diff options
author | netblue30 <netblue30@protonmail.com> | 2021-07-03 21:06:11 -0400 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2021-07-03 21:06:11 -0400 |
commit | 45f2ba544e9934b49e03b17c0a638dddc3a44734 (patch) | |
tree | e1ca4f572e8d976adc765ed0e5c4e9533c9747a7 /src | |
parent | deprecated --disable-whitelist at compile time (diff) | |
download | firejail-45f2ba544e9934b49e03b17c0a638dddc3a44734.tar.gz firejail-45f2ba544e9934b49e03b17c0a638dddc3a44734.tar.zst firejail-45f2ba544e9934b49e03b17c0a638dddc3a44734.zip |
allow/noallow/deny/nodeny aliases for whitelist/nowhitelist/blacklist/noblacklist
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 42 | ||||
-rw-r--r-- | src/firejail/profile.c | 31 |
2 files changed, 73 insertions, 0 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index cf3f8a82d..0b7f63a24 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1565,6 +1565,8 @@ int main(int argc, char **argv, char **envp) { | |||
1565 | profile_check_line(line, 0, NULL); // will exit if something wrong | 1565 | profile_check_line(line, 0, NULL); // will exit if something wrong |
1566 | profile_add(line); | 1566 | profile_add(line); |
1567 | } | 1567 | } |
1568 | |||
1569 | // blacklist/deny | ||
1568 | else if (strncmp(argv[i], "--blacklist=", 12) == 0) { | 1570 | else if (strncmp(argv[i], "--blacklist=", 12) == 0) { |
1569 | char *line; | 1571 | char *line; |
1570 | if (asprintf(&line, "blacklist %s", argv[i] + 12) == -1) | 1572 | if (asprintf(&line, "blacklist %s", argv[i] + 12) == -1) |
@@ -1573,6 +1575,14 @@ int main(int argc, char **argv, char **envp) { | |||
1573 | profile_check_line(line, 0, NULL); // will exit if something wrong | 1575 | profile_check_line(line, 0, NULL); // will exit if something wrong |
1574 | profile_add(line); | 1576 | profile_add(line); |
1575 | } | 1577 | } |
1578 | else if (strncmp(argv[i], "--deny=", 7) == 0) { | ||
1579 | char *line; | ||
1580 | if (asprintf(&line, "blacklist %s", argv[i] + 7) == -1) | ||
1581 | errExit("asprintf"); | ||
1582 | |||
1583 | profile_check_line(line, 0, NULL); // will exit if something wrong | ||
1584 | profile_add(line); | ||
1585 | } | ||
1576 | else if (strncmp(argv[i], "--noblacklist=", 14) == 0) { | 1586 | else if (strncmp(argv[i], "--noblacklist=", 14) == 0) { |
1577 | char *line; | 1587 | char *line; |
1578 | if (asprintf(&line, "noblacklist %s", argv[i] + 14) == -1) | 1588 | if (asprintf(&line, "noblacklist %s", argv[i] + 14) == -1) |
@@ -1581,6 +1591,16 @@ int main(int argc, char **argv, char **envp) { | |||
1581 | profile_check_line(line, 0, NULL); // will exit if something wrong | 1591 | profile_check_line(line, 0, NULL); // will exit if something wrong |
1582 | profile_add(line); | 1592 | profile_add(line); |
1583 | } | 1593 | } |
1594 | else if (strncmp(argv[i], "--nodeny=", 9) == 0) { | ||
1595 | char *line; | ||
1596 | if (asprintf(&line, "noblacklist %s", argv[i] + 9) == -1) | ||
1597 | errExit("asprintf"); | ||
1598 | |||
1599 | profile_check_line(line, 0, NULL); // will exit if something wrong | ||
1600 | profile_add(line); | ||
1601 | } | ||
1602 | |||
1603 | // whitelist | ||
1584 | else if (strncmp(argv[i], "--whitelist=", 12) == 0) { | 1604 | else if (strncmp(argv[i], "--whitelist=", 12) == 0) { |
1585 | if (checkcfg(CFG_WHITELIST)) { | 1605 | if (checkcfg(CFG_WHITELIST)) { |
1586 | char *line; | 1606 | char *line; |
@@ -1593,6 +1613,18 @@ int main(int argc, char **argv, char **envp) { | |||
1593 | else | 1613 | else |
1594 | exit_err_feature("whitelist"); | 1614 | exit_err_feature("whitelist"); |
1595 | } | 1615 | } |
1616 | else if (strncmp(argv[i], "--allow=", 8) == 0) { | ||
1617 | if (checkcfg(CFG_WHITELIST)) { | ||
1618 | char *line; | ||
1619 | if (asprintf(&line, "whitelist %s", argv[i] + 8) == -1) | ||
1620 | errExit("asprintf"); | ||
1621 | |||
1622 | profile_check_line(line, 0, NULL); // will exit if something wrong | ||
1623 | profile_add(line); | ||
1624 | } | ||
1625 | else | ||
1626 | exit_err_feature("whitelist"); | ||
1627 | } | ||
1596 | else if (strncmp(argv[i], "--nowhitelist=", 14) == 0) { | 1628 | else if (strncmp(argv[i], "--nowhitelist=", 14) == 0) { |
1597 | char *line; | 1629 | char *line; |
1598 | if (asprintf(&line, "nowhitelist %s", argv[i] + 14) == -1) | 1630 | if (asprintf(&line, "nowhitelist %s", argv[i] + 14) == -1) |
@@ -1601,6 +1633,16 @@ int main(int argc, char **argv, char **envp) { | |||
1601 | profile_check_line(line, 0, NULL); // will exit if something wrong | 1633 | profile_check_line(line, 0, NULL); // will exit if something wrong |
1602 | profile_add(line); | 1634 | profile_add(line); |
1603 | } | 1635 | } |
1636 | else if (strncmp(argv[i], "--noallow=", 10) == 0) { | ||
1637 | char *line; | ||
1638 | if (asprintf(&line, "nowhitelist %s", argv[i] + 10) == -1) | ||
1639 | errExit("asprintf"); | ||
1640 | |||
1641 | profile_check_line(line, 0, NULL); // will exit if something wrong | ||
1642 | profile_add(line); | ||
1643 | } | ||
1644 | |||
1645 | |||
1604 | else if (strncmp(argv[i], "--mkdir=", 8) == 0) { | 1646 | else if (strncmp(argv[i], "--mkdir=", 8) == 0) { |
1605 | char *line; | 1647 | char *line; |
1606 | if (asprintf(&line, "mkdir %s", argv[i] + 8) == -1) | 1648 | if (asprintf(&line, "mkdir %s", argv[i] + 8) == -1) |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 350122844..430187809 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -1746,6 +1746,37 @@ void profile_read(const char *fname) { | |||
1746 | continue; | 1746 | continue; |
1747 | } | 1747 | } |
1748 | 1748 | ||
1749 | // translate allow/deny to whitelist/blacklist | ||
1750 | if (strncmp(ptr, "allow ", 6) == 0) { | ||
1751 | char *tmp; | ||
1752 | if (asprintf(&tmp, "whitelist %s", ptr + 6) == -1) | ||
1753 | errExit("asprintf"); | ||
1754 | free(ptr); | ||
1755 | ptr = tmp; | ||
1756 | } | ||
1757 | else if (strncmp(ptr, "deny ", 5) == 0) { | ||
1758 | char *tmp; | ||
1759 | if (asprintf(&tmp, "blacklist %s", ptr + 5) == -1) | ||
1760 | errExit("asprintf"); | ||
1761 | free(ptr); | ||
1762 | ptr = tmp; | ||
1763 | } | ||
1764 | // translate noallow/nodeny to nowhitelist/noblacklist | ||
1765 | else if (strncmp(ptr, "noallow ", 8) == 0) { | ||
1766 | char *tmp; | ||
1767 | if (asprintf(&tmp, "nowhitelist %s", ptr + 8) == -1) | ||
1768 | errExit("asprintf"); | ||
1769 | free(ptr); | ||
1770 | ptr = tmp; | ||
1771 | } | ||
1772 | else if (strncmp(ptr, "nodeny ", 7) == 0) { | ||
1773 | char *tmp; | ||
1774 | if (asprintf(&tmp, "noblacklist %s", ptr + 7) == -1) | ||
1775 | errExit("asprintf"); | ||
1776 | free(ptr); | ||
1777 | ptr = tmp; | ||
1778 | } | ||
1779 | |||
1749 | // process quiet | 1780 | // process quiet |
1750 | // todo: a quiet in the profile file cannot be disabled by --ignore on command line | 1781 | // todo: a quiet in the profile file cannot be disabled by --ignore on command line |
1751 | if (strcmp(ptr, "quiet") == 0) { | 1782 | if (strcmp(ptr, "quiet") == 0) { |