added --noblacklist option

author: netblue30 <netblue30@yahoo.com> 2015-11-10 08:36:52 -0500
committer: netblue30 <netblue30@yahoo.com> 2015-11-10 08:36:52 -0500
commit: 060697b6960c48060adb78bb073053ebc106ddc2 (patch)
tree: ccbc5f52bc16c2028ab25b6b856e71b4c535a499 /src
parent: added dnscrypt-proxy and unbound profiles (diff)
download: firejail-060697b6960c48060adb78bb073053ebc106ddc2.tar.gz
firejail-060697b6960c48060adb78bb073053ebc106ddc2.tar.zst
firejail-060697b6960c48060adb78bb073053ebc106ddc2.zip
3 files changed, 34 insertions, 0 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 729b1805e..7f6d3a1f8 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -636,6 +636,14 @@ int main(int argc, char **argv) {
                        profile_check_line(line, 0);    // will exit if something wrong
                        profile_add(line);
                }
+                else if (strncmp(argv[i], "--noblacklist=", 14) == 0) {
+                        char *line;
+                        if (asprintf(&line, "noblacklist %s", argv[i] + 14) == -1)
+                                errExit("asprintf");
+                        
+                        profile_check_line(line, 0);    // will exit if something wrong
+                        profile_add(line);
+                }
                else if (strncmp(argv[i], "--whitelist=", 12) == 0) {
                        char *line;
                        if (asprintf(&line, "whitelist %s", argv[i] + 12) == -1)
diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index 76c12ecc1..238205c04 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -140,6 +140,8 @@ void usage(void) {
        printf("\t--netstats - monitor network statistics for sandboxes creating a new\n");
        printf("\t\tnetwork namespace.\n\n");
+        printf("\t--noblacklist=dirname_or_filename - disable blacklist for directory\n");
+        printf("\t\tor file.\n\n");
        printf("\t--nogroups - disable supplementary groups. Without this option,\n");
        printf("\t\tsupplementary groups are enabled for the user starting the\n");
        printf("\t\tsandbox. For root user supplementary groups are always\n");
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 912a08580..2a0c9eb47 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -608,6 +608,30 @@ PID  User    RX(KB/s) TX(KB/s) Command
 .TP
+\fB\-\-noblacklist=dirname_or_filename
+Disable blacklist for this directory or file.
+.br
+.br
+Example:
+.br
+$ firejail
+.br
+$ nc dict.org 2628
+.br
+bash: /bin/nc: Permission denied
+.br
+$ exit
+.br
+.br
+$ firejail --noblacklist=/bin/nc
+.br
+$ nc dict.org 2628
+.br
+220 pan.alephnull.com dictd 1.12.1/rf on Linux 3.14-1-amd64
+.br
+.TP
 \fB\-\-nogroups
 Disable supplementary groups. Without this option, supplementary groups are enabled for the user starting the
 sandbox. For root user supplementary groups are always disabled.
author	netblue30 <netblue30@yahoo.com>	2015-11-10 08:36:52 -0500
committer	netblue30 <netblue30@yahoo.com>	2015-11-10 08:36:52 -0500
commit	060697b6960c48060adb78bb073053ebc106ddc2 (patch)
tree	ccbc5f52bc16c2028ab25b6b856e71b4c535a499 /src
parent	added dnscrypt-proxy and unbound profiles (diff)
download	firejail-060697b6960c48060adb78bb073053ebc106ddc2.tar.gz firejail-060697b6960c48060adb78bb073053ebc106ddc2.tar.zst firejail-060697b6960c48060adb78bb073053ebc106ddc2.zip

diff --git a/src/firejail/main.c b/src/firejail/main.c index 729b1805e..7f6d3a1f8 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -636,6 +636,14 @@ int main(int argc, char **argv) {
636	profile_check_line(line, 0); // will exit if something wrong	636	profile_check_line(line, 0); // will exit if something wrong
637	profile_add(line);	637	profile_add(line);
638	}	638	}
		639	else if (strncmp(argv[i], "--noblacklist=", 14) == 0) {
		640	char *line;
		641	if (asprintf(&line, "noblacklist %s", argv[i] + 14) == -1)
		642	errExit("asprintf");
		643
		644	profile_check_line(line, 0); // will exit if something wrong
		645	profile_add(line);
		646	}
639	else if (strncmp(argv[i], "--whitelist=", 12) == 0) {	647	else if (strncmp(argv[i], "--whitelist=", 12) == 0) {
640	char *line;	648	char *line;
641	if (asprintf(&line, "whitelist %s", argv[i] + 12) == -1)	649	if (asprintf(&line, "whitelist %s", argv[i] + 12) == -1)


diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 76c12ecc1..238205c04 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c
@@ -140,6 +140,8 @@ void usage(void) {
140		140
141	printf("\t--netstats - monitor network statistics for sandboxes creating a new\n");	141	printf("\t--netstats - monitor network statistics for sandboxes creating a new\n");
142	printf("\t\tnetwork namespace.\n\n");	142	printf("\t\tnetwork namespace.\n\n");
		143	printf("\t--noblacklist=dirname_or_filename - disable blacklist for directory\n");
		144	printf("\t\tor file.\n\n");
143	printf("\t--nogroups - disable supplementary groups. Without this option,\n");	145	printf("\t--nogroups - disable supplementary groups. Without this option,\n");
144	printf("\t\tsupplementary groups are enabled for the user starting the\n");	146	printf("\t\tsupplementary groups are enabled for the user starting the\n");
145	printf("\t\tsandbox. For root user supplementary groups are always\n");	147	printf("\t\tsandbox. For root user supplementary groups are always\n");


diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 912a08580..2a0c9eb47 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -608,6 +608,30 @@ PID User RX(KB/s) TX(KB/s) Command
608		608
609		609
610	.TP	610	.TP
		611	\fB\-\-noblacklist=dirname_or_filename
		612	Disable blacklist for this directory or file.
		613	.br
		614
		615	.br
		616	Example:
		617	.br
		618	$ firejail
		619	.br
		620	$ nc dict.org 2628
		621	.br
		622	bash: /bin/nc: Permission denied
		623	.br
		624	$ exit
		625	.br
		626
		627	.br
		628	$ firejail --noblacklist=/bin/nc
		629	.br
		630	$ nc dict.org 2628
		631	.br
		632	220 pan.alephnull.com dictd 1.12.1/rf on Linux 3.14-1-amd64
		633	.br
		634	.TP
611	\fB\-\-nogroups	635	\fB\-\-nogroups
612	Disable supplementary groups. Without this option, supplementary groups are enabled for the user starting the	636	Disable supplementary groups. Without this option, supplementary groups are enabled for the user starting the
613	sandbox. For root user supplementary groups are always disabled.	637	sandbox. For root user supplementary groups are always disabled.