Merge branch 'master' of https://github.com/netblue30/firejail

author: smitsohu <smitsohu@gmail.com> 2019-06-28 15:59:33 +0200
committer: smitsohu <smitsohu@gmail.com> 2019-06-28 15:59:33 +0200
commit: 9ed832429026b7814802da9d389e19051907c925 (patch)
tree: 0d2af7c0b8536d27462db766ed70c5f742b153d6 /src
parent: simplify octal esc conversion, minor adjustments (diff)
parent: Add fonts to private-etc in udiskie profile (diff)
download: firejail-9ed832429026b7814802da9d389e19051907c925.tar.gz
firejail-9ed832429026b7814802da9d389e19051907c925.tar.zst
firejail-9ed832429026b7814802da9d389e19051907c925.zip
5 files changed, 29 insertions, 6 deletions
diff --git a/src/common.mk.in b/src/common.mk.in
index b9af977ae..1b6ad91a5 100644
--- a/src/common.mk.in
+++ b/src/common.mk.in
@@ -20,6 +20,7 @@ HAVE_WHITELIST=@HAVE_WHITELIST@
 HAVE_GLOBALCFG=@HAVE_GLOBALCFG@
 HAVE_APPARMOR=@HAVE_APPARMOR@
 HAVE_OVERLAYFS=@HAVE_OVERLAYFS@
+HAVE_FIRETUNNEL=@HAVE_FIRETUNNEL@
 HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@
 HAVE_GCOV=@HAVE_GCOV@
@@ -28,7 +29,7 @@ C_FILE_LIST       = $(sort $(wildcard *.c))
 OBJS = $(C_FILE_LIST:.c=.o)
 BINOBJS =  $(foreach file, $(OBJS), $file)
-CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"'  $(HAVE_GCOV) -DPREFIX='"$(prefix)"'  -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security
+CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"'  $(HAVE_GCOV) -DPREFIX='"$(prefix)"'  -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_FIRETUNNEL) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security
 LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread
 EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@
 EXTRA_CFLAGS +=@EXTRA_CFLAGS@
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index b4efa3add..10293cb8f 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -20,6 +20,7 @@ Maelstrom
 Maps
 Mathematica
 Natron
+PPSSPPQt
 QMediathekView
 QOwnNotes
 Telegram
@@ -288,6 +289,7 @@ iridium
 iridium-browser
 jd-gui
 jdownloader
+jerry
 jitsi
 k3b
 kaffeine
@@ -402,6 +404,7 @@ netactview
 nethack
 netsurf
 neverball
+neverputt
 newsbeuter
 newsboat
 nheko
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index 7ca72bf30..b11d795a9 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -278,6 +278,14 @@ void print_compiletime_support(void) {
 #endif
                );
+        printf("\t- firetunnel support is %s\n",
+#ifdef HAVE_FIRETUNNEL
+                "enabled"
+#else
+                "disabled"
+#endif
+                );
        printf("\t- networking support is %s\n",
 #ifdef HAVE_NETWORK
                "enabled"
diff --git a/src/firejail/main.c b/src/firejail/main.c
index c50ed4dc4..2403cafa1 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1498,6 +1498,7 @@ int main(int argc, char **argv) {
                                exit_err_feature("overlayfs");
                }
 #endif
+#ifdef HAVE_FIRETUNNEL
                else if (strcmp(argv[i], "--tunnel") == 0) {
                        // try to connect to the default client side of the tunnel
                        // if this fails, try the default server side of the tunnel
@@ -1523,7 +1524,7 @@ int main(int argc, char **argv) {
                                exit(1);
                        }
                }
+#endif
                else if (strncmp(argv[i], "--profile=", 10) == 0) {
                        // multiple profile files are allowed!
diff --git a/src/firejail/x11.c b/src/firejail/x11.c
index 69a9a7bee..3beef3986 100644
--- a/src/firejail/x11.c
+++ b/src/firejail/x11.c
@@ -310,7 +310,7 @@ void x11_start_xvfb(int argc, char **argv) {
        if (arg_debug) {
                size_t i = 0;
-                printf("\n*** Stating xvfb client:");
+                printf("\n*** Starting xvfb client:");
                while (jail_argv[i]!=NULL) {
                        printf(" \"%s\"", jail_argv[i]);
                        i++;
@@ -838,7 +838,7 @@ void x11_start_xpra_old(int argc, char **argv, int display, char *display_str) {
                        if (arg_debug) {
                                if (n == 10)
-                                        printf("failed to stop xpra server gratefully\n");
+                                        printf("failed to stop xpra server gracefully\n");
                                else
                                        printf("xpra server successfully stopped in %d secs\n", n);
                        }
@@ -1023,6 +1023,7 @@ void x11_start_xpra(int argc, char **argv) {
        if (!program_in_path("xpra")) {
                fprintf(stderr, "\nError: Xpra program was not found in /usr/bin directory, please install it:\n");
                fprintf(stderr, "   Debian/Ubuntu/Mint: sudo apt-get install xpra\n");
+                fprintf(stderr, "   Arch: sudo pacman -S xpra\n");
                exit(0);
        }
@@ -1056,6 +1057,8 @@ void x11_start(int argc, char **argv) {
                fprintf(stderr, "\nError: Xpra or Xephyr not found in /usr/bin directory, please install one of them:\n");
                fprintf(stderr, "   Debian/Ubuntu/Mint: sudo apt-get install xpra\n");
                fprintf(stderr, "   Debian/Ubuntu/Mint: sudo apt-get install xserver-xephyr\n");
+                fprintf(stderr, "   Arch: sudo pacman -S xpra\n");
+                fprintf(stderr, "   Arch: sudo pacman -S xorg-server-xephyr\n");
                exit(0);
        }
 }
@@ -1087,7 +1090,8 @@ void x11_xorg(void) {
        struct stat s;
        if (stat("/usr/bin/xauth", &s) == -1) {
                fprintf(stderr, "Error: xauth utility not found in /usr/bin. Please install it:\n"
-                        "   Debian/Ubuntu/Mint: sudo apt-get install xauth\n");
+                        "   Debian/Ubuntu/Mint: sudo apt-get install xauth\n"
+                        "   Arch: sudo pacman -S xorg-xauth\n");
                exit(1);
        }
        if (s.st_uid != 0 && s.st_gid != 0) {
@@ -1128,8 +1132,14 @@ void x11_xorg(void) {
 #ifdef HAVE_GCOV
                __gcov_flush();
 #endif
-                execlp("/usr/bin/xauth", "/usr/bin/xauth", "-v", "-f", tmpfname,
+                if (arg_debug) {
+                        execlp("/usr/bin/xauth", "/usr/bin/xauth", "-v", "-f", tmpfname,
                        "generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL);
+                }
+                else {
+                        execlp("/usr/bin/xauth", "/usr/bin/xauth", "-f", tmpfname,
+                        "generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL);
+                }
                _exit(127);
        }
author	smitsohu <smitsohu@gmail.com>	2019-06-28 15:59:33 +0200
committer	smitsohu <smitsohu@gmail.com>	2019-06-28 15:59:33 +0200
commit	9ed832429026b7814802da9d389e19051907c925 (patch)
tree	0d2af7c0b8536d27462db766ed70c5f742b153d6 /src
parent	simplify octal esc conversion, minor adjustments (diff)
parent	Add fonts to private-etc in udiskie profile (diff)
download	firejail-9ed832429026b7814802da9d389e19051907c925.tar.gz firejail-9ed832429026b7814802da9d389e19051907c925.tar.zst firejail-9ed832429026b7814802da9d389e19051907c925.zip

diff --git a/src/common.mk.in b/src/common.mk.in index b9af977ae..1b6ad91a5 100644 --- a/src/common.mk.in +++ b/src/common.mk.in
@@ -20,6 +20,7 @@ HAVE_WHITELIST=@HAVE_WHITELIST@
20	HAVE_GLOBALCFG=@HAVE_GLOBALCFG@	20	HAVE_GLOBALCFG=@HAVE_GLOBALCFG@
21	HAVE_APPARMOR=@HAVE_APPARMOR@	21	HAVE_APPARMOR=@HAVE_APPARMOR@
22	HAVE_OVERLAYFS=@HAVE_OVERLAYFS@	22	HAVE_OVERLAYFS=@HAVE_OVERLAYFS@
		23	HAVE_FIRETUNNEL=@HAVE_FIRETUNNEL@
23	HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@	24	HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@
24	HAVE_GCOV=@HAVE_GCOV@	25	HAVE_GCOV=@HAVE_GCOV@
25		26
@@ -28,7 +29,7 @@ C_FILE_LIST = $(sort $(wildcard *.c))
28	OBJS = $(C_FILE_LIST:.c=.o)	29	OBJS = $(C_FILE_LIST:.c=.o)
29	BINOBJS = $(foreach file, $(OBJS), $file)	30	BINOBJS = $(foreach file, $(OBJS), $file)
30		31
31	CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security	32	CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_FIRETUNNEL) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security
32	LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread	33	LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread
33	EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@	34	EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@
34	EXTRA_CFLAGS +=@EXTRA_CFLAGS@	35	EXTRA_CFLAGS +=@EXTRA_CFLAGS@


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index b4efa3add..10293cb8f 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -20,6 +20,7 @@ Maelstrom
20	Maps	20	Maps
21	Mathematica	21	Mathematica
22	Natron	22	Natron
		23	PPSSPPQt
23	QMediathekView	24	QMediathekView
24	QOwnNotes	25	QOwnNotes
25	Telegram	26	Telegram
@@ -288,6 +289,7 @@ iridium
288	iridium-browser	289	iridium-browser
289	jd-gui	290	jd-gui
290	jdownloader	291	jdownloader
		292	jerry
291	jitsi	293	jitsi
292	k3b	294	k3b
293	kaffeine	295	kaffeine
@@ -402,6 +404,7 @@ netactview
402	nethack	404	nethack
403	netsurf	405	netsurf
404	neverball	406	neverball
		407	neverputt
405	newsbeuter	408	newsbeuter
406	newsboat	409	newsboat
407	nheko	410	nheko


diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 7ca72bf30..b11d795a9 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c
@@ -278,6 +278,14 @@ void print_compiletime_support(void) {
278	#endif	278	#endif
279	);	279	);
280		280
		281	printf("\t- firetunnel support is %s\n",
		282	#ifdef HAVE_FIRETUNNEL
		283	"enabled"
		284	#else
		285	"disabled"
		286	#endif
		287	);
		288
281	printf("\t- networking support is %s\n",	289	printf("\t- networking support is %s\n",
282	#ifdef HAVE_NETWORK	290	#ifdef HAVE_NETWORK
283	"enabled"	291	"enabled"


diff --git a/src/firejail/main.c b/src/firejail/main.c index c50ed4dc4..2403cafa1 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -1498,6 +1498,7 @@ int main(int argc, char **argv) {
1498	exit_err_feature("overlayfs");	1498	exit_err_feature("overlayfs");
1499	}	1499	}
1500	#endif	1500	#endif
		1501	#ifdef HAVE_FIRETUNNEL
1501	else if (strcmp(argv[i], "--tunnel") == 0) {	1502	else if (strcmp(argv[i], "--tunnel") == 0) {
1502	// try to connect to the default client side of the tunnel	1503	// try to connect to the default client side of the tunnel
1503	// if this fails, try the default server side of the tunnel	1504	// if this fails, try the default server side of the tunnel
@@ -1523,7 +1524,7 @@ int main(int argc, char **argv) {
1523	exit(1);	1524	exit(1);
1524	}	1525	}
1525	}	1526	}
1526		1527	#endif
1527	else if (strncmp(argv[i], "--profile=", 10) == 0) {	1528	else if (strncmp(argv[i], "--profile=", 10) == 0) {
1528	// multiple profile files are allowed!	1529	// multiple profile files are allowed!
1529		1530


diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 69a9a7bee..3beef3986 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c
@@ -310,7 +310,7 @@ void x11_start_xvfb(int argc, char **argv) {
310		310
311	if (arg_debug) {	311	if (arg_debug) {
312	size_t i = 0;	312	size_t i = 0;
313	printf("\n*** Stating xvfb client:");	313	printf("\n*** Starting xvfb client:");
314	while (jail_argv[i]!=NULL) {	314	while (jail_argv[i]!=NULL) {
315	printf(" \"%s\"", jail_argv[i]);	315	printf(" \"%s\"", jail_argv[i]);
316	i++;	316	i++;
@@ -838,7 +838,7 @@ void x11_start_xpra_old(int argc, char *argv, int display, char display_str) {
838		838
839	if (arg_debug) {	839	if (arg_debug) {
840	if (n == 10)	840	if (n == 10)
841	printf("failed to stop xpra server gratefully\n");	841	printf("failed to stop xpra server gracefully\n");
842	else	842	else
843	printf("xpra server successfully stopped in %d secs\n", n);	843	printf("xpra server successfully stopped in %d secs\n", n);
844	}	844	}
@@ -1023,6 +1023,7 @@ void x11_start_xpra(int argc, char **argv) {
1023	if (!program_in_path("xpra")) {	1023	if (!program_in_path("xpra")) {
1024	fprintf(stderr, "\nError: Xpra program was not found in /usr/bin directory, please install it:\n");	1024	fprintf(stderr, "\nError: Xpra program was not found in /usr/bin directory, please install it:\n");
1025	fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xpra\n");	1025	fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xpra\n");
		1026	fprintf(stderr, " Arch: sudo pacman -S xpra\n");
1026	exit(0);	1027	exit(0);
1027	}	1028	}
1028		1029
@@ -1056,6 +1057,8 @@ void x11_start(int argc, char **argv) {
1056	fprintf(stderr, "\nError: Xpra or Xephyr not found in /usr/bin directory, please install one of them:\n");	1057	fprintf(stderr, "\nError: Xpra or Xephyr not found in /usr/bin directory, please install one of them:\n");
1057	fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xpra\n");	1058	fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xpra\n");
1058	fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xserver-xephyr\n");	1059	fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xserver-xephyr\n");
		1060	fprintf(stderr, " Arch: sudo pacman -S xpra\n");
		1061	fprintf(stderr, " Arch: sudo pacman -S xorg-server-xephyr\n");
1059	exit(0);	1062	exit(0);
1060	}	1063	}
1061	}	1064	}
@@ -1087,7 +1090,8 @@ void x11_xorg(void) {
1087	struct stat s;	1090	struct stat s;
1088	if (stat("/usr/bin/xauth", &s) == -1) {	1091	if (stat("/usr/bin/xauth", &s) == -1) {
1089	fprintf(stderr, "Error: xauth utility not found in /usr/bin. Please install it:\n"	1092	fprintf(stderr, "Error: xauth utility not found in /usr/bin. Please install it:\n"
1090	" Debian/Ubuntu/Mint: sudo apt-get install xauth\n");	1093	" Debian/Ubuntu/Mint: sudo apt-get install xauth\n"
		1094	" Arch: sudo pacman -S xorg-xauth\n");
1091	exit(1);	1095	exit(1);
1092	}	1096	}
1093	if (s.st_uid != 0 && s.st_gid != 0) {	1097	if (s.st_uid != 0 && s.st_gid != 0) {
@@ -1128,8 +1132,14 @@ void x11_xorg(void) {
1128	#ifdef HAVE_GCOV	1132	#ifdef HAVE_GCOV
1129	__gcov_flush();	1133	__gcov_flush();
1130	#endif	1134	#endif
1131	execlp("/usr/bin/xauth", "/usr/bin/xauth", "-v", "-f", tmpfname,	1135	if (arg_debug) {
		1136	execlp("/usr/bin/xauth", "/usr/bin/xauth", "-v", "-f", tmpfname,
1132	"generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL);	1137	"generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL);
		1138	}
		1139	else {
		1140	execlp("/usr/bin/xauth", "/usr/bin/xauth", "-f", tmpfname,
		1141	"generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL);
		1142	}
1133		1143
1134	_exit(127);	1144	_exit(127);
1135	}	1145	}