diff options
| author |  netblue30 <netblue30@protonmail.com> | 2021-07-04 08:21:06 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@protonmail.com> | 2021-07-04 08:21:06 -0400 |
| commit | c32924b825a4225d4924222c0584087c0270a670 (patch) | |
| tree | 2298835f1c8c79d1fa416af9d227c3ff309382bd /src | |
| parent | allow/deny help and man pages (diff) | |
| download | firejail-c32924b825a4225d4924222c0584087c0270a670.tar.gz firejail-c32924b825a4225d4924222c0584087c0270a670.tar.zst firejail-c32924b825a4225d4924222c0584087c0270a670.zip | |
deprecated whitelist=yes/no in /etc/firejail/firejail.config
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/checkcfg.c | 1 | ||||
| -rw-r--r-- | src/firejail/firejail.h | 1 | ||||
| -rw-r--r-- | src/firejail/main.c | 28 | ||||
| -rw-r--r-- | src/firejail/profile.c | 14 |
4 files changed, 12 insertions, 32 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 501804cbb..06e6f0ccb 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
| @@ -106,7 +106,6 @@ int checkcfg(int val) { | |||
| 106 | PARSE_YESNO(CFG_FIREJAIL_PROMPT, "firejail-prompt") | 106 | PARSE_YESNO(CFG_FIREJAIL_PROMPT, "firejail-prompt") |
| 107 | PARSE_YESNO(CFG_FORCE_NONEWPRIVS, "force-nonewprivs") | 107 | PARSE_YESNO(CFG_FORCE_NONEWPRIVS, "force-nonewprivs") |
| 108 | PARSE_YESNO(CFG_SECCOMP, "seccomp") | 108 | PARSE_YESNO(CFG_SECCOMP, "seccomp") |
| 109 | PARSE_YESNO(CFG_WHITELIST, "whitelist") | ||
| 110 | PARSE_YESNO(CFG_NETWORK, "network") | 109 | PARSE_YESNO(CFG_NETWORK, "network") |
| 111 | PARSE_YESNO(CFG_RESTRICTED_NETWORK, "restricted-network") | 110 | PARSE_YESNO(CFG_RESTRICTED_NETWORK, "restricted-network") |
| 112 | PARSE_YESNO(CFG_XEPHYR_WINDOW_TITLE, "xephyr-window-title") | 111 | PARSE_YESNO(CFG_XEPHYR_WINDOW_TITLE, "xephyr-window-title") |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 9971d30b6..6c9d70c0b 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
| @@ -776,7 +776,6 @@ enum { | |||
| 776 | CFG_NETWORK, | 776 | CFG_NETWORK, |
| 777 | CFG_RESTRICTED_NETWORK, | 777 | CFG_RESTRICTED_NETWORK, |
| 778 | CFG_FORCE_NONEWPRIVS, | 778 | CFG_FORCE_NONEWPRIVS, |
| 779 | CFG_WHITELIST, | ||
| 780 | CFG_XEPHYR_WINDOW_TITLE, | 779 | CFG_XEPHYR_WINDOW_TITLE, |
| 781 | CFG_OVERLAYFS, | 780 | CFG_OVERLAYFS, |
| 782 | CFG_PRIVATE_BIN, | 781 | CFG_PRIVATE_BIN, |
diff --git a/src/firejail/main.c b/src/firejail/main.c index b97b1f6ad..f64994e02 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -1602,28 +1602,20 @@ int main(int argc, char **argv, char **envp) { | |||
| 1602 | 1602 | ||
| 1603 | // whitelist | 1603 | // whitelist |
| 1604 | else if (strncmp(argv[i], "--whitelist=", 12) == 0) { | 1604 | else if (strncmp(argv[i], "--whitelist=", 12) == 0) { |
| 1605 | if (checkcfg(CFG_WHITELIST)) { | 1605 | char *line; |
| 1606 | char *line; | 1606 | if (asprintf(&line, "whitelist %s", argv[i] + 12) == -1) |
| 1607 | if (asprintf(&line, "whitelist %s", argv[i] + 12) == -1) | 1607 | errExit("asprintf"); |
| 1608 | errExit("asprintf"); | ||
| 1609 | 1608 | ||
| 1610 | profile_check_line(line, 0, NULL); // will exit if something wrong | 1609 | profile_check_line(line, 0, NULL); // will exit if something wrong |
| 1611 | profile_add(line); | 1610 | profile_add(line); |
| 1612 | } | ||
| 1613 | else | ||
| 1614 | exit_err_feature("whitelist"); | ||
| 1615 | } | 1611 | } |
| 1616 | else if (strncmp(argv[i], "--allow=", 8) == 0) { | 1612 | else if (strncmp(argv[i], "--allow=", 8) == 0) { |
| 1617 | if (checkcfg(CFG_WHITELIST)) { | 1613 | char *line; |
| 1618 | char *line; | 1614 | if (asprintf(&line, "whitelist %s", argv[i] + 8) == -1) |
| 1619 | if (asprintf(&line, "whitelist %s", argv[i] + 8) == -1) | 1615 | errExit("asprintf"); |
| 1620 | errExit("asprintf"); | ||
| 1621 | 1616 | ||
| 1622 | profile_check_line(line, 0, NULL); // will exit if something wrong | 1617 | profile_check_line(line, 0, NULL); // will exit if something wrong |
| 1623 | profile_add(line); | 1618 | profile_add(line); |
| 1624 | } | ||
| 1625 | else | ||
| 1626 | exit_err_feature("whitelist"); | ||
| 1627 | } | 1619 | } |
| 1628 | else if (strncmp(argv[i], "--nowhitelist=", 14) == 0) { | 1620 | else if (strncmp(argv[i], "--nowhitelist=", 14) == 0) { |
| 1629 | char *line; | 1621 | char *line; |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 430187809..29bb5fbac 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -1589,18 +1589,8 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
| 1589 | else if (strncmp(ptr, "noblacklist ", 12) == 0) | 1589 | else if (strncmp(ptr, "noblacklist ", 12) == 0) |
| 1590 | ptr += 12; | 1590 | ptr += 12; |
| 1591 | else if (strncmp(ptr, "whitelist ", 10) == 0) { | 1591 | else if (strncmp(ptr, "whitelist ", 10) == 0) { |
| 1592 | if (checkcfg(CFG_WHITELIST)) { | 1592 | arg_whitelist = 1; |
| 1593 | arg_whitelist = 1; | 1593 | ptr += 10; |
| 1594 | ptr += 10; | ||
| 1595 | } | ||
| 1596 | else { | ||
| 1597 | static int whitelist_warning_printed = 0; | ||
| 1598 | if (!whitelist_warning_printed) { | ||
| 1599 | warning_feature_disabled("whitelist"); | ||
| 1600 | whitelist_warning_printed = 1; | ||
| 1601 | } | ||
| 1602 | return 0; | ||
| 1603 | } | ||
| 1604 | } | 1594 | } |
| 1605 | else if (strncmp(ptr, "nowhitelist ", 12) == 0) | 1595 | else if (strncmp(ptr, "nowhitelist ", 12) == 0) |
| 1606 | ptr += 12; | 1596 | ptr += 12; |