diff options
| author |  smitsohu <smitsohu@gmail.com> | 2021-02-25 01:26:53 +0100 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2021-02-25 01:26:53 +0100 |
| commit | a2e1248e6d7d18ccc0dc5bb60674e05d3eeb3c2b (patch) | |
| tree | 4317eb1598a412b38a579bb30c162fb90204ab0e /src | |
| parent | jailtest fix (diff) | |
| download | firejail-a2e1248e6d7d18ccc0dc5bb60674e05d3eeb3c2b.tar.gz firejail-a2e1248e6d7d18ccc0dc5bb60674e05d3eeb3c2b.tar.zst firejail-a2e1248e6d7d18ccc0dc5bb60674e05d3eeb3c2b.zip | |
cleanup
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/no_sandbox.c | 40 |
1 files changed, 13 insertions, 27 deletions
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c index 3120fe527..1e8951afc 100644 --- a/src/firejail/no_sandbox.c +++ b/src/firejail/no_sandbox.c | |||
| @@ -167,15 +167,6 @@ void run_no_sandbox(int argc, char **argv) { | |||
| 167 | if (setresuid(-1, getuid(), getuid()) != 0) | 167 | if (setresuid(-1, getuid(), getuid()) != 0) |
| 168 | errExit("setresuid"); | 168 | errExit("setresuid"); |
| 169 | 169 | ||
| 170 | // process limited subset of options | ||
| 171 | int i; | ||
| 172 | for (i = 0; i < argc; i++) { | ||
| 173 | if (strcmp(argv[i], "--debug") == 0) | ||
| 174 | arg_debug = 1; | ||
| 175 | else if (strncmp(argv[i], "--shell=", 8) == 0) | ||
| 176 | fwarning("shell-related command line options are disregarded - using SHELL environment variable\n"); | ||
| 177 | } | ||
| 178 | |||
| 179 | // use $SHELL to get shell used in sandbox, guess shell otherwise | 170 | // use $SHELL to get shell used in sandbox, guess shell otherwise |
| 180 | cfg.shell = guess_shell(); | 171 | cfg.shell = guess_shell(); |
| 181 | if (!cfg.shell) { | 172 | if (!cfg.shell) { |
| @@ -185,12 +176,18 @@ void run_no_sandbox(int argc, char **argv) { | |||
| 185 | else if (arg_debug) | 176 | else if (arg_debug) |
| 186 | printf("Selecting %s as shell\n", cfg.shell); | 177 | printf("Selecting %s as shell\n", cfg.shell); |
| 187 | 178 | ||
| 188 | int prog_index = 0; | 179 | // process limited subset of options |
| 189 | // find first non option arg: | 180 | // and find first non option arg: |
| 190 | // - first argument not starting with --, | 181 | // - first argument not starting with --, |
| 191 | // - whatever follows after -c (example: firejail -c ls) | 182 | // - whatever follows after -c (example: firejail -c ls) |
| 183 | int prog_index = 0; | ||
| 184 | int i; | ||
| 192 | for (i = 1; i < argc; i++) { | 185 | for (i = 1; i < argc; i++) { |
| 193 | if (strcmp(argv[i], "-c") == 0) { | 186 | if (strcmp(argv[i], "--debug") == 0) |
| 187 | arg_debug = 1; | ||
| 188 | else if (strncmp(argv[i], "--shell=", 8) == 0) | ||
| 189 | fwarning("shell-related command line options are disregarded\n"); | ||
| 190 | else if (strcmp(argv[i], "-c") == 0) { | ||
| 194 | prog_index = i + 1; | 191 | prog_index = i + 1; |
| 195 | if (prog_index == argc) { | 192 | if (prog_index == argc) { |
| 196 | fprintf(stderr, "Error: option -c requires an argument\n"); | 193 | fprintf(stderr, "Error: option -c requires an argument\n"); |
| @@ -199,18 +196,12 @@ void run_no_sandbox(int argc, char **argv) { | |||
| 199 | break; | 196 | break; |
| 200 | } | 197 | } |
| 201 | // check first argument not starting with -- | 198 | // check first argument not starting with -- |
| 202 | if (strncmp(argv[i],"--",2) != 0) { | 199 | else if (strncmp(argv[i],"--",2) != 0) { |
| 203 | prog_index = i; | 200 | prog_index = i; |
| 204 | break; | 201 | break; |
| 205 | } | 202 | } |
| 206 | } | 203 | } |
| 207 | 204 | ||
| 208 | // if shell is /usr/bin/firejail, replace it with /bin/bash | ||
| 209 | // if (strcmp(cfg.shell, PATH_FIREJAIL) == 0) { | ||
| 210 | // cfg.shell = "/bin/bash"; | ||
| 211 | // prog_index = 0; | ||
| 212 | // } | ||
| 213 | |||
| 214 | if (prog_index == 0) { | 205 | if (prog_index == 0) { |
| 215 | assert(cfg.command_line == NULL); // runs cfg.shell | 206 | assert(cfg.command_line == NULL); // runs cfg.shell |
| 216 | cfg.window_title = cfg.shell; | 207 | cfg.window_title = cfg.shell; |
| @@ -218,17 +209,12 @@ void run_no_sandbox(int argc, char **argv) { | |||
| 218 | build_cmdline(&cfg.command_line, &cfg.window_title, argc, argv, prog_index); | 209 | build_cmdline(&cfg.command_line, &cfg.window_title, argc, argv, prog_index); |
| 219 | } | 210 | } |
| 220 | 211 | ||
| 212 | fwarning("an existing sandbox was detected. " | ||
| 213 | "%s will run without any additional sandboxing features\n", prog_index ? argv[prog_index] : cfg.shell); | ||
| 214 | |||
| 221 | cfg.original_argv = argv; | 215 | cfg.original_argv = argv; |
| 222 | cfg.original_program_index = prog_index; | 216 | cfg.original_program_index = prog_index; |
| 223 | 217 | ||
| 224 | char *command; | ||
| 225 | if (prog_index == 0) | ||
| 226 | command = cfg.shell; | ||
| 227 | else | ||
| 228 | command = argv[prog_index]; | ||
| 229 | fwarning("an existing sandbox was detected. " | ||
| 230 | "%s will run without any additional sandboxing features\n", command); | ||
| 231 | |||
| 232 | arg_quiet = 1; | 218 | arg_quiet = 1; |
| 233 | 219 | ||
| 234 | start_application(1, -1, NULL); | 220 | start_application(1, -1, NULL); |