diff options
author | netblue30 <netblue30@yahoo.com> | 2020-10-01 11:10:24 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2020-10-01 11:10:24 -0400 |
commit | f1478ee98c4b27854be9758b68418d5908e836db (patch) | |
tree | 42fbbbaea098a47660248701f836b64a3b120f8d /src | |
parent | document private-bin and private-lib disabled by default when running appimag... (diff) | |
download | firejail-f1478ee98c4b27854be9758b68418d5908e836db.tar.gz firejail-f1478ee98c4b27854be9758b68418d5908e836db.tar.zst firejail-f1478ee98c4b27854be9758b68418d5908e836db.zip |
don't execute include disable-shell.inc for appimages (#3530)
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 5 | ||||
-rw-r--r-- | src/firejail/profile.c | 14 |
2 files changed, 18 insertions, 1 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index da842e17b..5cc2d4123 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1047,6 +1047,11 @@ int main(int argc, char **argv, char **envp) { | |||
1047 | EUID_USER(); | 1047 | EUID_USER(); |
1048 | 1048 | ||
1049 | 1049 | ||
1050 | // for appimages we need to remove "include disable-shell.inc from the profile | ||
1051 | // a --profile command can show up before --appimage | ||
1052 | if (check_arg(argc, argv, "--appimage", 1)) | ||
1053 | arg_appimage = 1; | ||
1054 | |||
1050 | // process allow-debuggers | 1055 | // process allow-debuggers |
1051 | if (check_arg(argc, argv, "--allow-debuggers", 1)) { | 1056 | if (check_arg(argc, argv, "--allow-debuggers", 1)) { |
1052 | // check kernel version | 1057 | // check kernel version |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index e010d968d..ea8dfbbe0 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -1611,6 +1611,7 @@ void profile_add(char *str) { | |||
1611 | // read a profile file | 1611 | // read a profile file |
1612 | static int include_level = 0; | 1612 | static int include_level = 0; |
1613 | void profile_read(const char *fname) { | 1613 | void profile_read(const char *fname) { |
1614 | printf("fname #%s#\n", fname); | ||
1614 | EUID_ASSERT(); | 1615 | EUID_ASSERT(); |
1615 | 1616 | ||
1616 | // exit program if maximum include level was reached | 1617 | // exit program if maximum include level was reached |
@@ -1636,7 +1637,7 @@ void profile_read(const char *fname) { | |||
1636 | exit(1); | 1637 | exit(1); |
1637 | } | 1638 | } |
1638 | 1639 | ||
1639 | // allow debuggers | 1640 | // --allow-debuggers - skip disable-devel.inc file |
1640 | if (arg_allow_debuggers) { | 1641 | if (arg_allow_debuggers) { |
1641 | char *tmp = strrchr(fname, '/'); | 1642 | char *tmp = strrchr(fname, '/'); |
1642 | if (tmp && *(tmp + 1) != '\0') { | 1643 | if (tmp && *(tmp + 1) != '\0') { |
@@ -1645,6 +1646,17 @@ void profile_read(const char *fname) { | |||
1645 | return; | 1646 | return; |
1646 | } | 1647 | } |
1647 | } | 1648 | } |
1649 | // --appimage - skip disable-shell.inc file | ||
1650 | if (arg_appimage) { | ||
1651 | printf("here %d\n", __LINE__); | ||
1652 | char *tmp = strrchr(fname, '/'); | ||
1653 | if (tmp && *(tmp + 1) != '\0') { | ||
1654 | tmp++; | ||
1655 | if (strcmp(tmp, "disable-shell.inc") == 0) | ||
1656 | return; | ||
1657 | } | ||
1658 | } | ||
1659 | printf("here %d\n", __LINE__); | ||
1648 | 1660 | ||
1649 | // open profile file: | 1661 | // open profile file: |
1650 | FILE *fp = fopen(fname, "r"); | 1662 | FILE *fp = fopen(fname, "r"); |