diff options
| author |  Simo Piiroinen <simo.piiroinen@jolla.com> | 2020-11-24 13:18:51 +0200 |
|---|---|---|
| committer |  Tomi Leppänen <tomi.leppanen@jolla.com> | 2021-02-25 16:30:21 +0200 |
| commit | 2dc81faa1395cbda3affb94f9d8d9cca76a1ab73 (patch) | |
| tree | ce7df76c01f29e6e4e0f1d3b3f3ec2ee992812e9 /src | |
| parent | fix spacing in gget.profile (diff) | |
| download | firejail-2dc81faa1395cbda3affb94f9d8d9cca76a1ab73.tar.gz firejail-2dc81faa1395cbda3affb94f9d8d9cca76a1ab73.tar.zst firejail-2dc81faa1395cbda3affb94f9d8d9cca76a1ab73.zip | |
Add --mkdir and --mkfile command line options for firejail
Profile files are defined as a means to "pass several command line
arguments to firejail" but apparently for example mkdir and mkfile
options are available in context of profile files, but can't be
specified directly from command line.
Add support for -mkdir and --mkfile options so that executing:
firejail --mkdir=${HOME}/directory/path\
--whitelist=${HOME}/directory/path
behaves similarly as having profile file content:
mkdir ${HOME}/directory/path
whitelist ${HOME}/directory/path
Signed-off-by: Simo Piiroinen <simo.piiroinen@jolla.com>
Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/main.c | 21 | ||||
| -rw-r--r-- | src/firejail/usage.c | 2 |
2 files changed, 22 insertions, 1 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index ef8166204..3c8667829 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -1589,7 +1589,26 @@ int main(int argc, char **argv, char **envp) { | |||
| 1589 | profile_add(line); | 1589 | profile_add(line); |
| 1590 | } | 1590 | } |
| 1591 | #endif | 1591 | #endif |
| 1592 | 1592 | else if (strncmp(argv[i], "--mkdir=", 8) == 0) { | |
| 1593 | char *line; | ||
| 1594 | if (asprintf(&line, "mkdir %s", argv[i] + 8) == -1) | ||
| 1595 | errExit("asprintf"); | ||
| 1596 | /* Note: Applied both immediately in profile_check_line() | ||
| 1597 | * and later on via fs_blacklist(). | ||
| 1598 | */ | ||
| 1599 | profile_check_line(line, 0, NULL); | ||
| 1600 | profile_add(line); | ||
| 1601 | } | ||
| 1602 | else if (strncmp(argv[i], "--mkfile=", 9) == 0) { | ||
| 1603 | char *line; | ||
| 1604 | if (asprintf(&line, "mkfile %s", argv[i] + 9) == -1) | ||
| 1605 | errExit("asprintf"); | ||
| 1606 | /* Note: Applied both immediately in profile_check_line() | ||
| 1607 | * and later on via fs_blacklist(). | ||
| 1608 | */ | ||
| 1609 | profile_check_line(line, 0, NULL); | ||
| 1610 | profile_add(line); | ||
| 1611 | } | ||
| 1593 | else if (strncmp(argv[i], "--read-only=", 12) == 0) { | 1612 | else if (strncmp(argv[i], "--read-only=", 12) == 0) { |
| 1594 | char *line; | 1613 | char *line; |
| 1595 | if (asprintf(&line, "read-only %s", argv[i] + 12) == -1) | 1614 | if (asprintf(&line, "read-only %s", argv[i] + 12) == -1) |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 2c6bbf98f..1ac30299a 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
| @@ -246,6 +246,8 @@ static char *usage_str = | |||
| 246 | #ifdef HAVE_WHITELIST | 246 | #ifdef HAVE_WHITELIST |
| 247 | " --whitelist=filename - whitelist directory or file.\n" | 247 | " --whitelist=filename - whitelist directory or file.\n" |
| 248 | #endif | 248 | #endif |
| 249 | " --mkdir=dirname - create a directory.\n" | ||
| 250 | " --mkfile=filename - create a file.\n" | ||
| 249 | " --writable-etc - /etc directory is mounted read-write.\n" | 251 | " --writable-etc - /etc directory is mounted read-write.\n" |
| 250 | " --writable-run-user - allow access to /run/user/$UID/systemd and\n" | 252 | " --writable-run-user - allow access to /run/user/$UID/systemd and\n" |
| 251 | "\t/run/user/$UID/gnupg.\n" | 253 | "\t/run/user/$UID/gnupg.\n" |