join-or-start option

author: Aleksey Manevich <manevich.aleksey@gmail.com> 2016-09-23 16:41:18 +0300
committer: Aleksey Manevich <manevich.aleksey@gmail.com> 2016-09-23 19:43:56 +0300
commit: 7d60b07d1515a2d7f3732f2620689000ed110535 (patch)
tree: d9a6beaa2fce334c477259dbd10e6722d7089316 /src
parent: add files to sandbox container (--put) (diff)
download: firejail-7d60b07d1515a2d7f3732f2620689000ed110535.tar.gz
firejail-7d60b07d1515a2d7f3732f2620689000ed110535.tar.zst
firejail-7d60b07d1515a2d7f3732f2620689000ed110535.zip
2 files changed, 59 insertions, 0 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 3afecbe62..03ffab788 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -634,6 +634,30 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                exit(0);
        }
+        else if (strncmp(argv[i], "--join-or-start=", 16) == 0) {
+                // NOTE: this is first part of option handler,
+                //               sandbox name is set in other part
+                logargs(argc, argv);
+                if (arg_shell_none) {
+                        if (argc <= (i+1)) {
+                                fprintf(stderr, "Error: --shell=none set, but no command specified\n");
+                                exit(1);
+                        }
+                        cfg.original_program_index = i + 1;
+                }
+                // try to join by name only
+                pid_t pid;
+                if (!name2pid(argv[i] + 16, &pid)) {
+                        if (!cfg.shell && !arg_shell_none)
+                                cfg.shell = guess_shell();
+                        join(pid, argc, argv, i + 1);
+                        exit(0);
+                }
+                // if there no such sandbox continue argument processing
+        }
 #ifdef HAVE_NETWORK     
        else if (strncmp(argv[i], "--join-network=", 15) == 0) {
                if (checkcfg(CFG_NETWORK)) {
@@ -2157,6 +2181,17 @@ int main(int argc, char **argv) {
                else if (strcmp(argv[i], "--x11=block") == 0) {
                        arg_x11_block = 1;
                }
+                else if (strncmp(argv[i], "--join-or-start=", 16) == 0) {
+                        // NOTE: this is second part of option handler,
+                        //               atempt to find and join sandbox is done in other one
+                        // set sandbox name and start normally
+                        cfg.name = argv[i] + 16;
+                        if (strlen(cfg.name) == 0) {
+                                fprintf(stderr, "Error: please provide a name for sandbox\n");
+                                return 1;
+                        }
+                }
                else if (strcmp(argv[i], "--") == 0) {
                        // double dash - positional params to follow
                        arg_doubledash = 1;
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 00301037f..73b655379 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -803,6 +803,30 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                return 0;               
        }
+        if (strncmp(ptr, "join-or-start ", 14) == 0) {
+                // try to join by name only
+                pid_t pid;
+                if (!name2pid(ptr + 14, &pid)) {
+                        if (!cfg.shell && !arg_shell_none)
+                                cfg.shell = guess_shell();
+                        // find first non-option arg
+                        int i;
+                        for (i = 1; i < cfg.original_argc && strncmp(cfg.original_argv[i], "--", 2) != 0; i++);
+                        join(pid, cfg.original_argc,cfg.original_argv, i + 1);
+                        exit(0);
+                }
+                // set sandbox name and start normally
+                cfg.name = ptr + 14;
+                if (strlen(cfg.name) == 0) {
+                        fprintf(stderr, "Error: invalid sandbox name\n");
+                        exit(1);
+                }
+                return 0;
+        }
        // rest of filesystem
        if (strncmp(ptr, "blacklist ", 10) == 0)
                ptr += 10;
author	Aleksey Manevich <manevich.aleksey@gmail.com>	2016-09-23 16:41:18 +0300
committer	Aleksey Manevich <manevich.aleksey@gmail.com>	2016-09-23 19:43:56 +0300
commit	7d60b07d1515a2d7f3732f2620689000ed110535 (patch)
tree	d9a6beaa2fce334c477259dbd10e6722d7089316 /src
parent	add files to sandbox container (--put) (diff)
download	firejail-7d60b07d1515a2d7f3732f2620689000ed110535.tar.gz firejail-7d60b07d1515a2d7f3732f2620689000ed110535.tar.zst firejail-7d60b07d1515a2d7f3732f2620689000ed110535.zip

diff --git a/src/firejail/main.c b/src/firejail/main.c index 3afecbe62..03ffab788 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -634,6 +634,30 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
634	exit(0);	634	exit(0);
635		635
636	}	636	}
		637	else if (strncmp(argv[i], "--join-or-start=", 16) == 0) {
		638	// NOTE: this is first part of option handler,
		639	// sandbox name is set in other part
		640	logargs(argc, argv);
		641
		642	if (arg_shell_none) {
		643	if (argc <= (i+1)) {
		644	fprintf(stderr, "Error: --shell=none set, but no command specified\n");
		645	exit(1);
		646	}
		647	cfg.original_program_index = i + 1;
		648	}
		649
		650	// try to join by name only
		651	pid_t pid;
		652	if (!name2pid(argv[i] + 16, &pid)) {
		653	if (!cfg.shell && !arg_shell_none)
		654	cfg.shell = guess_shell();
		655
		656	join(pid, argc, argv, i + 1);
		657	exit(0);
		658	}
		659	// if there no such sandbox continue argument processing
		660	}
637	#ifdef HAVE_NETWORK	661	#ifdef HAVE_NETWORK
638	else if (strncmp(argv[i], "--join-network=", 15) == 0) {	662	else if (strncmp(argv[i], "--join-network=", 15) == 0) {
639	if (checkcfg(CFG_NETWORK)) {	663	if (checkcfg(CFG_NETWORK)) {
@@ -2157,6 +2181,17 @@ int main(int argc, char **argv) {
2157	else if (strcmp(argv[i], "--x11=block") == 0) {	2181	else if (strcmp(argv[i], "--x11=block") == 0) {
2158	arg_x11_block = 1;	2182	arg_x11_block = 1;
2159	}	2183	}
		2184	else if (strncmp(argv[i], "--join-or-start=", 16) == 0) {
		2185	// NOTE: this is second part of option handler,
		2186	// atempt to find and join sandbox is done in other one
		2187
		2188	// set sandbox name and start normally
		2189	cfg.name = argv[i] + 16;
		2190	if (strlen(cfg.name) == 0) {
		2191	fprintf(stderr, "Error: please provide a name for sandbox\n");
		2192	return 1;
		2193	}
		2194	}
2160	else if (strcmp(argv[i], "--") == 0) {	2195	else if (strcmp(argv[i], "--") == 0) {
2161	// double dash - positional params to follow	2196	// double dash - positional params to follow
2162	arg_doubledash = 1;	2197	arg_doubledash = 1;


diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 00301037f..73b655379 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c
@@ -803,6 +803,30 @@ int profile_check_line(char ptr, int lineno, const char fname) {
803	return 0;	803	return 0;
804	}	804	}
805		805
		806	if (strncmp(ptr, "join-or-start ", 14) == 0) {
		807	// try to join by name only
		808	pid_t pid;
		809	if (!name2pid(ptr + 14, &pid)) {
		810	if (!cfg.shell && !arg_shell_none)
		811	cfg.shell = guess_shell();
		812
		813	// find first non-option arg
		814	int i;
		815	for (i = 1; i < cfg.original_argc && strncmp(cfg.original_argv[i], "--", 2) != 0; i++);
		816
		817	join(pid, cfg.original_argc,cfg.original_argv, i + 1);
		818	exit(0);
		819	}
		820
		821	// set sandbox name and start normally
		822	cfg.name = ptr + 14;
		823	if (strlen(cfg.name) == 0) {
		824	fprintf(stderr, "Error: invalid sandbox name\n");
		825	exit(1);
		826	}
		827	return 0;
		828	}
		829
806	// rest of filesystem	830	// rest of filesystem
807	if (strncmp(ptr, "blacklist ", 10) == 0)	831	if (strncmp(ptr, "blacklist ", 10) == 0)
808	ptr += 10;	832	ptr += 10;