phase1

author: netblue30 <netblue30@yahoo.com> 2018-07-27 20:09:51 -0400
committer: netblue30 <netblue30@yahoo.com> 2018-07-27 20:09:51 -0400
commit: 5e56fc265cd2068e375f1d5dd1cb601d5b8bac37 (patch)
tree: a8d2da5991f7569dd8a980f6ce941b1e6f8b2272 /src
parent: phase1 testing (diff)
download: firejail-5e56fc265cd2068e375f1d5dd1cb601d5b8bac37.tar.gz
firejail-5e56fc265cd2068e375f1d5dd1cb601d5b8bac37.tar.zst
firejail-5e56fc265cd2068e375f1d5dd1cb601d5b8bac37.zip
4 files changed, 6 insertions, 4 deletions
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c
index 8847e44e7..01350aa0e 100644
--- a/src/firejail/fs_etc.c
+++ b/src/firejail/fs_etc.c
@@ -74,6 +74,7 @@ void fs_machineid(void) {
        }
 }
+#ifndef LTS
 // return 0 if file not found, 1 if found
 static int check_dir_or_file(const char *fname) {
        assert(fname);
@@ -178,3 +179,4 @@ void fs_private_dir_list(const char *private_dir, const char *private_run_dir, c
        fmessage("Private %s installed in %0.2f ms\n", private_dir, timetrace_end());
 }
+#endif
diff --git a/src/firejail/main.c b/src/firejail/main.c
index ba5e8cdfd..04e057e28 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1623,6 +1623,7 @@ int main(int argc, char **argv) {
                else if (strcmp(argv[i], "--keep-dev-shm") == 0) {
                        arg_keep_dev_shm = 1;
                }
+#ifndef LTS
                else if (strncmp(argv[i], "--private-etc=", 14) == 0) {
                        if (arg_writable_etc) {
                                fprintf(stderr, "Error: --private-etc and --writable-etc are mutually exclusive\n");
@@ -1667,7 +1668,7 @@ int main(int argc, char **argv) {
                                cfg.srv_private_keep = argv[i] + 14;
                        arg_private_srv = 1;
                }
-#ifndef LTS
                else if (strncmp(argv[i], "--private-bin=", 14) == 0) {
                        // extract private bin list
                        if (*(argv[i] + 14) == '\0') {
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index c3ef2f2f5..057e3582f 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -878,7 +878,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 #endif
                return 0;
        }
-#endif //LTS
        // private /etc list of files and directories
        if (strncmp(ptr, "private-etc ", 12) == 0) {
                if (arg_writable_etc) {
@@ -952,7 +952,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                return 0;
        }
-#ifndef LTS
 #ifdef HAVE_OVERLAYFS
        if (strncmp(ptr, "overlay-named ", 14) == 0) {
                if (checkcfg(CFG_OVERLAYFS)) {
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 2e495a8a7..24daedeaa 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -797,6 +797,7 @@ int sandbox(void* sandbox_arg) {
        if (arg_private_dev)
                fs_private_dev();
+#ifndef LTS
        if (arg_private_etc) {
                if (cfg.chrootdir)
                        fwarning("private-etc feature is disabled in chroot\n");
@@ -830,7 +831,6 @@ int sandbox(void* sandbox_arg) {
                }
        }
-#ifndef LTS
        // private-bin is disabled for appimages
        if (arg_private_bin && !arg_appimage) {
                if (cfg.chrootdir)
author	netblue30 <netblue30@yahoo.com>	2018-07-27 20:09:51 -0400
committer	netblue30 <netblue30@yahoo.com>	2018-07-27 20:09:51 -0400
commit	5e56fc265cd2068e375f1d5dd1cb601d5b8bac37 (patch)
tree	a8d2da5991f7569dd8a980f6ce941b1e6f8b2272 /src
parent	phase1 testing (diff)
download	firejail-5e56fc265cd2068e375f1d5dd1cb601d5b8bac37.tar.gz firejail-5e56fc265cd2068e375f1d5dd1cb601d5b8bac37.tar.zst firejail-5e56fc265cd2068e375f1d5dd1cb601d5b8bac37.zip

diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index 8847e44e7..01350aa0e 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c
@@ -74,6 +74,7 @@ void fs_machineid(void) {
74	}	74	}
75	}	75	}
76		76
		77	#ifndef LTS
77	// return 0 if file not found, 1 if found	78	// return 0 if file not found, 1 if found
78	static int check_dir_or_file(const char *fname) {	79	static int check_dir_or_file(const char *fname) {
79	assert(fname);	80	assert(fname);
@@ -178,3 +179,4 @@ void fs_private_dir_list(const char private_dir, const char private_run_dir, c
178		179
179	fmessage("Private %s installed in %0.2f ms\n", private_dir, timetrace_end());	180	fmessage("Private %s installed in %0.2f ms\n", private_dir, timetrace_end());
180	}	181	}
		182	#endif


diff --git a/src/firejail/main.c b/src/firejail/main.c index ba5e8cdfd..04e057e28 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -1623,6 +1623,7 @@ int main(int argc, char **argv) {
1623	else if (strcmp(argv[i], "--keep-dev-shm") == 0) {	1623	else if (strcmp(argv[i], "--keep-dev-shm") == 0) {
1624	arg_keep_dev_shm = 1;	1624	arg_keep_dev_shm = 1;
1625	}	1625	}
		1626	#ifndef LTS
1626	else if (strncmp(argv[i], "--private-etc=", 14) == 0) {	1627	else if (strncmp(argv[i], "--private-etc=", 14) == 0) {
1627	if (arg_writable_etc) {	1628	if (arg_writable_etc) {
1628	fprintf(stderr, "Error: --private-etc and --writable-etc are mutually exclusive\n");	1629	fprintf(stderr, "Error: --private-etc and --writable-etc are mutually exclusive\n");
@@ -1667,7 +1668,7 @@ int main(int argc, char **argv) {
1667	cfg.srv_private_keep = argv[i] + 14;	1668	cfg.srv_private_keep = argv[i] + 14;
1668	arg_private_srv = 1;	1669	arg_private_srv = 1;
1669	}	1670	}
1670	#ifndef LTS	1671
1671	else if (strncmp(argv[i], "--private-bin=", 14) == 0) {	1672	else if (strncmp(argv[i], "--private-bin=", 14) == 0) {
1672	// extract private bin list	1673	// extract private bin list
1673	if (*(argv[i] + 14) == '\0') {	1674	if (*(argv[i] + 14) == '\0') {


diff --git a/src/firejail/profile.c b/src/firejail/profile.c index c3ef2f2f5..057e3582f 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c
@@ -878,7 +878,7 @@ int profile_check_line(char ptr, int lineno, const char fname) {
878	#endif	878	#endif
879	return 0;	879	return 0;
880	}	880	}
881	#endif //LTS	881
882	// private /etc list of files and directories	882	// private /etc list of files and directories
883	if (strncmp(ptr, "private-etc ", 12) == 0) {	883	if (strncmp(ptr, "private-etc ", 12) == 0) {
884	if (arg_writable_etc) {	884	if (arg_writable_etc) {
@@ -952,7 +952,6 @@ int profile_check_line(char ptr, int lineno, const char fname) {
952	return 0;	952	return 0;
953	}	953	}
954		954
955	#ifndef LTS
956	#ifdef HAVE_OVERLAYFS	955	#ifdef HAVE_OVERLAYFS
957	if (strncmp(ptr, "overlay-named ", 14) == 0) {	956	if (strncmp(ptr, "overlay-named ", 14) == 0) {
958	if (checkcfg(CFG_OVERLAYFS)) {	957	if (checkcfg(CFG_OVERLAYFS)) {


diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 2e495a8a7..24daedeaa 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c
@@ -797,6 +797,7 @@ int sandbox(void* sandbox_arg) {
797	if (arg_private_dev)	797	if (arg_private_dev)
798	fs_private_dev();	798	fs_private_dev();
799		799
		800	#ifndef LTS
800	if (arg_private_etc) {	801	if (arg_private_etc) {
801	if (cfg.chrootdir)	802	if (cfg.chrootdir)
802	fwarning("private-etc feature is disabled in chroot\n");	803	fwarning("private-etc feature is disabled in chroot\n");
@@ -830,7 +831,6 @@ int sandbox(void* sandbox_arg) {
830	}	831	}
831	}	832	}
832		833
833	#ifndef LTS
834	// private-bin is disabled for appimages	834	// private-bin is disabled for appimages
835	if (arg_private_bin && !arg_appimage) {	835	if (arg_private_bin && !arg_appimage) {
836	if (cfg.chrootdir)	836	if (cfg.chrootdir)