diff options
| author |  startx2017 <vradu.startx@yandex.com> | 2017-03-23 08:27:01 -0400 |
|---|---|---|
| committer | startx2017 <vradu.startx@yandex.com> | 2017-03-23 08:27:01 -0400 |
| commit | e9e41128ee63a9cb0b5da9f96299a9954fd0d72c (patch) | |
| tree | c7110d8b2bfdae237b39606e030859c18042dcce /src | |
| parent | merges (diff) | |
| download | firejail-e9e41128ee63a9cb0b5da9f96299a9954fd0d72c.tar.gz firejail-e9e41128ee63a9cb0b5da9f96299a9954fd0d72c.tar.zst firejail-e9e41128ee63a9cb0b5da9f96299a9954fd0d72c.zip | |
enable/disable join support in /etc/firejail/firejail.config
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/checkcfg.c | 9 | ||||
| -rw-r--r-- | src/firejail/firejail.h | 1 | ||||
| -rw-r--r-- | src/firejail/main.c | 34 |
3 files changed, 29 insertions, 15 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 476ecbe10..67bcd996a 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
| @@ -92,6 +92,15 @@ int checkcfg(int val) { | |||
| 92 | else | 92 | else |
| 93 | goto errout; | 93 | goto errout; |
| 94 | } | 94 | } |
| 95 | // join | ||
| 96 | else if (strncmp(ptr, "join ", 5) == 0) { | ||
| 97 | if (strcmp(ptr + 5, "yes") == 0) | ||
| 98 | cfg_val[CFG_JOIN] = 1; | ||
| 99 | else if (strcmp(ptr + 5, "no") == 0) | ||
| 100 | cfg_val[CFG_JOIN] = 0; | ||
| 101 | else | ||
| 102 | goto errout; | ||
| 103 | } | ||
| 95 | // x11 | 104 | // x11 |
| 96 | else if (strncmp(ptr, "x11 ", 4) == 0) { | 105 | else if (strncmp(ptr, "x11 ", 4) == 0) { |
| 97 | if (strcmp(ptr + 4, "yes") == 0) | 106 | if (strcmp(ptr + 4, "yes") == 0) |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index f85560588..dbb6c4d16 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
| @@ -686,6 +686,7 @@ enum { | |||
| 686 | CFG_FOLLOW_SYMLINK_PRIVATE_BIN, | 686 | CFG_FOLLOW_SYMLINK_PRIVATE_BIN, |
| 687 | CFG_DISABLE_MNT, | 687 | CFG_DISABLE_MNT, |
| 688 | CFG_CACHE_TMPFS, | 688 | CFG_CACHE_TMPFS, |
| 689 | CFG_JOIN, | ||
| 689 | CFG_MAX // this should always be the last entry | 690 | CFG_MAX // this should always be the last entry |
| 690 | }; | 691 | }; |
| 691 | extern char *xephyr_screen; | 692 | extern char *xephyr_screen; |
diff --git a/src/firejail/main.c b/src/firejail/main.c index db9a9c8cb..3dcc5c62d 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -615,23 +615,27 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
| 615 | } | 615 | } |
| 616 | #endif | 616 | #endif |
| 617 | else if (strncmp(argv[i], "--join=", 7) == 0) { | 617 | else if (strncmp(argv[i], "--join=", 7) == 0) { |
| 618 | logargs(argc, argv); | 618 | if (checkcfg(CFG_JOIN) || getuid() == 0) { |
| 619 | 619 | logargs(argc, argv); | |
| 620 | if (arg_shell_none) { | 620 | |
| 621 | if (argc <= (i+1)) { | 621 | if (arg_shell_none) { |
| 622 | fprintf(stderr, "Error: --shell=none set, but no command specified\n"); | 622 | if (argc <= (i+1)) { |
| 623 | exit(1); | 623 | fprintf(stderr, "Error: --shell=none set, but no command specified\n"); |
| 624 | exit(1); | ||
| 625 | } | ||
| 626 | cfg.original_program_index = i + 1; | ||
| 624 | } | 627 | } |
| 625 | cfg.original_program_index = i + 1; | 628 | |
| 629 | if (!cfg.shell && !arg_shell_none) | ||
| 630 | cfg.shell = guess_shell(); | ||
| 631 | |||
| 632 | // join sandbox by pid or by name | ||
| 633 | pid_t pid = read_pid(argv[i] + 7); | ||
| 634 | join(pid, argc, argv, i + 1); | ||
| 635 | exit(0); | ||
| 626 | } | 636 | } |
| 627 | 637 | else | |
| 628 | if (!cfg.shell && !arg_shell_none) | 638 | exit_err_feature("join"); |
| 629 | cfg.shell = guess_shell(); | ||
| 630 | |||
| 631 | // join sandbox by pid or by name | ||
| 632 | pid_t pid = read_pid(argv[i] + 7); | ||
| 633 | join(pid, argc, argv, i + 1); | ||
| 634 | exit(0); | ||
| 635 | 639 | ||
| 636 | } | 640 | } |
| 637 | else if (strncmp(argv[i], "--join-or-start=", 16) == 0) { | 641 | else if (strncmp(argv[i], "--join-or-start=", 16) == 0) { |