diff options
author | netblue30 <netblue30@protonmail.com> | 2022-08-29 12:30:05 -0400 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2022-09-05 01:07:41 -0300 |
commit | 7bd03a67ba8e1c91b80dc3b6a80df71cdd822912 (patch) | |
tree | 86fe84d45a8da53f195e7147e78c6402ff6e0925 /src | |
parent | Revert "Merge pull request #5315 from ChrysoliteAzalea/landlock" (diff) | |
download | firejail-7bd03a67ba8e1c91b80dc3b6a80df71cdd822912.tar.gz firejail-7bd03a67ba8e1c91b80dc3b6a80df71cdd822912.tar.zst firejail-7bd03a67ba8e1c91b80dc3b6a80df71cdd822912.zip |
tracelog disabled by default in /etc/firejail/firejail.config file
Committer note: This is the same as commit 6e687c301 ("tracelog disabled
by default in /etc/firejail/firejail.config file", 2022-08-29) but
without the Landlock-related changes.
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/checkcfg.c | 2 | ||||
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/main.c | 11 | ||||
-rw-r--r-- | src/firejail/profile.c | 4 |
4 files changed, 14 insertions, 4 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index e2fab1265..62b8c4dc4 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -62,6 +62,7 @@ int checkcfg(int val) { | |||
62 | cfg_val[CFG_CHROOT] = 0; | 62 | cfg_val[CFG_CHROOT] = 0; |
63 | cfg_val[CFG_SECCOMP_LOG] = 0; | 63 | cfg_val[CFG_SECCOMP_LOG] = 0; |
64 | cfg_val[CFG_PRIVATE_LIB] = 0; | 64 | cfg_val[CFG_PRIVATE_LIB] = 0; |
65 | cfg_val[CFG_TRACELOG] = 0; | ||
65 | 66 | ||
66 | // open configuration file | 67 | // open configuration file |
67 | const char *fname = SYSCONFDIR "/firejail.config"; | 68 | const char *fname = SYSCONFDIR "/firejail.config"; |
@@ -111,6 +112,7 @@ int checkcfg(int val) { | |||
111 | PARSE_YESNO(CFG_SECCOMP, "seccomp") | 112 | PARSE_YESNO(CFG_SECCOMP, "seccomp") |
112 | PARSE_YESNO(CFG_NETWORK, "network") | 113 | PARSE_YESNO(CFG_NETWORK, "network") |
113 | PARSE_YESNO(CFG_RESTRICTED_NETWORK, "restricted-network") | 114 | PARSE_YESNO(CFG_RESTRICTED_NETWORK, "restricted-network") |
115 | PARSE_YESNO(CFG_TRACELOG, "tracelog") | ||
114 | PARSE_YESNO(CFG_XEPHYR_WINDOW_TITLE, "xephyr-window-title") | 116 | PARSE_YESNO(CFG_XEPHYR_WINDOW_TITLE, "xephyr-window-title") |
115 | PARSE_YESNO(CFG_OVERLAYFS, "overlayfs") | 117 | PARSE_YESNO(CFG_OVERLAYFS, "overlayfs") |
116 | PARSE_YESNO(CFG_PRIVATE_BIN, "private-bin") | 118 | PARSE_YESNO(CFG_PRIVATE_BIN, "private-bin") |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 0a4dffb75..94f970eb8 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -831,6 +831,7 @@ enum { | |||
831 | // CFG_FILE_COPY_LIMIT - file copy limit handled using setenv/getenv | 831 | // CFG_FILE_COPY_LIMIT - file copy limit handled using setenv/getenv |
832 | CFG_ALLOW_TRAY, | 832 | CFG_ALLOW_TRAY, |
833 | CFG_SECCOMP_LOG, | 833 | CFG_SECCOMP_LOG, |
834 | CFG_TRACELOG, | ||
834 | CFG_MAX // this should always be the last entry | 835 | CFG_MAX // this should always be the last entry |
835 | }; | 836 | }; |
836 | extern char *xephyr_screen; | 837 | extern char *xephyr_screen; |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 29c25dfc5..c7da3c95c 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -343,7 +343,8 @@ errout: | |||
343 | 343 | ||
344 | 344 | ||
345 | static void exit_err_feature(const char *feature) { | 345 | static void exit_err_feature(const char *feature) { |
346 | fprintf(stderr, "Error: %s feature is disabled in Firejail configuration file\n", feature); | 346 | fprintf(stderr, "Error: %s feature is disabled in Firejail configuration file %s\n", |
347 | feature, SYSCONFDIR "/firejail.config"); | ||
347 | exit(1); | 348 | exit(1); |
348 | } | 349 | } |
349 | 350 | ||
@@ -1489,8 +1490,12 @@ int main(int argc, char **argv, char **envp) { | |||
1489 | arg_tracefile = tmp; | 1490 | arg_tracefile = tmp; |
1490 | } | 1491 | } |
1491 | } | 1492 | } |
1492 | else if (strcmp(argv[i], "--tracelog") == 0) | 1493 | else if (strcmp(argv[i], "--tracelog") == 0) { |
1493 | arg_tracelog = 1; | 1494 | if (checkcfg(CFG_TRACELOG)) |
1495 | arg_tracelog = 1; | ||
1496 | else | ||
1497 | exit_err_feature("tracelog"); | ||
1498 | } | ||
1494 | else if (strncmp(argv[i], "--rlimit-cpu=", 13) == 0) { | 1499 | else if (strncmp(argv[i], "--rlimit-cpu=", 13) == 0) { |
1495 | check_unsigned(argv[i] + 13, "Error: invalid rlimit"); | 1500 | check_unsigned(argv[i] + 13, "Error: invalid rlimit"); |
1496 | sscanf(argv[i] + 13, "%llu", &cfg.rlimit_cpu); | 1501 | sscanf(argv[i] + 13, "%llu", &cfg.rlimit_cpu); |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index f406e2c53..641bb09b1 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -372,7 +372,9 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
372 | return 0; | 372 | return 0; |
373 | } | 373 | } |
374 | else if (strcmp(ptr, "tracelog") == 0) { | 374 | else if (strcmp(ptr, "tracelog") == 0) { |
375 | arg_tracelog = 1; | 375 | if (checkcfg(CFG_TRACELOG)) |
376 | arg_tracelog = 1; | ||
377 | // no warning, we have tracelog in over 400 profiles | ||
376 | return 0; | 378 | return 0; |
377 | } | 379 | } |
378 | else if (strcmp(ptr, "private") == 0) { | 380 | else if (strcmp(ptr, "private") == 0) { |