private-opt, private-srv

author: netblue30 <netblue30@yahoo.com> 2016-11-30 12:59:48 -0500
committer: netblue30 <netblue30@yahoo.com> 2016-11-30 12:59:48 -0500
commit: 7c1ed2fb0525cb1f1dcb5e08bf52756b7ac863ed (patch)
tree: 2891cf9b5fc96aac148306b672075847a9841198 /src
parent: profiles (diff)
download: firejail-7c1ed2fb0525cb1f1dcb5e08bf52756b7ac863ed.tar.gz
firejail-7c1ed2fb0525cb1f1dcb5e08bf52756b7ac863ed.tar.zst
firejail-7c1ed2fb0525cb1f1dcb5e08bf52756b7ac863ed.zip
3 files changed, 39 insertions, 32 deletions
diff --git a/src/firejail/join.c b/src/firejail/join.c
index 628002d35..bcf951f33 100644
--- a/src/firejail/join.c
+++ b/src/firejail/join.c
@@ -285,12 +285,6 @@ void join(pid_t pid, int argc, char **argv, int index) {
                        seccomp_load(RUN_SECCOMP_CFG);
 #endif
-                // fix qt 4.8
-                if (setenv("QT_X11_NO_MITSHM", "1", 1) < 0)
-                        errExit("setenv");
-                if (setenv("container", "firejail", 1) < 0) // LXC sets container=lxc,
-                        errExit("setenv");
                // mount user namespace or drop privileges
                if (arg_noroot) {       // not available for uid 0
                        if (arg_debug)
@@ -307,14 +301,6 @@ void join(pid_t pid, int argc, char **argv, int index) {
                        drop_privs(arg_nogroups);       // nogroups not available for uid 0
-                // set prompt color to green
-                char *prompt = getenv("FIREJAIL_PROMPT");
-                if (prompt && strcmp(prompt, "yes") == 0) {
-                        //export PS1='\[\e[1;32m\][\u@\h \W]\$\[\e[0m\] '
-                        if (setenv("PROMPT_COMMAND", "export PS1=\"\\[\\e[1;32m\\][\\u@\\h \\W]\\$\\[\\e[0m\\] \"", 1) < 0)
-                                errExit("setenv");
-                }
-                
                // set nice
                if (arg_nice) {
                        errno = 0;
@@ -326,24 +312,9 @@ void join(pid_t pid, int argc, char **argv, int index) {
                        }
                }
-                // run cmdline trough shell
+                env_defaults();
                if (cfg.command_line == NULL) {
-                        // if the sandbox was started with --shell=none, it is possible we don't have a shell
+                        assert(cfg.shell);
-                        // inside the sandbox
-                        if (cfg.shell == NULL) {
-                                cfg.shell = guess_shell();
-                                if (!cfg.shell) {
-                                        fprintf(stderr, "Error: no POSIX shell found, please use --shell command line option\n");
-                                        exit(1);
-                                }
-                        }
-                                
-                        struct stat s;
-                        if (stat(cfg.shell, &s) == -1)  {
-                                fprintf(stderr, "Error: %s shell not found inside the sandbox\n", cfg.shell);
-                                exit(1);
-                        }
                        cfg.command_line = cfg.shell;
                        cfg.window_title = cfg.shell;
                }
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index d6113218c..007374c75 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -181,7 +181,7 @@ closed.
 \fBprivate directory
 Use directory as user home.
 .TP
-\f\private-home file,directory
+\fBprivate-home file,directory
 Build a new user home in a temporary
 filesystem, and copy the files and directories in the list in the
 new home. All modifications are discarded when the sandbox is
@@ -199,6 +199,16 @@ Build a new /etc in a temporary
 filesystem, and copy the files and directories in the list.
 All modifications are discarded when the sandbox is closed.
 .TP
+\fBprivate-opt file,directory
+Build a new /optin a temporary
+filesystem, and copy the files and directories in the list.
+All modifications are discarded when the sandbox is closed.
+.TP
+\fBprivate-srv file,directory
+Build a new /srv in a temporary
+filesystem, and copy the files and directories in the list.
+All modifications are discarded when the sandbox is closed.
+.TP
 \fBprivate-tmp
 Mount an empty temporary filesystem on top of /tmp directory whitelisting /tmp/.X11-unix.
 .TP
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 8441f25d5..450f30c68 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1179,6 +1179,32 @@ $ firejail --private-etc=group,hostname,localtime, \\
 nsswitch.conf,passwd,resolv.conf
 .TP
+\fB\-\-private-opt=file,directory
+Build a new /opt in a temporary
+filesystem, and copy the files and directories in the list.
+If no listed file is found, /opt directory will be empty.
+All modifications are discarded when the sandbox is closed. 
+.br
+.br
+Example:
+.br
+$ firejail --private-opt=firefox /opt/firefox/firefox
+.TP
+\fB\-\-private-srv=file,directory
+Build a new /srv in a temporary
+filesystem, and copy the files and directories in the list.
+If no listed file is found, /srv directory will be empty.
+All modifications are discarded when the sandbox is closed. 
+.br
+.br
+Example:
+.br
+# firejail --private-srv=www /etc/init.d/apache2 start
+.TP
 \fB\-\-private-tmp
 Mount an empty temporary filesystem on top of /tmp directory whitelisting /tmp/.X11-unix.
 .br
author	netblue30 <netblue30@yahoo.com>	2016-11-30 12:59:48 -0500
committer	netblue30 <netblue30@yahoo.com>	2016-11-30 12:59:48 -0500
commit	7c1ed2fb0525cb1f1dcb5e08bf52756b7ac863ed (patch)
tree	2891cf9b5fc96aac148306b672075847a9841198 /src
parent	profiles (diff)
download	firejail-7c1ed2fb0525cb1f1dcb5e08bf52756b7ac863ed.tar.gz firejail-7c1ed2fb0525cb1f1dcb5e08bf52756b7ac863ed.tar.zst firejail-7c1ed2fb0525cb1f1dcb5e08bf52756b7ac863ed.zip