diff options
author | Glenn Washburn <development@efficientek.com> | 2018-11-09 09:38:51 -0600 |
---|---|---|
committer | Glenn Washburn <development@efficientek.com> | 2018-11-09 09:38:51 -0600 |
commit | 49fef2fda9eba6e9f627feeb7af509a473920545 (patch) | |
tree | 09ee9aa16ec7eb5aafaa1f744c3d232eb74f21e6 /src | |
parent | Merge pull request #2253 from crass/fix-appimage-double-dash-handling (diff) | |
download | firejail-49fef2fda9eba6e9f627feeb7af509a473920545.tar.gz firejail-49fef2fda9eba6e9f627feeb7af509a473920545.tar.zst firejail-49fef2fda9eba6e9f627feeb7af509a473920545.zip |
Allow prefixing colon to profile argument of --profile to for a profile search, and disallow a directory to match as a profile file.
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 5 | ||||
-rw-r--r-- | src/man/firejail.txt | 2 |
2 files changed, 4 insertions, 3 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 4cb87aaa6..4eb92658c 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1495,7 +1495,8 @@ int main(int argc, char **argv) { | |||
1495 | if (!ppath) | 1495 | if (!ppath) |
1496 | errExit("strdup"); | 1496 | errExit("strdup"); |
1497 | 1497 | ||
1498 | if (access(ppath, R_OK)) { | 1498 | if (*ppath == ':' || access(ppath, R_OK) || is_dir(ppath)) { |
1499 | int has_colon = (*ppath == ':'); | ||
1499 | char *ptr = ppath; | 1500 | char *ptr = ppath; |
1500 | while (*ptr != '/' && *ptr != '.' && *ptr != '\0') | 1501 | while (*ptr != '/' && *ptr != '.' && *ptr != '\0') |
1501 | ptr++; | 1502 | ptr++; |
@@ -1508,7 +1509,7 @@ int main(int argc, char **argv) { | |||
1508 | 1509 | ||
1509 | // profile was not read in previously, try to see if | 1510 | // profile was not read in previously, try to see if |
1510 | // we were given a profile name. | 1511 | // we were given a profile name. |
1511 | if (!profile_find_firejail(ppath, 1)) { | 1512 | if (!profile_find_firejail(ppath + has_colon, 1)) { |
1512 | // do not fall through to default profile, | 1513 | // do not fall through to default profile, |
1513 | // because the user should be notified that | 1514 | // because the user should be notified that |
1514 | // given profile arg could not be used. | 1515 | // given profile arg could not be used. |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 9eb290fef..e7917737e 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -2718,7 +2718,7 @@ The owner of the sandbox. | |||
2718 | Several command line options can be passed to the program using | 2718 | Several command line options can be passed to the program using |
2719 | profile files. Firejail chooses the profile file as follows: | 2719 | profile files. Firejail chooses the profile file as follows: |
2720 | 2720 | ||
2721 | 1. If a profile file is provided by the user with --profile option, the profile file is loaded. If a profile name is given, it is searched for first in the ~/.config/firejail directory and if not found then in /etc/firejail directory. Profile names do not include the .profile suffix. | 2721 | 1. If a profile file is provided by the user with --profile=FILE option, the profile FILE is loaded. If a profile name is given, it is searched for first in the ~/.config/firejail directory and if not found then in /etc/firejail directory. Profile names do not include the .profile suffix. If there is a file with the same name as the given profile name, it will be used instead of doing the profile search. To force a profile search, prefix the profile name with a colon (:), eg. --profile=:PROFILE_NAME. |
2722 | Example: | 2722 | Example: |
2723 | .PP | 2723 | .PP |
2724 | .RS | 2724 | .RS |