diff options
author | netblue30 <netblue30@yahoo.com> | 2016-11-30 12:59:48 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-11-30 12:59:48 -0500 |
commit | 7c1ed2fb0525cb1f1dcb5e08bf52756b7ac863ed (patch) | |
tree | 2891cf9b5fc96aac148306b672075847a9841198 /src | |
parent | profiles (diff) | |
download | firejail-7c1ed2fb0525cb1f1dcb5e08bf52756b7ac863ed.tar.gz firejail-7c1ed2fb0525cb1f1dcb5e08bf52756b7ac863ed.tar.zst firejail-7c1ed2fb0525cb1f1dcb5e08bf52756b7ac863ed.zip |
private-opt, private-srv
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/join.c | 33 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 12 | ||||
-rw-r--r-- | src/man/firejail.txt | 26 |
3 files changed, 39 insertions, 32 deletions
diff --git a/src/firejail/join.c b/src/firejail/join.c index 628002d35..bcf951f33 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c | |||
@@ -285,12 +285,6 @@ void join(pid_t pid, int argc, char **argv, int index) { | |||
285 | seccomp_load(RUN_SECCOMP_CFG); | 285 | seccomp_load(RUN_SECCOMP_CFG); |
286 | #endif | 286 | #endif |
287 | 287 | ||
288 | // fix qt 4.8 | ||
289 | if (setenv("QT_X11_NO_MITSHM", "1", 1) < 0) | ||
290 | errExit("setenv"); | ||
291 | if (setenv("container", "firejail", 1) < 0) // LXC sets container=lxc, | ||
292 | errExit("setenv"); | ||
293 | |||
294 | // mount user namespace or drop privileges | 288 | // mount user namespace or drop privileges |
295 | if (arg_noroot) { // not available for uid 0 | 289 | if (arg_noroot) { // not available for uid 0 |
296 | if (arg_debug) | 290 | if (arg_debug) |
@@ -307,14 +301,6 @@ void join(pid_t pid, int argc, char **argv, int index) { | |||
307 | drop_privs(arg_nogroups); // nogroups not available for uid 0 | 301 | drop_privs(arg_nogroups); // nogroups not available for uid 0 |
308 | 302 | ||
309 | 303 | ||
310 | // set prompt color to green | ||
311 | char *prompt = getenv("FIREJAIL_PROMPT"); | ||
312 | if (prompt && strcmp(prompt, "yes") == 0) { | ||
313 | //export PS1='\[\e[1;32m\][\u@\h \W]\$\[\e[0m\] ' | ||
314 | if (setenv("PROMPT_COMMAND", "export PS1=\"\\[\\e[1;32m\\][\\u@\\h \\W]\\$\\[\\e[0m\\] \"", 1) < 0) | ||
315 | errExit("setenv"); | ||
316 | } | ||
317 | |||
318 | // set nice | 304 | // set nice |
319 | if (arg_nice) { | 305 | if (arg_nice) { |
320 | errno = 0; | 306 | errno = 0; |
@@ -326,24 +312,9 @@ void join(pid_t pid, int argc, char **argv, int index) { | |||
326 | } | 312 | } |
327 | } | 313 | } |
328 | 314 | ||
329 | // run cmdline trough shell | 315 | env_defaults(); |
330 | if (cfg.command_line == NULL) { | 316 | if (cfg.command_line == NULL) { |
331 | // if the sandbox was started with --shell=none, it is possible we don't have a shell | 317 | assert(cfg.shell); |
332 | // inside the sandbox | ||
333 | if (cfg.shell == NULL) { | ||
334 | cfg.shell = guess_shell(); | ||
335 | if (!cfg.shell) { | ||
336 | fprintf(stderr, "Error: no POSIX shell found, please use --shell command line option\n"); | ||
337 | exit(1); | ||
338 | } | ||
339 | } | ||
340 | |||
341 | struct stat s; | ||
342 | if (stat(cfg.shell, &s) == -1) { | ||
343 | fprintf(stderr, "Error: %s shell not found inside the sandbox\n", cfg.shell); | ||
344 | exit(1); | ||
345 | } | ||
346 | |||
347 | cfg.command_line = cfg.shell; | 318 | cfg.command_line = cfg.shell; |
348 | cfg.window_title = cfg.shell; | 319 | cfg.window_title = cfg.shell; |
349 | } | 320 | } |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index d6113218c..007374c75 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -181,7 +181,7 @@ closed. | |||
181 | \fBprivate directory | 181 | \fBprivate directory |
182 | Use directory as user home. | 182 | Use directory as user home. |
183 | .TP | 183 | .TP |
184 | \f\private-home file,directory | 184 | \fBprivate-home file,directory |
185 | Build a new user home in a temporary | 185 | Build a new user home in a temporary |
186 | filesystem, and copy the files and directories in the list in the | 186 | filesystem, and copy the files and directories in the list in the |
187 | new home. All modifications are discarded when the sandbox is | 187 | new home. All modifications are discarded when the sandbox is |
@@ -199,6 +199,16 @@ Build a new /etc in a temporary | |||
199 | filesystem, and copy the files and directories in the list. | 199 | filesystem, and copy the files and directories in the list. |
200 | All modifications are discarded when the sandbox is closed. | 200 | All modifications are discarded when the sandbox is closed. |
201 | .TP | 201 | .TP |
202 | \fBprivate-opt file,directory | ||
203 | Build a new /optin a temporary | ||
204 | filesystem, and copy the files and directories in the list. | ||
205 | All modifications are discarded when the sandbox is closed. | ||
206 | .TP | ||
207 | \fBprivate-srv file,directory | ||
208 | Build a new /srv in a temporary | ||
209 | filesystem, and copy the files and directories in the list. | ||
210 | All modifications are discarded when the sandbox is closed. | ||
211 | .TP | ||
202 | \fBprivate-tmp | 212 | \fBprivate-tmp |
203 | Mount an empty temporary filesystem on top of /tmp directory whitelisting /tmp/.X11-unix. | 213 | Mount an empty temporary filesystem on top of /tmp directory whitelisting /tmp/.X11-unix. |
204 | .TP | 214 | .TP |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 8441f25d5..450f30c68 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1179,6 +1179,32 @@ $ firejail --private-etc=group,hostname,localtime, \\ | |||
1179 | nsswitch.conf,passwd,resolv.conf | 1179 | nsswitch.conf,passwd,resolv.conf |
1180 | 1180 | ||
1181 | .TP | 1181 | .TP |
1182 | \fB\-\-private-opt=file,directory | ||
1183 | Build a new /opt in a temporary | ||
1184 | filesystem, and copy the files and directories in the list. | ||
1185 | If no listed file is found, /opt directory will be empty. | ||
1186 | All modifications are discarded when the sandbox is closed. | ||
1187 | .br | ||
1188 | |||
1189 | .br | ||
1190 | Example: | ||
1191 | .br | ||
1192 | $ firejail --private-opt=firefox /opt/firefox/firefox | ||
1193 | |||
1194 | .TP | ||
1195 | \fB\-\-private-srv=file,directory | ||
1196 | Build a new /srv in a temporary | ||
1197 | filesystem, and copy the files and directories in the list. | ||
1198 | If no listed file is found, /srv directory will be empty. | ||
1199 | All modifications are discarded when the sandbox is closed. | ||
1200 | .br | ||
1201 | |||
1202 | .br | ||
1203 | Example: | ||
1204 | .br | ||
1205 | # firejail --private-srv=www /etc/init.d/apache2 start | ||
1206 | |||
1207 | .TP | ||
1182 | \fB\-\-private-tmp | 1208 | \fB\-\-private-tmp |
1183 | Mount an empty temporary filesystem on top of /tmp directory whitelisting /tmp/.X11-unix. | 1209 | Mount an empty temporary filesystem on top of /tmp directory whitelisting /tmp/.X11-unix. |
1184 | .br | 1210 | .br |