diff options
| author |  netblue30 <netblue30@yahoo.com> | 2015-12-17 12:35:15 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2015-12-17 12:35:15 -0500 |
| commit | 811af13d5120e85d1e0cb2cbc9ea0b60c0350af7 (patch) | |
| tree | fc929d93a2852c18e20bcc938e5cdebef1f1af71 /src | |
| parent | testing (diff) | |
| download | firejail-811af13d5120e85d1e0cb2cbc9ea0b60c0350af7.tar.gz firejail-811af13d5120e85d1e0cb2cbc9ea0b60c0350af7.tar.zst firejail-811af13d5120e85d1e0cb2cbc9ea0b60c0350af7.zip | |
added --force option
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/main.c | 21 | ||||
| -rw-r--r-- | src/man/firejail.txt | 7 |
2 files changed, 24 insertions, 4 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index a9ccfc9cc..3a06ec0f1 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -425,10 +425,21 @@ int main(int argc, char **argv) { | |||
| 425 | // check if we already have a sandbox running | 425 | // check if we already have a sandbox running |
| 426 | int rv = check_kernel_procs(); | 426 | int rv = check_kernel_procs(); |
| 427 | if (rv == 0) { | 427 | if (rv == 0) { |
| 428 | // start the program directly without sandboxing | 428 | // if --force option is passed to the program, disregard the existing sandbox |
| 429 | run_no_sandbox(argc, argv); | 429 | int found = 0; |
| 430 | // it will never get here! | 430 | for (i = 1; i < argc; i++) { |
| 431 | assert(0); | 431 | if (strcmp(argv[i], "--force") == 0) { |
| 432 | found = 1; | ||
| 433 | break; | ||
| 434 | } | ||
| 435 | } | ||
| 436 | |||
| 437 | if (found == 0) { | ||
| 438 | // start the program directly without sandboxing | ||
| 439 | run_no_sandbox(argc, argv); | ||
| 440 | // it will never get here! | ||
| 441 | assert(0); | ||
| 442 | } | ||
| 432 | } | 443 | } |
| 433 | 444 | ||
| 434 | // initialize globals | 445 | // initialize globals |
| @@ -478,6 +489,8 @@ int main(int argc, char **argv) { | |||
| 478 | arg_debug_whitelists = 1; | 489 | arg_debug_whitelists = 1; |
| 479 | else if (strcmp(argv[i], "--quiet") == 0) | 490 | else if (strcmp(argv[i], "--quiet") == 0) |
| 480 | arg_quiet = 1; | 491 | arg_quiet = 1; |
| 492 | else if (strcmp(argv[i], "--force") == 0) | ||
| 493 | ; | ||
| 481 | 494 | ||
| 482 | //************************************* | 495 | //************************************* |
| 483 | // filtering | 496 | // filtering |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index cd36bead6..eed87c574 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
| @@ -368,6 +368,13 @@ Example: | |||
| 368 | $ firejail \-\-env=LD_LIBRARY_PATH=/opt/test/lib | 368 | $ firejail \-\-env=LD_LIBRARY_PATH=/opt/test/lib |
| 369 | 369 | ||
| 370 | .TP | 370 | .TP |
| 371 | \fB\-\-force | ||
| 372 | By default, if Firejail is started in an existing sandbox, it will run the program in a bash shell. | ||
| 373 | This option disables this behavior, and attempts to start Firejail in the existing sandbox. | ||
| 374 | There could be lots of reasons for it to fail, for example if the existing sandbox disables | ||
| 375 | admin capabilities, SUID binaries, or if it runs seccomp. | ||
| 376 | |||
| 377 | .TP | ||
| 371 | \fB\-\-fs.print=name | 378 | \fB\-\-fs.print=name |
| 372 | Print the filesystem log for the sandbox identified by name. | 379 | Print the filesystem log for the sandbox identified by name. |
| 373 | .br | 380 | .br |