diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-10-01 16:38:07 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-10-01 16:38:07 -0400 |
| commit | 2cfa7e461bdfd351ca510a389aedb46d5e69c4c5 (patch) | |
| tree | 4bd021d2833edee40606ee0c71aca3cfe97ecd7a /src | |
| parent | moved libx11 to libconnect (diff) | |
| download | firejail-2cfa7e461bdfd351ca510a389aedb46d5e69c4c5.tar.gz firejail-2cfa7e461bdfd351ca510a389aedb46d5e69c4c5.tar.zst firejail-2cfa7e461bdfd351ca510a389aedb46d5e69c4c5.zip | |
dropping requirement for network namespace when using --x11
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/fs.c | 2 | ||||
| -rw-r--r-- | src/firejail/main.c | 4 | ||||
| -rw-r--r-- | src/firejail/profile.c | 12 |
3 files changed, 15 insertions, 3 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 3dbfe3909..b40f8a3fa 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
| @@ -1143,6 +1143,7 @@ int fs_check_chroot_dir(const char *rootdir) { | |||
| 1143 | 1143 | ||
| 1144 | // check x11 socket directory | 1144 | // check x11 socket directory |
| 1145 | if (getenv("FIREJAIL_X11")) { | 1145 | if (getenv("FIREJAIL_X11")) { |
| 1146 | mask_x11_abstract_socket = 1; | ||
| 1146 | char *name; | 1147 | char *name; |
| 1147 | if (asprintf(&name, "%s/tmp/.X11-unix", rootdir) == -1) | 1148 | if (asprintf(&name, "%s/tmp/.X11-unix", rootdir) == -1) |
| 1148 | errExit("asprintf"); | 1149 | errExit("asprintf"); |
| @@ -1173,6 +1174,7 @@ void fs_chroot(const char *rootdir) { | |||
| 1173 | 1174 | ||
| 1174 | // x11 | 1175 | // x11 |
| 1175 | if (getenv("FIREJAIL_X11")) { | 1176 | if (getenv("FIREJAIL_X11")) { |
| 1177 | mask_x11_abstract_socket = 1; | ||
| 1176 | char *newx11; | 1178 | char *newx11; |
| 1177 | if (asprintf(&newx11, "%s/tmp/.X11-unix", rootdir) == -1) | 1179 | if (asprintf(&newx11, "%s/tmp/.X11-unix", rootdir) == -1) |
| 1178 | errExit("asprintf"); | 1180 | errExit("asprintf"); |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 8576c9ee4..91ea523ab 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -2266,6 +2266,10 @@ int main(int argc, char **argv) { | |||
| 2266 | fprintf(stderr, "Warning: --trace and --tracelog are mutually exclusive; --tracelog disabled\n"); | 2266 | fprintf(stderr, "Warning: --trace and --tracelog are mutually exclusive; --tracelog disabled\n"); |
| 2267 | } | 2267 | } |
| 2268 | 2268 | ||
| 2269 | // disable x11 abstract socket | ||
| 2270 | if (getenv("FIREJAIL_X11")) | ||
| 2271 | mask_x11_abstract_socket = 1; | ||
| 2272 | |||
| 2269 | // check user namespace (--noroot) options | 2273 | // check user namespace (--noroot) options |
| 2270 | if (arg_noroot) { | 2274 | if (arg_noroot) { |
| 2271 | if (arg_overlay) { | 2275 | if (arg_overlay) { |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 079324f14..faf6c49b6 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -667,8 +667,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
| 667 | #ifdef HAVE_X11 | 667 | #ifdef HAVE_X11 |
| 668 | if (checkcfg(CFG_X11)) { | 668 | if (checkcfg(CFG_X11)) { |
| 669 | char *x11env = getenv("FIREJAIL_X11"); | 669 | char *x11env = getenv("FIREJAIL_X11"); |
| 670 | if (x11env && strcmp(x11env, "yes") == 0) | 670 | if (x11env && strcmp(x11env, "yes") == 0) { |
| 671 | mask_x11_abstract_socket = 1; | ||
| 671 | return 0; | 672 | return 0; |
| 673 | } | ||
| 672 | else { | 674 | else { |
| 673 | // start x11 | 675 | // start x11 |
| 674 | x11_start_xephyr(cfg.original_argc, cfg.original_argv); | 676 | x11_start_xephyr(cfg.original_argc, cfg.original_argv); |
| @@ -683,8 +685,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
| 683 | #ifdef HAVE_X11 | 685 | #ifdef HAVE_X11 |
| 684 | if (checkcfg(CFG_X11)) { | 686 | if (checkcfg(CFG_X11)) { |
| 685 | char *x11env = getenv("FIREJAIL_X11"); | 687 | char *x11env = getenv("FIREJAIL_X11"); |
| 686 | if (x11env && strcmp(x11env, "yes") == 0) | 688 | if (x11env && strcmp(x11env, "yes") == 0) { |
| 689 | mask_x11_abstract_socket = 1; | ||
| 687 | return 0; | 690 | return 0; |
| 691 | } | ||
| 688 | else { | 692 | else { |
| 689 | // start x11 | 693 | // start x11 |
| 690 | x11_start_xpra(cfg.original_argc, cfg.original_argv); | 694 | x11_start_xpra(cfg.original_argc, cfg.original_argv); |
| @@ -699,8 +703,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
| 699 | #ifdef HAVE_X11 | 703 | #ifdef HAVE_X11 |
| 700 | if (checkcfg(CFG_X11)) { | 704 | if (checkcfg(CFG_X11)) { |
| 701 | char *x11env = getenv("FIREJAIL_X11"); | 705 | char *x11env = getenv("FIREJAIL_X11"); |
| 702 | if (x11env && strcmp(x11env, "yes") == 0) | 706 | if (x11env && strcmp(x11env, "yes") == 0) { |
| 707 | mask_x11_abstract_socket = 1; | ||
| 703 | return 0; | 708 | return 0; |
| 709 | } | ||
| 704 | else { | 710 | else { |
| 705 | // start x11 | 711 | // start x11 |
| 706 | x11_start(cfg.original_argc, cfg.original_argv); | 712 | x11_start(cfg.original_argc, cfg.original_argv); |