diff options
| author |  netblue30 <netblue30@yahoo.com> | 2017-08-04 09:33:36 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2017-08-04 09:33:36 -0400 |
| commit | cafb5cfaa6ec36a6dc26d3cb699f25a1dac82a1f (patch) | |
| tree | 377d6eb937fc46c161cf945ac003d0761c4aaeb2 /src | |
| parent | private-lib: bringing in private-lib list from command line (diff) | |
| download | firejail-cafb5cfaa6ec36a6dc26d3cb699f25a1dac82a1f.tar.gz firejail-cafb5cfaa6ec36a6dc26d3cb699f25a1dac82a1f.tar.zst firejail-cafb5cfaa6ec36a6dc26d3cb699f25a1dac82a1f.zip | |
private-lib: support for /etc/firejail/firejail.config
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/checkcfg.c | 8 | ||||
| -rw-r--r-- | src/firejail/firejail.h | 1 | ||||
| -rw-r--r-- | src/firejail/main.c | 20 | ||||
| -rw-r--r-- | src/firejail/profile.c | 18 |
4 files changed, 32 insertions, 15 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 50a96fc7a..7f371b299 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
| @@ -324,6 +324,14 @@ int checkcfg(int val) { | |||
| 324 | else | 324 | else |
| 325 | goto errout; | 325 | goto errout; |
| 326 | } | 326 | } |
| 327 | else if (strncmp(ptr, "private-lib ", 12) == 0) { | ||
| 328 | if (strcmp(ptr + 12, "yes") == 0) | ||
| 329 | cfg_val[CFG_PRIVATE_LIB] = 1; | ||
| 330 | else if (strcmp(ptr + 12, "no") == 0) | ||
| 331 | cfg_val[CFG_PRIVATE_LIB] = 0; | ||
| 332 | else | ||
| 333 | goto errout; | ||
| 334 | } | ||
| 327 | else if (strncmp(ptr, "chroot-desktop ", 15) == 0) { | 335 | else if (strncmp(ptr, "chroot-desktop ", 15) == 0) { |
| 328 | if (strcmp(ptr + 15, "yes") == 0) | 336 | if (strcmp(ptr + 15, "yes") == 0) |
| 329 | cfg_val[CFG_CHROOT_DESKTOP] = 1; | 337 | cfg_val[CFG_CHROOT_DESKTOP] = 1; |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 19edb40a0..8e47a72d5 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
| @@ -708,6 +708,7 @@ enum { | |||
| 708 | CFG_JOIN, | 708 | CFG_JOIN, |
| 709 | CFG_ARP_PROBES, | 709 | CFG_ARP_PROBES, |
| 710 | CFG_XPRA_ATTACH, | 710 | CFG_XPRA_ATTACH, |
| 711 | CFG_PRIVATE_LIB, | ||
| 711 | CFG_MAX // this should always be the last entry | 712 | CFG_MAX // this should always be the last entry |
| 712 | }; | 713 | }; |
| 713 | extern char *xephyr_screen; | 714 | extern char *xephyr_screen; |
diff --git a/src/firejail/main.c b/src/firejail/main.c index ff57a5693..9cff080a0 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -1631,15 +1631,19 @@ int main(int argc, char **argv) { | |||
| 1631 | arg_private_bin = 1; | 1631 | arg_private_bin = 1; |
| 1632 | } | 1632 | } |
| 1633 | else if (strncmp(argv[i], "--private-lib", 13) == 0) { | 1633 | else if (strncmp(argv[i], "--private-lib", 13) == 0) { |
| 1634 | // extract private lib list (if any) | 1634 | if (checkcfg(CFG_PRIVATE_LIB)) { |
| 1635 | if (argv[i][13] == '=') { | 1635 | // extract private lib list (if any) |
| 1636 | if (cfg.lib_private_keep) { | 1636 | if (argv[i][13] == '=') { |
| 1637 | if (argv[i][14] != '\0' && asprintf(&cfg.lib_private_keep, "%s,%s", cfg.lib_private_keep, argv[i] + 14) < 0) | 1637 | if (cfg.lib_private_keep) { |
| 1638 | errExit("asprintf"); | 1638 | if (argv[i][14] != '\0' && asprintf(&cfg.lib_private_keep, "%s,%s", cfg.lib_private_keep, argv[i] + 14) < 0) |
| 1639 | } else | 1639 | errExit("asprintf"); |
| 1640 | cfg.lib_private_keep = argv[i] + 14; | 1640 | } else |
| 1641 | cfg.lib_private_keep = argv[i] + 14; | ||
| 1642 | } | ||
| 1643 | arg_private_lib = 1; | ||
| 1641 | } | 1644 | } |
| 1642 | arg_private_lib = 1; | 1645 | else |
| 1646 | exit_err_feature("private-lib"); | ||
| 1643 | } | 1647 | } |
| 1644 | else if (strcmp(argv[i], "--private-tmp") == 0) { | 1648 | else if (strcmp(argv[i], "--private-tmp") == 0) { |
| 1645 | arg_private_tmp = 1; | 1649 | arg_private_tmp = 1; |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 972f5932d..708251b0b 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -862,15 +862,19 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
| 862 | 862 | ||
| 863 | // private /lib list of files | 863 | // private /lib list of files |
| 864 | if (strncmp(ptr, "private-lib", 11) == 0) { | 864 | if (strncmp(ptr, "private-lib", 11) == 0) { |
| 865 | if (ptr[11] == ' ') { | 865 | if (checkcfg(CFG_PRIVATE_LIB)) { |
| 866 | if (cfg.lib_private_keep) { | 866 | if (ptr[11] == ' ') { |
| 867 | if (ptr[12] != '\0' && asprintf(&cfg.lib_private_keep, "%s,%s", cfg.lib_private_keep, ptr + 12) < 0) | 867 | if (cfg.lib_private_keep) { |
| 868 | errExit("asprintf"); | 868 | if (ptr[12] != '\0' && asprintf(&cfg.lib_private_keep, "%s,%s", cfg.lib_private_keep, ptr + 12) < 0) |
| 869 | } else { | 869 | errExit("asprintf"); |
| 870 | cfg.lib_private_keep = ptr + 12; | 870 | } else { |
| 871 | cfg.lib_private_keep = ptr + 12; | ||
| 872 | } | ||
| 871 | } | 873 | } |
| 874 | arg_private_lib = 1; | ||
| 872 | } | 875 | } |
| 873 | arg_private_lib = 1; | 876 | else |
| 877 | warning_feature_disabled("private-lib"); | ||
| 874 | return 0; | 878 | return 0; |
| 875 | } | 879 | } |
| 876 | 880 | ||