diff options
author | smitsohu <smitsohu@gmail.com> | 2020-08-19 00:55:47 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2020-08-19 00:55:47 +0200 |
commit | f473c959d2549ec0799bc6a7b7609c10b7f7e758 (patch) | |
tree | 9db27c3f12ad9a0d4be9524a8557cfd52e01a29a /src | |
parent | drop system(3) calls from sandbox.c (diff) | |
download | firejail-f473c959d2549ec0799bc6a7b7609c10b7f7e758.tar.gz firejail-f473c959d2549ec0799bc6a7b7609c10b7f7e758.tar.zst firejail-f473c959d2549ec0799bc6a7b7609c10b7f7e758.zip |
cat option
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 31 | ||||
-rw-r--r-- | src/firejail/usage.c | 3 | ||||
-rw-r--r-- | src/man/firejail.txt | 18 |
3 files changed, 49 insertions, 3 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 79e39b669..afd9af91d 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -811,6 +811,8 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
811 | } | 811 | } |
812 | 812 | ||
813 | // list directory contents | 813 | // list directory contents |
814 | if (!arg_debug) | ||
815 | arg_quiet = 1; | ||
814 | pid_t pid = require_pid(argv[i] + 5); | 816 | pid_t pid = require_pid(argv[i] + 5); |
815 | sandboxfs(SANDBOX_FS_LS, pid, path, NULL); | 817 | sandboxfs(SANDBOX_FS_LS, pid, path, NULL); |
816 | exit(0); | 818 | exit(0); |
@@ -818,6 +820,35 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
818 | else | 820 | else |
819 | exit_err_feature("file transfer"); | 821 | exit_err_feature("file transfer"); |
820 | } | 822 | } |
823 | else if (strncmp(argv[i], "--cat=", 6) == 0) { | ||
824 | if (checkcfg(CFG_FILE_TRANSFER)) { | ||
825 | logargs(argc, argv); | ||
826 | if (arg_private_cwd) { | ||
827 | fprintf(stderr, "Error: --cat and --private-cwd options are mutually exclusive\n"); | ||
828 | exit(1); | ||
829 | } | ||
830 | |||
831 | if ((i + 2) != argc) { | ||
832 | fprintf(stderr, "Error: invalid --cat option, path expected\n"); | ||
833 | exit(1); | ||
834 | } | ||
835 | char *path = argv[i + 1]; | ||
836 | invalid_filename(path, 0); // no globbing | ||
837 | if (strstr(path, "..")) { | ||
838 | fprintf(stderr, "Error: invalid file name %s\n", path); | ||
839 | exit(1); | ||
840 | } | ||
841 | |||
842 | // write file contents to stdout | ||
843 | if (!arg_debug) | ||
844 | arg_quiet = 1; | ||
845 | pid_t pid = require_pid(argv[i] + 6); | ||
846 | sandboxfs(SANDBOX_FS_CAT, pid, path, NULL); | ||
847 | exit(0); | ||
848 | } | ||
849 | else | ||
850 | exit_err_feature("file transfer"); | ||
851 | } | ||
821 | #endif | 852 | #endif |
822 | else if (strncmp(argv[i], "--join=", 7) == 0) { | 853 | else if (strncmp(argv[i], "--join=", 7) == 0) { |
823 | if (checkcfg(CFG_JOIN) || getuid() == 0) { | 854 | if (checkcfg(CFG_JOIN) || getuid() == 0) { |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 4ab464289..be6715df4 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -47,6 +47,9 @@ static char *usage_str = | |||
47 | " --caps.drop=capability,capability - blacklist capabilities filter.\n" | 47 | " --caps.drop=capability,capability - blacklist capabilities filter.\n" |
48 | " --caps.keep=capability,capability - whitelist capabilities filter.\n" | 48 | " --caps.keep=capability,capability - whitelist capabilities filter.\n" |
49 | " --caps.print=name|pid - print the caps filter.\n" | 49 | " --caps.print=name|pid - print the caps filter.\n" |
50 | #ifdef HAVE_FILE_TRANSFER | ||
51 | " --cat=name|pid filename - print content of file from sandbox container.\n" | ||
52 | #endif | ||
50 | " --cgroup=tasks-file - place the sandbox in the specified control group.\n" | 53 | " --cgroup=tasks-file - place the sandbox in the specified control group.\n" |
51 | #ifdef HAVE_CHROOT | 54 | #ifdef HAVE_CHROOT |
52 | " --chroot=dirname - chroot into directory.\n" | 55 | " --chroot=dirname - chroot into directory.\n" |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 69cd4a7bc..f5f092bd9 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -273,6 +273,10 @@ $ firejail \-\-list | |||
273 | $ firejail \-\-caps.print=3272 | 273 | $ firejail \-\-caps.print=3272 |
274 | 274 | ||
275 | .TP | 275 | .TP |
276 | \fB\-\-cat=name|pid filename | ||
277 | Print content of file from sandbox container, see FILE TRANSFER section for more details. | ||
278 | |||
279 | .TP | ||
276 | \fB\-\-cgroup=tasks-file | 280 | \fB\-\-cgroup=tasks-file |
277 | Place the sandbox in the specified control group. tasks-file is the full path of cgroup tasks file. | 281 | Place the sandbox in the specified control group. tasks-file is the full path of cgroup tasks file. |
278 | .br | 282 | .br |
@@ -344,7 +348,7 @@ $ firejail --dbus-system=filter --dbus-system.log --dbus-log=dbus.txt | |||
344 | 348 | ||
345 | .TP | 349 | .TP |
346 | \fB\-\-dbus-system=filter|none | 350 | \fB\-\-dbus-system=filter|none |
347 | Set system DBus sandboxing policy. | 351 | Set system DBus sandboxing policy. |
348 | .br | 352 | .br |
349 | 353 | ||
350 | .br | 354 | .br |
@@ -3029,6 +3033,10 @@ These features allow the user to inspect the filesystem container of an existing | |||
3029 | and transfer files between the container and the host filesystem. | 3033 | and transfer files between the container and the host filesystem. |
3030 | 3034 | ||
3031 | .TP | 3035 | .TP |
3036 | \fB\-\-cat=name|pid filename | ||
3037 | Write content of a container file to standard out. | ||
3038 | |||
3039 | .TP | ||
3032 | \fB\-\-get=name|pid filename | 3040 | \fB\-\-get=name|pid filename |
3033 | Retrieve the container file and store it on the host in the current working directory. | 3041 | Retrieve the container file and store it on the host in the current working directory. |
3034 | The container is specified by name or PID. | 3042 | The container is specified by name or PID. |
@@ -3072,6 +3080,10 @@ $ firejail \-\-get=mybrowser ~/Downloads/xpra-clipboard.png | |||
3072 | $ firejail \-\-put=mybrowser xpra-clipboard.png ~/Downloads/xpra-clipboard.png | 3080 | $ firejail \-\-put=mybrowser xpra-clipboard.png ~/Downloads/xpra-clipboard.png |
3073 | .br | 3081 | .br |
3074 | 3082 | ||
3083 | .br | ||
3084 | $ firejail \-\-cat=mybrowser ~/.bashrc | ||
3085 | .br | ||
3086 | |||
3075 | .SH MONITORING | 3087 | .SH MONITORING |
3076 | Option \-\-list prints a list of all sandboxes. The format | 3088 | Option \-\-list prints a list of all sandboxes. The format |
3077 | for each process entry is as follows: | 3089 | for each process entry is as follows: |
@@ -3259,7 +3271,7 @@ Homepage: https://firejail.wordpress.com | |||
3259 | \&\flfirejail-profile\fR\|(5), | 3271 | \&\flfirejail-profile\fR\|(5), |
3260 | \&\flfirejail-login\fR\|(5), | 3272 | \&\flfirejail-login\fR\|(5), |
3261 | \&\flfirejail-users\fR\|(5), | 3273 | \&\flfirejail-users\fR\|(5), |
3262 | .UR https://github.com/netblue30/firejail/wiki | 3274 | .UR https://github.com/netblue30/firejail/wiki |
3263 | .UE , | 3275 | .UE , |
3264 | .UR https://github.com/netblue30/firejail | 3276 | .UR https://github.com/netblue30/firejail |
3265 | .UE | 3277 | .UE |