diff options
author | netblue30 <netblue30@yahoo.com> | 2018-09-09 13:04:32 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-09-09 13:04:32 -0400 |
commit | 419d876d9fef926e183c0b3bc0961a9abe9e7ba5 (patch) | |
tree | 6efbebbfc552bb8651c98923c42ad00493544066 /src | |
parent | remove blacklist /usr/lib/llvm* in dusable-devel.inc - problems with hardware... (diff) | |
download | firejail-419d876d9fef926e183c0b3bc0961a9abe9e7ba5.tar.gz firejail-419d876d9fef926e183c0b3bc0961a9abe9e7ba5.tar.zst firejail-419d876d9fef926e183c0b3bc0961a9abe9e7ba5.zip |
support for firetunnel utility
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 26 | ||||
-rw-r--r-- | src/firejail/usage.c | 2 | ||||
-rw-r--r-- | src/man/firejail.txt | 20 |
3 files changed, 48 insertions, 0 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index fe9118580..da052320c 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1447,6 +1447,32 @@ int main(int argc, char **argv) { | |||
1447 | exit_err_feature("overlayfs"); | 1447 | exit_err_feature("overlayfs"); |
1448 | } | 1448 | } |
1449 | #endif | 1449 | #endif |
1450 | else if (strcmp(argv[i], "--tunnel") == 0) { | ||
1451 | // try to connect to the default client side of the tunnel | ||
1452 | // if this fails, try the default server side of the tunnel | ||
1453 | if (access("/run/firetunnel/ftc", R_OK) == 0) | ||
1454 | profile_read("/run/firetunnel/ftc"); | ||
1455 | else if (access("/run/firetunnel/fts", R_OK) == 0) | ||
1456 | profile_read("/run/firetunnel/fts"); | ||
1457 | else { | ||
1458 | fprintf(stderr, "Error: no default firetunnel found, please specify it using --tunnel=devname option\n"); | ||
1459 | exit(1); | ||
1460 | } | ||
1461 | } | ||
1462 | else if (strncmp(argv[i], "--tunnel=", 9) == 0) { | ||
1463 | char *fname; | ||
1464 | |||
1465 | if (asprintf(&fname, "/run/firetunnel/%s", argv[i] + 9) == -1) | ||
1466 | errExit("asprintf"); | ||
1467 | invalid_filename(fname, 0); // no globbing | ||
1468 | if (access(fname, R_OK) == 0) | ||
1469 | profile_read(fname); | ||
1470 | else { | ||
1471 | fprintf(stderr, "Error: tunnel not found\n"); | ||
1472 | exit(1); | ||
1473 | } | ||
1474 | } | ||
1475 | |||
1450 | else if (strncmp(argv[i], "--profile=", 10) == 0) { | 1476 | else if (strncmp(argv[i], "--profile=", 10) == 0) { |
1451 | // multiple profile files are allowed! | 1477 | // multiple profile files are allowed! |
1452 | 1478 | ||
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index c8866da3a..f54e6f744 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -214,6 +214,8 @@ static char *usage_str = | |||
214 | " --tracelog - add a syslog message for every access to files or\n" | 214 | " --tracelog - add a syslog message for every access to files or\n" |
215 | "\tdirectories blacklisted by the security profile.\n" | 215 | "\tdirectories blacklisted by the security profile.\n" |
216 | " --tree - print a tree of all sandboxed processes.\n" | 216 | " --tree - print a tree of all sandboxed processes.\n" |
217 | " --tunnel[=devname] - connect the sandbox to a tunnel created by\n" | ||
218 | "\tfiretunnel utility.\n" | ||
217 | " --version - print program version and exit.\n" | 219 | " --version - print program version and exit.\n" |
218 | #ifdef HAVE_NETWORK | 220 | #ifdef HAVE_NETWORK |
219 | " --veth-name=name - use this name for the interface connected to the bridge.\n" | 221 | " --veth-name=name - use this name for the interface connected to the bridge.\n" |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index c09684596..4d24bdd7e 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -2130,6 +2130,26 @@ $ firejail \-\-tree | |||
2130 | 11970:netblue:transmission-gtk | 2130 | 11970:netblue:transmission-gtk |
2131 | 2131 | ||
2132 | .TP | 2132 | .TP |
2133 | \fB\-\-tunnel[=devname] | ||
2134 | Connect the sandbox to a network overlay/VPN tunnel created by firetunnel utility. This options | ||
2135 | tries first the client side of the tunnel. If this fails, it tries the server side. If multiple tunnels are active, | ||
2136 | please specify the tunnel device using \-\-tunnel=devname. | ||
2137 | .br | ||
2138 | |||
2139 | .br | ||
2140 | The available tunnel devices are listed in /etc/firetunnel directory, one file for each device. | ||
2141 | The files are regular firejail profile files containing the network configuration, | ||
2142 | and are created and managed by firetunnel utility. | ||
2143 | By default ftc is the client-side device and fts is the server-side device. For more information | ||
2144 | please see man 1 firetunnel. | ||
2145 | .br | ||
2146 | |||
2147 | .br | ||
2148 | Example: | ||
2149 | .br | ||
2150 | $ firejail --tunnel firefox | ||
2151 | .br | ||
2152 | .TP | ||
2133 | \fB\-\-version | 2153 | \fB\-\-version |
2134 | Print program version and exit. | 2154 | Print program version and exit. |
2135 | .br | 2155 | .br |