (strncmp(ptr, "private-bin ", 12) == 0) { |
775 | cfg.bin_private_keep = ptr + 12; | 794 | if (cfg.bin_private_keep) { |
795 | if ( asprintf(&cfg.bin_private_keep, "%s,%s", cfg.bin_private_keep, ptr + 12) < 0 ) | ||
796 | errExit("asprintf"); | ||
797 | } else { | ||
798 | cfg.bin_private_keep = ptr + 12; | ||
799 | } | ||
776 | arg_private_bin = 1; | 800 | arg_private_bin = 1; |
777 | return 0; | 801 | return 0; |
778 | } | 802 | } |