diff options
author | netblue30 <netblue30@protonmail.com> | 2023-12-04 09:11:45 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-12-04 09:11:45 -0500 |
commit | 9e7b1979cc30c939baeb54bf6ca501f8d09922b7 (patch) | |
tree | 4f8883e6090f04b824676bec16d4939a8098d021 /src | |
parent | Merge pull request #5876 from kmk3/firecfg-add-confdir-ignore (diff) | |
parent | feature: expand simple macros in more commands (diff) | |
download | firejail-9e7b1979cc30c939baeb54bf6ca501f8d09922b7.tar.gz firejail-9e7b1979cc30c939baeb54bf6ca501f8d09922b7.tar.zst firejail-9e7b1979cc30c939baeb54bf6ca501f8d09922b7.zip |
Merge pull request #6109 from kmk3/netfilter-expand-macros
feature: expand simple macros in more commands
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 40 | ||||
-rw-r--r-- | src/firejail/profile.c | 8 |
2 files changed, 6 insertions, 42 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 0c9c80137..0327f8bda 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1572,7 +1572,7 @@ int main(int argc, char **argv, char **envp) { | |||
1572 | arg_trace = 1; | 1572 | arg_trace = 1; |
1573 | else if (strncmp(argv[i], "--trace=", 8) == 0) { | 1573 | else if (strncmp(argv[i], "--trace=", 8) == 0) { |
1574 | arg_trace = 1; | 1574 | arg_trace = 1; |
1575 | arg_tracefile = argv[i] + 8; | 1575 | arg_tracefile = expand_macros(argv[i] + 8); |
1576 | if (*arg_tracefile == '\0') { | 1576 | if (*arg_tracefile == '\0') { |
1577 | fprintf(stderr, "Error: invalid trace option\n"); | 1577 | fprintf(stderr, "Error: invalid trace option\n"); |
1578 | exit(1); | 1578 | exit(1); |
@@ -1582,13 +1582,6 @@ int main(int argc, char **argv, char **envp) { | |||
1582 | fprintf(stderr, "Error: invalid file name %s\n", arg_tracefile); | 1582 | fprintf(stderr, "Error: invalid file name %s\n", arg_tracefile); |
1583 | exit(1); | 1583 | exit(1); |
1584 | } | 1584 | } |
1585 | // if the filename starts with ~, expand the home directory | ||
1586 | if (*arg_tracefile == '~') { | ||
1587 | char *tmp; | ||
1588 | if (asprintf(&tmp, "%s%s", cfg.homedir, arg_tracefile + 1) == -1) | ||
1589 | errExit("asprintf"); | ||
1590 | arg_tracefile = tmp; | ||
1591 | } | ||
1592 | } | 1585 | } |
1593 | else if (strcmp(argv[i], "--tracelog") == 0) { | 1586 | else if (strcmp(argv[i], "--tracelog") == 0) { |
1594 | if (checkcfg(CFG_TRACELOG)) | 1587 | if (checkcfg(CFG_TRACELOG)) |
@@ -1953,20 +1946,13 @@ int main(int argc, char **argv, char **envp) { | |||
1953 | } | 1946 | } |
1954 | 1947 | ||
1955 | // extract chroot dirname | 1948 | // extract chroot dirname |
1956 | cfg.chrootdir = argv[i] + 9; | 1949 | cfg.chrootdir = expand_macros(argv[i] + 9); |
1957 | if (*cfg.chrootdir == '\0') { | 1950 | if (*cfg.chrootdir == '\0') { |
1958 | fprintf(stderr, "Error: invalid chroot option\n"); | 1951 | fprintf(stderr, "Error: invalid chroot option\n"); |
1959 | exit(1); | 1952 | exit(1); |
1960 | } | 1953 | } |
1961 | invalid_filename(cfg.chrootdir, 0); // no globbing | 1954 | invalid_filename(cfg.chrootdir, 0); // no globbing |
1962 | 1955 | ||
1963 | // if the directory starts with ~, expand the home directory | ||
1964 | if (*cfg.chrootdir == '~') { | ||
1965 | char *tmp; | ||
1966 | if (asprintf(&tmp, "%s%s", cfg.homedir, cfg.chrootdir + 1) == -1) | ||
1967 | errExit("asprintf"); | ||
1968 | cfg.chrootdir = tmp; | ||
1969 | } | ||
1970 | // check chroot directory | 1956 | // check chroot directory |
1971 | fs_check_chroot_dir(); | 1957 | fs_check_chroot_dir(); |
1972 | } | 1958 | } |
@@ -2748,16 +2734,7 @@ int main(int argc, char **argv, char **envp) { | |||
2748 | else if (strncmp(argv[i], "--netfilter=", 12) == 0) { | 2734 | else if (strncmp(argv[i], "--netfilter=", 12) == 0) { |
2749 | if (checkcfg(CFG_NETWORK)) { | 2735 | if (checkcfg(CFG_NETWORK)) { |
2750 | arg_netfilter = 1; | 2736 | arg_netfilter = 1; |
2751 | arg_netfilter_file = argv[i] + 12; | 2737 | arg_netfilter_file = expand_macros(argv[i] + 12); |
2752 | |||
2753 | // expand tilde | ||
2754 | if (*arg_netfilter_file == '~') { | ||
2755 | char *tmp; | ||
2756 | if (asprintf(&tmp, "%s%s", cfg.homedir, arg_netfilter_file + 1) == -1) | ||
2757 | errExit("asprintf"); | ||
2758 | arg_netfilter_file = tmp; | ||
2759 | } | ||
2760 | |||
2761 | check_netfilter_file(arg_netfilter_file); | 2738 | check_netfilter_file(arg_netfilter_file); |
2762 | } | 2739 | } |
2763 | else | 2740 | else |
@@ -2767,16 +2744,7 @@ int main(int argc, char **argv, char **envp) { | |||
2767 | else if (strncmp(argv[i], "--netfilter6=", 13) == 0) { | 2744 | else if (strncmp(argv[i], "--netfilter6=", 13) == 0) { |
2768 | if (checkcfg(CFG_NETWORK)) { | 2745 | if (checkcfg(CFG_NETWORK)) { |
2769 | arg_netfilter6 = 1; | 2746 | arg_netfilter6 = 1; |
2770 | arg_netfilter6_file = argv[i] + 13; | 2747 | arg_netfilter6_file = expand_macros(argv[i] + 13); |
2771 | |||
2772 | // expand tilde | ||
2773 | if (*arg_netfilter6_file == '~') { | ||
2774 | char *tmp; | ||
2775 | if (asprintf(&tmp, "%s%s", cfg.homedir, arg_netfilter6_file + 1) == -1) | ||
2776 | errExit("asprintf"); | ||
2777 | arg_netfilter6_file = tmp; | ||
2778 | } | ||
2779 | |||
2780 | check_netfilter_file(arg_netfilter6_file); | 2748 | check_netfilter_file(arg_netfilter6_file); |
2781 | } | 2749 | } |
2782 | else | 2750 | else |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 8cc5c1166..0f60e9b7d 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -635,9 +635,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
635 | #ifdef HAVE_NETWORK | 635 | #ifdef HAVE_NETWORK |
636 | if (checkcfg(CFG_NETWORK)) { | 636 | if (checkcfg(CFG_NETWORK)) { |
637 | arg_netfilter = 1; | 637 | arg_netfilter = 1; |
638 | arg_netfilter_file = strdup(ptr + 10); | 638 | arg_netfilter_file = expand_macros(ptr + 10); |
639 | if (!arg_netfilter_file) | ||
640 | errExit("strdup"); | ||
641 | check_netfilter_file(arg_netfilter_file); | 639 | check_netfilter_file(arg_netfilter_file); |
642 | } | 640 | } |
643 | else | 641 | else |
@@ -649,9 +647,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
649 | #ifdef HAVE_NETWORK | 647 | #ifdef HAVE_NETWORK |
650 | if (checkcfg(CFG_NETWORK)) { | 648 | if (checkcfg(CFG_NETWORK)) { |
651 | arg_netfilter6 = 1; | 649 | arg_netfilter6 = 1; |
652 | arg_netfilter6_file = strdup(ptr + 11); | 650 | arg_netfilter6_file = expand_macros(ptr + 11); |
653 | if (!arg_netfilter6_file) | ||
654 | errExit("strdup"); | ||
655 | check_netfilter_file(arg_netfilter6_file); | 651 | check_netfilter_file(arg_netfilter6_file); |
656 | } | 652 | } |
657 | else | 653 | else |